Introduction
The IAM Identity Service API is used to manage service IDs, API key identities, trusted profiles, account security settings and to create IAM access tokens for a user or service ID.
With trusted profile templates and assignments you can centrally manage access for child accounts in your organization from the root enterprise account. Similarly with settings templates and assignments, you can centrally administer account security settings. For more information, see Working with template versions and Best practices for assigning access in an enterprise.
SDKs for Java, Node, Python, and Go are available to make it easier to programmatically access the API from your code. The client libraries that are provided by the SDKs implement best practices for using the API and reduce the amount of code that you need to write. The tab for each language includes code examples that demonstrate how to use the client libraries. For more information about using the SDKs, see the IBM Cloud SDK Common project on GitHub.
The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the IBM Cloud SDK Common project on GitHub.
The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the IBM Cloud SDK Common project on GitHub.
The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the IBM Cloud SDK Common project on GitHub.
The examples that are provided on this page demonstrate how to use IAM Identity Service For more information and detailed examples, check out the IBM Cloud SDK Common project on GitHub.
Installing the Java SDK
Maven
<dependency>
<groupId>com.ibm.cloud</groupId>
<artifactId>iam-identity</artifactId>
<version>{version}</version>
</dependency>
Gradle
compile 'com.ibm.cloud:iam-identity:{version}'
Replace {version}
in these examples with the release version.
View on GitHub
Installing the Go SDK
Go modules (recommended): Add the following import in your code, and then run go build
or go mod tidy
import (
"github.com/IBM/platform-services-go-sdk/iamidentityv1"
)
go get -u github.com/IBM/platform-services-go-sdk/iamidentityv1
View on GitHub
Installing the Node SDK
npm install @ibm-cloud/platform-services
View on GitHub
Installing the Python SDK
pip install --upgrade "ibm-platform-services"
View on GitHub
Endpoint URLs
The IAM Identity Services API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests.
https://iam.cloud.ibm.com
Virtual private cloud (VPC) based access requires a virtual private endpoint gateway (VPE gateway). For more information , see Creating an endpoint gateway.
- Private endpoint URL for VPC infrastructure:
https://private.iam.cloud.ibm.com
. VPE gateway creation is supported in following datacenters:- Dallas
- Washington
- Frankfurt
If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see Enabling VRF and service endpoints.
- Private endpoint URLs for classic infrastructure. Supported datacenters and urls:
- Dallas:
https://private.us-south.iam.cloud.ibm.com
- Washington DC:
https://private.us-east.iam.cloud.ibm.com
- Frankfurt DC:
https://private.eu-de.iam.cloud.ibm.com
- Dallas:
Example API request
curl -u "apikey:{apikey}" -X {request_method} "https://iam.cloud.ibm.com/{method_endpoint}"
Replace {apikey}
, {request_method}
, and {method_endpoint}
in this example with the values for your particular API call.
Authentication
Authorization to the Identity Services REST API is enforced by using an IBM Cloud Identity and Access Management (IAM) access token. The token is used to determine the actions that a user or service ID has access to when they use the API.
You can generate an access token by first creating an API key and then exchanging your API key for an IBM Cloud IAM token.
Don't have an API key? Try running ibmcloud oauth-tokens
in the IBM Cloud Shell to quickly generate a personal access token.
When you use the SDK, configure an IAM authenticator with the IAM API key. The authenticator automatically obtains the IAM access token for the API key and includes it with each request. You can construct an authenticator in either of two ways:
- Programmatically by constructing an IAM authenticator instance and supplying your IAM API key
- By defining the API key in external configuration properties and then using the SDK authenticator factory to construct an IAM authenticator that uses the configured IAM API key
In this example of using external configuration properties, an IAM authenticator instance is created with the configured API key, and then the service client is constructed with this authenticator instance and the configured service URL.
For more information, see the Authentication section of the IBM Cloud SDK Common documentation.
To call each method, you'll need to be assigned a role that includes the required IAM actions. Each method lists the associated action. For more information about IAM actions and how they map to roles, see IAM Identity service.
You authenticate to the API by using Cloud Identity and Access Management (IAM). You can pass either a bearer token in an authorization header or an API key.
The SDK provides initialization methods for each form of authentication.
- Use the API key to have the SDK manage the lifecycle of the access token. The SDK requests an access token, ensures that the access token is valid, includes the access token in each outgoing request, and refreshes it when it expires.
- Use the access token to manage the lifecycle yourself. Keep in mind that access tokens are valid for 1 hour, so you must refresh them regularly to maintain access.
For more information, see IAM authentication with the SDK.
For more information, see IAM authentication with the SDK.
For more information, see IAM authentication with the SDK.
For more information, see IAM authentication with the SDK.
To retrieve your access token:
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:apikey' --data-urlencode 'apikey=<API_KEY>'
Replace <API_KEY>
with your IAM API key.
Setting client options through external configuration
Example environment variables, where <SERVICE_URL>
is the endpoint URL and <API_KEY>
is your IAM API key
export IAM_IDENTITY_URL=<SERVICE_URL>
export IAM_IDENTITY_AUTHTYPE=iam
export IAM_IDENTITY_APIKEY=<API_KEY>
Example of constructing the service client
import {
"github.com/IBM/platform-services-go-sdk/iamidentityv1"
}
...
serviceClientOptions := &iamidentityv1.IamIdentityV1Options{}
serviceClient, err := iamidentityv1.NewIamIdentityV1UsingExternalConfig(serviceClientOptions)
Setting client options through external configuration
Example environment variables, where <SERVICE_URL>
is the endpoint URL and <API_KEY>
is your IAM API key
export IAM_IDENTITY_URL=<SERVICE_URL>
export IAM_IDENTITY_AUTHTYPE=iam
export IAM_IDENTITY_APIKEY=<API_KEY>
Example of constructing the service client
import com.ibm.cloud.platform_services.iam_identity.v1.IamIdentity;
...
IamIdentity serviceClient = IamIdentity.newInstance();
Setting client options through external configuration
Example environment variables, where <SERVICE_URL>
is the endpoint URL and <API_KEY>
is your IAM API key
export IAM_IDENTITY_URL=<SERVICE_URL>
export IAM_IDENTITY_AUTHTYPE=iam
export IAM_IDENTITY_APIKEY=<API_KEY>
Example of constructing the service client
const IamIdentityV1 = require('@ibm-cloud/platform-services/iam-identity/v1');
...
const serviceClient = IamIdentityV1.newInstance({});
Setting client options through external configuration
Example environment variables, where <SERVICE_URL>
is the endpoint URL and <API_KEY>
is your IAM API key
export IAM_IDENTITY_URL=<SERVICE_URL>
export IAM_IDENTITY_AUTHTYPE=iam
export IAM_IDENTITY_APIKEY=<API_KEY>
Example of constructing the service client
from ibm_platform_services import IamIdentityV1
...
service_client = IamIdentityV1.new_instance()
Auditing
You can monitor API activity within your account by using the IBM Cloud® Activity Tracker service. You can track when specific API methods are called by reviewing generated events in Activity Tracker.
If an event is tracked for a method, you can find it listed with the method. For more information about how to track IAM activity, see Auditing events for IAM.
Error handling
The IAM Token Service uses standard HTTP response codes to indicate whether a method completed successfully. A 200
response always indicates success. A 400
type response indicates that a parameter validation failed and can occur if required parameters are missing or if any parameter values are invalid. A 401
or 403
response indicates that the incoming request did not contain valid authentication information. A 500
type response indicates an internal server error that is seen in an unexpected error situation.
The Identity Services REST APIs return standard HTTP status codes to indicate the success or failure of a request. The format of the response is represented in JSON as follows:
{
"trace": "9daee671-916a-4678-850b-10b911f0236d",
"errors": [
{
"code": "invalid_access_token",
"message": "The provided access token provided is invalid."
}
]
"status_code": 401
}
If an operation cannot be fulfilled, an appropriate 400 or 500 series HTTP response is returned from the server. The operations that are defined in the Reference
section describe example errors that might be returned from a failed request. All responses from the Identity Services REST API are in JSON format.
The following table show the potential error codes the API might return.
HTTP Error Code | Description | Recovery |
---|---|---|
200 |
Success | The request was successful. |
201 |
Created | The resource was successfully created. |
204 |
No Content | The request was successful. No response body is provided. |
400 |
Bad Request | The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request. |
401 |
Unauthorized | You are not authorized to make this request. The token is either missing or expired. Get a new valid token and try again. |
403 |
Forbidden | The supplied authentication is not authorized to perform the operation. If this error persists, contact the account owner to check your permissions. |
404 |
Not Found | The requested resource can't be found. |
409 |
Conflict | The entity is already in the requested state. |
429 |
Too Many Requests | Too many requests have been made within a time window. Wait before calling the API again. |
500 |
Internal error | Error that is seen in an unexpected error situation. |
Additional headers
Some additional headers might be required to make successful requests to the API. Those additional headers are:
An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services using one identifier. The header key must be set to Transaction-Id
and the value is anything that you choose.
If there is not a transaction ID that is passed in, then one is generated randomly.
Methods
Get API keys for a given service or user IAM ID and account ID
Returns the list of API key details for a given service or user IAM ID and account ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the list of API key details for a given service or user IAM ID and account ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the list of API key details for a given service or user IAM ID and account ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the list of API key details for a given service or user IAM ID and account ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the list of API key details for a given service or user IAM ID and account ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
GET /v1/apikeys
(iamIdentity *IamIdentityV1) ListAPIKeys(listAPIKeysOptions *ListAPIKeysOptions) (result *APIKeyList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListAPIKeysWithContext(ctx context.Context, listAPIKeysOptions *ListAPIKeysOptions) (result *APIKeyList, response *core.DetailedResponse, err error)
ServiceCall<ApiKeyList> listApiKeys(ListApiKeysOptions listApiKeysOptions)
listApiKeys(params)
list_api_keys(
self,
*,
account_id: Optional[str] = None,
iam_id: Optional[str] = None,
pagesize: Optional[int] = None,
pagetoken: Optional[str] = None,
scope: Optional[str] = None,
type: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListAPIKeysOptions
struct and set the fields to provide parameter values for the ListAPIKeys
method.
Use the ListApiKeysOptions.Builder
to create a ListApiKeysOptions
object that contains the parameter values for the listApiKeys
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID of the API keys to query. If a service IAM ID is specified in iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the account of the Authorization token.
IAM ID of the API keys to be queried. The IAM ID may be that of a user or a service. For a user IAM ID iam_id must match the Authorization token.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional parameter to define the scope of the queried API keys. Can be 'entity' (default) or 'account'.
Allowable values: [
entity
,account
]Default:
entity
Optional parameter to filter the type of the queried API keys. Can be 'user' or 'serviceid'.
Allowable values: [
user
,serviceid
]Optional sort property, valid values are name, description, created_at and created_by. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListAPIKeys options.
Account ID of the API keys to query. If a service IAM ID is specified in iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the account of the Authorization token.
IAM ID of the API keys to be queried. The IAM ID may be that of a user or a service. For a user IAM ID iam_id must match the Authorization token.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional parameter to define the scope of the queried API keys. Can be 'entity' (default) or 'account'.
Allowable values: [
entity
,account
]Default:
entity
Optional parameter to filter the type of the queried API keys. Can be 'user' or 'serviceid'.
Allowable values: [
user
,serviceid
]Optional sort property, valid values are name, description, created_at and created_by. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listApiKeys options.
Account ID of the API keys to query. If a service IAM ID is specified in iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the account of the Authorization token.
IAM ID of the API keys to be queried. The IAM ID may be that of a user or a service. For a user IAM ID iam_id must match the Authorization token.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional parameter to define the scope of the queried API keys. Can be 'entity' (default) or 'account'.
Allowable values: [
entity
,account
]Default:
entity
Optional parameter to filter the type of the queried API keys. Can be 'user' or 'serviceid'.
Allowable values: [
user
,serviceid
]Optional sort property, valid values are name, description, created_at and created_by. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the API keys to query. If a service IAM ID is specified in iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the account of the Authorization token.
IAM ID of the API keys to be queried. The IAM ID may be that of a user or a service. For a user IAM ID iam_id must match the Authorization token.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional parameter to define the scope of the queried API keys. Can be 'entity' (default) or 'account'.
Allowable values: [
entity
,account
]Default:
entity
Optional parameter to filter the type of the queried API keys. Can be 'user' or 'serviceid'.
Allowable values: [
user
,serviceid
]Optional sort property, valid values are name, description, created_at and created_by. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the API keys to query. If a service IAM ID is specified in iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the account of the Authorization token.
IAM ID of the API keys to be queried. The IAM ID may be that of a user or a service. For a user IAM ID iam_id must match the Authorization token.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional parameter to define the scope of the queried API keys. Can be 'entity' (default) or 'account'.
Allowable values: [
entity
,account
]Default:
entity
Optional parameter to filter the type of the queried API keys. Can be 'user' or 'serviceid'.
Allowable values: [
user
,serviceid
]Optional sort property, valid values are name, description, created_at and created_by. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/apikeys?account_id=ACCOUNT_ID&iam_id=IBMid-123WEREW" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
listAPIKeysOptions := iamIdentityService.NewListAPIKeysOptions() listAPIKeysOptions.SetAccountID(accountID) listAPIKeysOptions.SetIamID(iamID) listAPIKeysOptions.SetIncludeHistory(true) apiKeyList, response, err := iamIdentityService.ListAPIKeys(listAPIKeysOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(apiKeyList, "", " ") fmt.Println(string(b))
ListApiKeysOptions listApiKeysOptions = new ListApiKeysOptions.Builder() .accountId(accountId) .iamId(iamId) .includeHistory(true) .build(); Response<ApiKeyList> response = service.listApiKeys(listApiKeysOptions).execute(); ApiKeyList apiKeyList = response.getResult(); System.out.println(apiKeyList);
const params = { accountId: accountId, iamId: iamId, includeHistory: true, }; try { const res = await iamIdentityService.listApiKeys(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
api_key_list = iam_identity_service.list_api_keys( account_id=account_id, iam_id=iam_id, include_history=True ).get_result() print(json.dumps(api_key_list, indent=2))
Response
Response body format for the List API keys V1 REST request.
List of API keys based on the query paramters and the page size. The apikeys array is always part of the response but might be empty depending on the query parameters values provided.
Context with key properties for problem determination.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Response body format for the List API keys V1 REST request.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of API keys based on the query paramters and the page size. The apikeys array is always part of the response but might be empty depending on the query parameters values provided.
- Apikeys
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the List API keys V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of API keys based on the query paramters and the page size. The apikeys array is always part of the response but might be empty depending on the query parameters values provided.
- apikeys
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the List API keys V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of API keys based on the query paramters and the page size. The apikeys array is always part of the response but might be empty depending on the query parameters values provided.
- apikeys
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the List API keys V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of API keys based on the query paramters and the page size. The apikeys array is always part of the response but might be empty depending on the query parameters values provided.
- apikeys
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful operation.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
User iam_id or account_id does not match Authorization token, service ID of the IAM ID not found.
Internal Server error.
{ "limit": 1, "first": "https://iam.cloud.ibm.com/v1/apikeys?pagetoken=PageToken", "next": "https://iam.cloud.ibm.com/v1/apikeys?pagetoken=PageToken", "apikeys": { "id": "ApiKey-fffc06c0-f3fd-49e5-82b5-b9dec9a3c47c", "entity_tag": "3-5c26819c7a9df67ac5d51c5761e1ac8a", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-fffc06c0-f3fd-49e5-82b5-b9dec9a3c47c", "locked": false, "disabled": false, "created_at": "2020-09-28T17:49+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-09-28T17:49+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikeyNew", "description": "test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" } }
{ "limit": 1, "first": "https://iam.cloud.ibm.com/v1/apikeys?pagetoken=PageToken", "next": "https://iam.cloud.ibm.com/v1/apikeys?pagetoken=PageToken", "apikeys": { "id": "ApiKey-fffc06c0-f3fd-49e5-82b5-b9dec9a3c47c", "entity_tag": "3-5c26819c7a9df67ac5d51c5761e1ac8a", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-fffc06c0-f3fd-49e5-82b5-b9dec9a3c47c", "locked": false, "disabled": false, "created_at": "2020-09-28T17:49+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-09-28T17:49+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikeyNew", "description": "test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" } }
Create an API key
Creates an API key for a UserID or service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates an API key for a UserID or service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates an API key for a UserID or service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates an API key for a UserID or service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates an API key for a UserID or service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
POST /v1/apikeys
(iamIdentity *IamIdentityV1) CreateAPIKey(createAPIKeyOptions *CreateAPIKeyOptions) (result *APIKey, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateAPIKeyWithContext(ctx context.Context, createAPIKeyOptions *CreateAPIKeyOptions) (result *APIKey, response *core.DetailedResponse, err error)
ServiceCall<ApiKey> createApiKey(CreateApiKeyOptions createApiKeyOptions)
createApiKey(params)
create_api_key(
self,
name: str,
iam_id: str,
*,
description: Optional[str] = None,
account_id: Optional[str] = None,
apikey: Optional[str] = None,
store_value: Optional[bool] = None,
support_sessions: Optional[bool] = None,
action_when_leaked: Optional[str] = None,
entity_lock: Optional[str] = None,
entity_disable: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateAPIKeyOptions
struct and set the fields to provide parameter values for the CreateAPIKey
method.
Use the CreateApiKeyOptions.Builder
to create a CreateApiKeyOptions
object that contains the parameter values for the createApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Indicates if the API key is locked for further write operations. False by default.
Default:
false
Indicates if the API key is disabled. False by default.
Default:
false
Request to create an API key.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The account ID of the API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateAPIKey options.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The account ID of the API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
Indicates if the API key is locked for further write operations. False by default.
Default:
false
Indicates if the API key is disabled. False by default.
Default:
false
The createApiKey options.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The account ID of the API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
Indicates if the API key is locked for further write operations. False by default.
Default:
false
Indicates if the API key is disabled. False by default.
Default:
false
parameters
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The account ID of the API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
Indicates if the API key is locked for further write operations. False by default.
Default:
false
Indicates if the API key is disabled. False by default.
Default:
false
parameters
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The account ID of the API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
Indicates if the API key is locked for further write operations. False by default.
Default:
false
Indicates if the API key is disabled. False by default.
Default:
false
curl -X POST "https://iam.cloud.ibm.com/v1/apikeys" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --data '{ "name": "My-apikey", "description": "my personal key", "iam_id": "IBMid-123WEREW", "account_id": "ACCOUNT_ID", "store_value": false }'
createAPIKeyOptions := iamIdentityService.NewCreateAPIKeyOptions(apikeyName, iamID) createAPIKeyOptions.SetDescription("Example ApiKey") apiKey, response, err := iamIdentityService.CreateAPIKey(createAPIKeyOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(apiKey, "", " ") fmt.Println(string(b)) apikeyID = *apiKey.ID
CreateApiKeyOptions createApiKeyOptions = new CreateApiKeyOptions.Builder() .name(apiKeyName) .iamId(iamId) .description("Example ApiKey") .build(); Response<ApiKey> response = service.createApiKey(createApiKeyOptions).execute(); ApiKey apiKey = response.getResult(); apikeyId = apiKey.getId(); System.out.println(apiKey);
const params = { name: apikeyName, iamId: iamId, description: 'Example ApiKey', }; try { const res = await iamIdentityService.createApiKey(params); apikeyId = res.result.id console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
api_key = iam_identity_service.create_api_key(name=apikey_name, iam_id=iam_id).get_result() print(json.dumps(api_key, indent=2))
Response
Response body format for API key V1 REST requests.
Unique identifier of this API Key.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'
The API key cannot be changed if set to true.
IAM ID of the user or service which created the API key.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
Context with key properties for problem determination.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
History of the API key.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
API key successfully created. Response if the Object could be created in the persistence layer.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Create Conflict - API key could not be created. Response if the Object could not be created in the persistence layer.
Internal Server error. Response if unexpected error situation. happened.
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "1-b4053b5d441613fdad4ff3c28db3e7cc", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T12:28+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikey-test", "description": "apikey-test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz", "apikey": "created_apikey" }
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "1-b4053b5d441613fdad4ff3c28db3e7cc", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T12:28+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikey-test", "description": "apikey-test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz", "apikey": "created_apikey" }
Get details of an API key by its value.
Returns the details of an API key by its value. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key by its value. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key by its value. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key by its value. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key by its value. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
GET /v1/apikeys/details
(iamIdentity *IamIdentityV1) GetAPIKeysDetails(getAPIKeysDetailsOptions *GetAPIKeysDetailsOptions) (result *APIKey, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetAPIKeysDetailsWithContext(ctx context.Context, getAPIKeysDetailsOptions *GetAPIKeysDetailsOptions) (result *APIKey, response *core.DetailedResponse, err error)
ServiceCall<ApiKey> getApiKeysDetails(GetApiKeysDetailsOptions getApiKeysDetailsOptions)
getApiKeysDetails(params)
get_api_keys_details(
self,
*,
iam_api_key: Optional[str] = None,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetAPIKeysDetailsOptions
struct and set the fields to provide parameter values for the GetAPIKeysDetails
method.
Use the GetApiKeysDetailsOptions.Builder
to create a GetApiKeysDetailsOptions
object that contains the parameter values for the getApiKeysDetails
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
API key value.
Query Parameters
Defines if the entity history is included in the response.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetAPIKeysDetails options.
API key value.
Defines if the entity history is included in the response.
Default:
false
The getApiKeysDetails options.
API key value.
Defines if the entity history is included in the response.
Default:
false
parameters
API key value.
Defines if the entity history is included in the response.
Default:
false
parameters
API key value.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/apikeys/details" --header "Authorization: Bearer $TOKEN" --header "IAM-Apikey: APIKEY_VALUE" --header "Content-Type: application/json"
getAPIKeysDetailsOptions := iamIdentityService.NewGetAPIKeysDetailsOptions() getAPIKeysDetailsOptions.SetIamAPIKey(iamAPIKey) getAPIKeysDetailsOptions.SetIncludeHistory(false) apiKey, response, err := iamIdentityService.GetAPIKeysDetails(getAPIKeysDetailsOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(apiKey, "", " ") fmt.Println(string(b))
GetApiKeysDetailsOptions getApiKeysDetailsOptions = new GetApiKeysDetailsOptions.Builder() .iamApiKey(iamApiKey) .includeHistory(false) .build(); Response<ApiKey> response = service.getApiKeysDetails(getApiKeysDetailsOptions).execute(); ApiKey apiKey = response.getResult(); System.out.println(apiKey);
const params = { iamApiKey: iamApikey, includeHistory: false, }; try { const res = await iamIdentityService.getApiKeysDetails(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
api_key = iam_identity_service.get_api_keys_details(iam_api_key=apikey).get_result() print(json.dumps(api_key, indent=2))
Response
Response body format for API key V1 REST requests.
Unique identifier of this API Key.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'
The API key cannot be changed if set to true.
IAM ID of the user or service which created the API key.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
Context with key properties for problem determination.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
History of the API key.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful Get of API key details.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key not found.
Internal Server error.
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "1-b4053b5d441613fdad4ff3c28db3e7cc", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T12:28+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikey-test", "description": "apikey-test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" }
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "1-b4053b5d441613fdad4ff3c28db3e7cc", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T12:28+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikey-test", "description": "apikey-test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" }
Get details of an API key
Returns the details of an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Returns the details of an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
GET /v1/apikeys/{id}
(iamIdentity *IamIdentityV1) GetAPIKey(getAPIKeyOptions *GetAPIKeyOptions) (result *APIKey, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetAPIKeyWithContext(ctx context.Context, getAPIKeyOptions *GetAPIKeyOptions) (result *APIKey, response *core.DetailedResponse, err error)
ServiceCall<ApiKey> getApiKey(GetApiKeyOptions getApiKeyOptions)
getApiKey(params)
get_api_key(
self,
id: str,
*,
include_history: Optional[bool] = None,
include_activity: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetAPIKeyOptions
struct and set the fields to provide parameter values for the GetAPIKey
method.
Use the GetApiKeyOptions.Builder
to create a GetApiKeyOptions
object that contains the parameter values for the getApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key.
Query Parameters
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetAPIKey options.
Unique ID of the API key.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
The getApiKey options.
Unique ID of the API key.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
parameters
Unique ID of the API key.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
parameters
Unique ID of the API key.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getAPIKeyOptions := iamIdentityService.NewGetAPIKeyOptions(apikeyID) getAPIKeyOptions.SetIncludeHistory(false) getAPIKeyOptions.SetIncludeActivity(false) apiKey, response, err := iamIdentityService.GetAPIKey(getAPIKeyOptions) if err != nil { panic(err) } apikeyEtag = response.GetHeaders().Get("Etag") b, _ := json.MarshalIndent(apiKey, "", " ") fmt.Println(string(b))
GetApiKeyOptions getApiKeyOptions = new GetApiKeyOptions.Builder() .id(apikeyId) .includeHistory(true) .includeActivity(true) .build(); Response<ApiKey> response = service.getApiKey(getApiKeyOptions).execute(); ApiKey apiKey = response.getResult(); apikeyEtag = response.getHeaders().values("Etag").get(0); System.out.println(apiKey);
const params = { id: apikeyId, includeActivity: true, }; try { const res = await iamIdentityService.getApiKey(params); apikeyEtag = res.headers['etag']; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_api_key( id=apikey_id, include_activity=True, ) api_key = response.get_result() print(json.dumps(api_key, indent=2))
Response
Response body format for API key V1 REST requests.
Unique identifier of this API Key.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'
The API key cannot be changed if set to true.
IAM ID of the user or service which created the API key.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
Context with key properties for problem determination.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
History of the API key.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful Get of API key.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with provided ID not found.
Internal Server error.
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "1-b4053b5d441613fdad4ff3c28db3e7cc", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T12:28+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikey-test", "description": "apikey-test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" }
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "1-b4053b5d441613fdad4ff3c28db3e7cc", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T12:28+0000", "support_sessions": false, "action_when_leaked": "none", "name": "apikey-test", "description": "apikey-test", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" }
Updates an API key
Updates properties of an API key. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update an API key, pass the property to be modified. To delete one property's value, pass the property with an empty value "". Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Updates properties of an API key. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update an API key, pass the property to be modified. To delete one property's value, pass the property with an empty value "". Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Updates properties of an API key. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update an API key, pass the property to be modified. To delete one property's value, pass the property with an empty value "". Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Updates properties of an API key. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update an API key, pass the property to be modified. To delete one property's value, pass the property with an empty value "". Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Updates properties of an API key. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update an API key, pass the property to be modified. To delete one property's value, pass the property with an empty value "". Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
PUT /v1/apikeys/{id}
(iamIdentity *IamIdentityV1) UpdateAPIKey(updateAPIKeyOptions *UpdateAPIKeyOptions) (result *APIKey, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateAPIKeyWithContext(ctx context.Context, updateAPIKeyOptions *UpdateAPIKeyOptions) (result *APIKey, response *core.DetailedResponse, err error)
ServiceCall<ApiKey> updateApiKey(UpdateApiKeyOptions updateApiKeyOptions)
updateApiKey(params)
update_api_key(
self,
id: str,
if_match: str,
*,
name: Optional[str] = None,
description: Optional[str] = None,
support_sessions: Optional[bool] = None,
action_when_leaked: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateAPIKeyOptions
struct and set the fields to provide parameter values for the UpdateAPIKey
method.
Use the UpdateApiKeyOptions.Builder
to create a UpdateApiKeyOptions
object that contains the parameter values for the updateApiKey
method.
Custom Headers
Version of the API key to be updated. Specify the version that you retrieved when reading the API key. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key to be updated.
Request to update an API key.
The name of the API key to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the API key to update. If specified an empty description will clear the description of the API key. If a non empty value is provided the API key will be updated.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateAPIKey options.
Unique ID of the API key to be updated.
Version of the API key to be updated. Specify the version that you retrieved when reading the API key. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the API key to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the API key to update. If specified an empty description will clear the description of the API key. If a non empty value is provided the API key will be updated.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The updateApiKey options.
Unique ID of the API key to be updated.
Version of the API key to be updated. Specify the version that you retrieved when reading the API key. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the API key to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the API key to update. If specified an empty description will clear the description of the API key. If a non empty value is provided the API key will be updated.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
parameters
Unique ID of the API key to be updated.
Version of the API key to be updated. Specify the version that you retrieved when reading the API key. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the API key to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the API key to update. If specified an empty description will clear the description of the API key. If a non empty value is provided the API key will be updated.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
parameters
Unique ID of the API key to be updated.
Version of the API key to be updated. Specify the version that you retrieved when reading the API key. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the API key to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the API key to update. If specified an empty description will clear the description of the API key. If a non empty value is provided the API key will be updated.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
curl -X PUT "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID" --header "Authorization: Bearer $TOKEN" --header "If-Match: <value of etag header from GET request>" --header "Content-Type: application/json" --data '{ "name": "My-apikey", "description": "my personal key" }'
updateAPIKeyOptions := iamIdentityService.NewUpdateAPIKeyOptions(apikeyID, apikeyEtag) updateAPIKeyOptions.SetDescription("This is an updated description") apiKey, response, err := iamIdentityService.UpdateAPIKey(updateAPIKeyOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(apiKey, "", " ") fmt.Println(string(b))
UpdateApiKeyOptions updateApiKeyOptions = new UpdateApiKeyOptions.Builder() .id(apikeyId) .ifMatch(apikeyEtag) .description("This is an updated description") .build(); Response<ApiKey> response = service.updateApiKey(updateApiKeyOptions).execute(); ApiKey apiKey = response.getResult(); System.out.println(apiKey);
const params = { id: apikeyId, ifMatch: apikeyEtag, description: 'This is an updated description', }; try { const res = await iamIdentityService.updateApiKey(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
api_key = iam_identity_service.update_api_key( id=apikey_id, if_match=apikey_etag, description='This is an updated description' ).get_result() print(json.dumps(api_key, indent=2))
Response
Response body format for API key V1 REST requests.
Unique identifier of this API Key.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'
The API key cannot be changed if set to true.
IAM ID of the user or service which created the API key.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
Context with key properties for problem determination.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
History of the API key.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for API key V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful - API key updated.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with provided parameters not found.
Conflict - there must have been an update in parallel, the specified If-Match header does not match the current API key record. Retrieve the current API key again and apply the changes to that version.
Internal Server error.
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "2-cc66d399c705d12b439f1992a465fd5b", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T13:45+0000", "support_sessions": false, "action_when_leaked": "none", "name": "Apikey-test1", "description": "Apikey-test1", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" }
{ "id": "ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "entity_tag": "2-cc66d399c705d12b439f1992a465fd5b", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::apikey:ApiKey-5ccff000-9ff1-4481-a760-29c22a7603e7", "locked": false, "disabled": false, "created_at": "2020-11-10T12:28+0000", "created_by": "IBMid-110000AB1Z", "modified_at": "2020-11-10T13:45+0000", "support_sessions": false, "action_when_leaked": "none", "name": "Apikey-test1", "description": "Apikey-test1", "iam_id": "IBMid-110000AB1Z", "account_id": "100abcde100a41abc100aza678abc0zz" }
Deletes an API key
Deletes an API key. Existing tokens will remain valid until expired. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes an API key. Existing tokens will remain valid until expired. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes an API key. Existing tokens will remain valid until expired. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes an API key. Existing tokens will remain valid until expired. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes an API key. Existing tokens will remain valid until expired. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
DELETE /v1/apikeys/{id}
(iamIdentity *IamIdentityV1) DeleteAPIKey(deleteAPIKeyOptions *DeleteAPIKeyOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteAPIKeyWithContext(ctx context.Context, deleteAPIKeyOptions *DeleteAPIKeyOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteApiKey(DeleteApiKeyOptions deleteApiKeyOptions)
deleteApiKey(params)
delete_api_key(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteAPIKeyOptions
struct and set the fields to provide parameter values for the DeleteAPIKey
method.
Use the DeleteApiKeyOptions.Builder
to create a DeleteApiKeyOptions
object that contains the parameter values for the deleteApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteAPIKey options.
Unique ID of the API key.
The deleteApiKey options.
Unique ID of the API key.
parameters
Unique ID of the API key.
parameters
Unique ID of the API key.
curl -X DELETE "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
deleteAPIKeyOptions := iamIdentityService.NewDeleteAPIKeyOptions(apikeyID) response, err := iamIdentityService.DeleteAPIKey(deleteAPIKeyOptions) if err != nil { panic(err) }
DeleteApiKeyOptions deleteApiKeyOptions = new DeleteApiKeyOptions.Builder() .id(apikeyId) .build(); Response<Void> response = service.deleteApiKey(deleteApiKeyOptions).execute();
const params = { id: apikeyId, }; try { await iamIdentityService.deleteApiKey(params); } catch (err) { console.warn(err); }
response = iam_identity_service.delete_api_key(id=apikey_id)
Response
Status Code
Deleted Successful - no further details.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with given ID not found.
Conflict - ApiKey could not be deleted.
Internal Server error.
No Sample Response
Lock the API key
Locks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
POST /v1/apikeys/{id}/lock
(iamIdentity *IamIdentityV1) LockAPIKey(lockAPIKeyOptions *LockAPIKeyOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) LockAPIKeyWithContext(ctx context.Context, lockAPIKeyOptions *LockAPIKeyOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> lockApiKey(LockApiKeyOptions lockApiKeyOptions)
lockApiKey(params)
lock_api_key(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the LockAPIKeyOptions
struct and set the fields to provide parameter values for the LockAPIKey
method.
Use the LockApiKeyOptions.Builder
to create a LockApiKeyOptions
object that contains the parameter values for the lockApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The LockAPIKey options.
Unique ID of the API key.
The lockApiKey options.
Unique ID of the API key.
parameters
Unique ID of the API key.
parameters
Unique ID of the API key.
curl -X POST "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID/lock" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
lockAPIKeyOptions := iamIdentityService.NewLockAPIKeyOptions(apikeyID) response, err := iamIdentityService.LockAPIKey(lockAPIKeyOptions) if err != nil { panic(err) }
LockApiKeyOptions lockApiKeyOptions = new LockApiKeyOptions.Builder() .id(apikeyId) .build(); Response<Void> response = service.lockApiKey(lockApiKeyOptions).execute();
const params = { id: apikeyId, }; try { await iamIdentityService.lockApiKey(params); } catch (err) { console.warn(err); }
response = iam_identity_service.lock_api_key(id=apikey_id)
Response
Status Code
Successful locked.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with provided ID not found.
Internal Server error.
No Sample Response
Unlock the API key
Unlocks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks an API key by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
DELETE /v1/apikeys/{id}/lock
(iamIdentity *IamIdentityV1) UnlockAPIKey(unlockAPIKeyOptions *UnlockAPIKeyOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UnlockAPIKeyWithContext(ctx context.Context, unlockAPIKeyOptions *UnlockAPIKeyOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> unlockApiKey(UnlockApiKeyOptions unlockApiKeyOptions)
unlockApiKey(params)
unlock_api_key(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UnlockAPIKeyOptions
struct and set the fields to provide parameter values for the UnlockAPIKey
method.
Use the UnlockApiKeyOptions.Builder
to create a UnlockApiKeyOptions
object that contains the parameter values for the unlockApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UnlockAPIKey options.
Unique ID of the API key.
The unlockApiKey options.
Unique ID of the API key.
parameters
Unique ID of the API key.
parameters
Unique ID of the API key.
curl -X DELETE "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID/lock" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
unlockAPIKeyOptions := iamIdentityService.NewUnlockAPIKeyOptions(apikeyID) response, err := iamIdentityService.UnlockAPIKey(unlockAPIKeyOptions) if err != nil { panic(err) }
UnlockApiKeyOptions unlockApiKeyOptions = new UnlockApiKeyOptions.Builder() .id(apikeyId) .build(); Response<Void> response = service.unlockApiKey(unlockApiKeyOptions).execute();
const params = { id: apikeyId, }; try { await iamIdentityService.unlockApiKey(params); } catch (err) { console.warn(err); }
response = iam_identity_service.unlock_api_key(id=apikey_id)
Response
Status Code
Successful unlocked.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with provided ID not found.
Internal Server error.
No Sample Response
Disable the API key
Disable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Disable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Disable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Disable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Disable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
POST /v1/apikeys/{id}/disable
(iamIdentity *IamIdentityV1) DisableAPIKey(disableAPIKeyOptions *DisableAPIKeyOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DisableAPIKeyWithContext(ctx context.Context, disableAPIKeyOptions *DisableAPIKeyOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> disableApiKey(DisableApiKeyOptions disableApiKeyOptions)
disableApiKey(params)
disable_api_key(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DisableAPIKeyOptions
struct and set the fields to provide parameter values for the DisableAPIKey
method.
Use the DisableApiKeyOptions.Builder
to create a DisableApiKeyOptions
object that contains the parameter values for the disableApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DisableAPIKey options.
Unique ID of the API key.
The disableApiKey options.
Unique ID of the API key.
parameters
Unique ID of the API key.
parameters
Unique ID of the API key.
curl -X POST "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID/disable" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
disableAPIKeyOptions := iamIdentityService.NewDisableAPIKeyOptions(apikeyID) response, err := iamIdentityService.DisableAPIKey(disableAPIKeyOptions) if err != nil { panic(err) }
DisableApiKeyOptions disableApiKeyOptions = new DisableApiKeyOptions.Builder() .id(apikeyId) .build(); Response<Void> response = service.disableApiKey(disableApiKeyOptions).execute();
const params = { id: apikeyId, }; try { await iamIdentityService.disableApiKey(params); } catch (err) { console.warn(err); }
response = iam_identity_service.disable_api_key(id=apikey_id)
Response
Status Code
Successful disable.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with provided ID not found.
Internal Server error.
No Sample Response
Enable the API key
Enable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Enable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Enable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Enable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Enable an API key. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
DELETE /v1/apikeys/{id}/disable
(iamIdentity *IamIdentityV1) EnableAPIKey(enableAPIKeyOptions *EnableAPIKeyOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) EnableAPIKeyWithContext(ctx context.Context, enableAPIKeyOptions *EnableAPIKeyOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> enableApiKey(EnableApiKeyOptions enableApiKeyOptions)
enableApiKey(params)
enable_api_key(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the EnableAPIKeyOptions
struct and set the fields to provide parameter values for the EnableAPIKey
method.
Use the EnableApiKeyOptions.Builder
to create a EnableApiKeyOptions
object that contains the parameter values for the enableApiKey
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the API key.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The EnableAPIKey options.
Unique ID of the API key.
The enableApiKey options.
Unique ID of the API key.
parameters
Unique ID of the API key.
parameters
Unique ID of the API key.
curl -X DELETE "https://iam.cloud.ibm.com/v1/apikeys/APIKEY_UNIQUE_ID/disable" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
enableAPIKeyOptions := iamIdentityService.NewEnableAPIKeyOptions(apikeyID) response, err := iamIdentityService.EnableAPIKey(enableAPIKeyOptions) if err != nil { panic(err) }
EnableApiKeyOptions enableApiKeyOptions = new EnableApiKeyOptions.Builder() .id(apikeyId) .build(); Response<Void> response = service.enableApiKey(enableApiKeyOptions).execute();
const params = { id: apikeyId, }; try { await iamIdentityService.enableApiKey(params); } catch (err) { console.warn(err); }
response = iam_identity_service.enable_api_key(id=apikey_id)
Response
Status Code
Successful enable.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
API key with provided ID not found.
Internal Server error.
No Sample Response
List service IDs
Returns a list of service IDs. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns a list of service IDs. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns a list of service IDs. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns a list of service IDs. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns a list of service IDs. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
GET /v1/serviceids/
(iamIdentity *IamIdentityV1) ListServiceIds(listServiceIdsOptions *ListServiceIdsOptions) (result *ServiceIDList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListServiceIdsWithContext(ctx context.Context, listServiceIdsOptions *ListServiceIdsOptions) (result *ServiceIDList, response *core.DetailedResponse, err error)
ServiceCall<ServiceIdList> listServiceIds(ListServiceIdsOptions listServiceIdsOptions)
listServiceIds(params)
list_service_ids(
self,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
pagesize: Optional[int] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListServiceIdsOptions
struct and set the fields to provide parameter values for the ListServiceIds
method.
Use the ListServiceIdsOptions.Builder
to create a ListServiceIdsOptions
object that contains the parameter values for the listServiceIds
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID of the service ID(s) to query. This parameter is required (unless using a pagetoken).
Name of the service ID(s) to query. Optional.20 items per page. Valid range is 1 to 100.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListServiceIds options.
Account ID of the service ID(s) to query. This parameter is required (unless using a pagetoken).
Name of the service ID(s) to query. Optional.20 items per page. Valid range is 1 to 100.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listServiceIds options.
Account ID of the service ID(s) to query. This parameter is required (unless using a pagetoken).
Name of the service ID(s) to query. Optional.20 items per page. Valid range is 1 to 100.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the service ID(s) to query. This parameter is required (unless using a pagetoken).
Name of the service ID(s) to query. Optional.20 items per page. Valid range is 1 to 100.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the service ID(s) to query. This parameter is required (unless using a pagetoken).
Name of the service ID(s) to query. Optional.20 items per page. Valid range is 1 to 100.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/serviceids?account_id=ACCOUNT_ID&name=My-serviceID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
listServiceIdsOptions := iamIdentityService.NewListServiceIdsOptions() listServiceIdsOptions.SetAccountID(accountID) listServiceIdsOptions.SetName(serviceIDName) serviceIDList, response, err := iamIdentityService.ListServiceIds(listServiceIdsOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(serviceIDList, "", " ") fmt.Println(string(b))
ListServiceIdsOptions listServiceIdsOptions = new ListServiceIdsOptions.Builder() .accountId(accountId) .name(serviceIdName) .build(); Response<ServiceIdList> response = service.listServiceIds(listServiceIdsOptions).execute(); ServiceIdList serviceIdList = response.getResult(); System.out.println(serviceIdList);
const params = { accountId: accountId, name: serviceIdName, }; try { const res = await iamIdentityService.listServiceIds(params) console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
service_id_list = iam_identity_service.list_service_ids( account_id=account_id, name=serviceid_name ).get_result() print(json.dumps(service_id_list, indent=2))
Response
Response body format for the list service ID V1 REST request.
List of service IDs based on the query paramters and the page size. The service IDs array is always part of the response but might be empty depending on the query parameter values provided.
Context with key properties for problem determination.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Response body format for the list service ID V1 REST request.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of service IDs based on the query paramters and the page size. The service IDs array is always part of the response but might be empty depending on the query parameter values provided.
- Serviceids
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- Apikey
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the list service ID V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of service IDs based on the query paramters and the page size. The service IDs array is always part of the response but might be empty depending on the query parameter values provided.
- serviceids
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the list service ID V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of service IDs based on the query paramters and the page size. The service IDs array is always part of the response but might be empty depending on the query parameter values provided.
- serviceids
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the list service ID V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of service IDs based on the query paramters and the page size. The service IDs array is always part of the response but might be empty depending on the query parameter values provided.
- serviceids
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful response. No further actions.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "offset": 0, "limit": 1, "first": "https://iam.cloud.ibm.com/v1/serviceids?account_id=accountId", "next": "https://iam.cloud.ibm.com/v1/serviceids?pagetoken=pageToken", "serviceids": { "id": "ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "iam_id": "iam-ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "entity_tag": "3-c46d2fd21b701adf7eb67cfd1a498fde", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "locked": false, "created_at": "2020-10-16T10:36+0000", "modified_at": "2020-10-16T10:36+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "serviceId-test", "description": "serviceId-test", "unique_instance_crns": [] } }
{ "offset": 0, "limit": 1, "first": "https://iam.cloud.ibm.com/v1/serviceids?account_id=accountId", "next": "https://iam.cloud.ibm.com/v1/serviceids?pagetoken=pageToken", "serviceids": { "id": "ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "iam_id": "iam-ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "entity_tag": "3-c46d2fd21b701adf7eb67cfd1a498fde", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "locked": false, "created_at": "2020-10-16T10:36+0000", "modified_at": "2020-10-16T10:36+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "serviceId-test", "description": "serviceId-test", "unique_instance_crns": [] } }
Create a service ID
Creates a service ID for an IBM Cloud account. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates a service ID for an IBM Cloud account. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates a service ID for an IBM Cloud account. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates a service ID for an IBM Cloud account. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Creates a service ID for an IBM Cloud account. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
POST /v1/serviceids/
(iamIdentity *IamIdentityV1) CreateServiceID(createServiceIDOptions *CreateServiceIDOptions) (result *ServiceID, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateServiceIDWithContext(ctx context.Context, createServiceIDOptions *CreateServiceIDOptions) (result *ServiceID, response *core.DetailedResponse, err error)
ServiceCall<ServiceId> createServiceId(CreateServiceIdOptions createServiceIdOptions)
createServiceId(params)
create_service_id(
self,
account_id: str,
name: str,
*,
description: Optional[str] = None,
unique_instance_crns: Optional[List[str]] = None,
apikey: Optional['ApiKeyInsideCreateServiceIdRequest'] = None,
entity_lock: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateServiceIDOptions
struct and set the fields to provide parameter values for the CreateServiceID
method.
Use the CreateServiceIdOptions.Builder
to create a CreateServiceIdOptions
object that contains the parameter values for the createServiceId
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Indicates if the service ID is locked for further write operations. False by default.
Default:
false
Request to create a service ID.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
Parameters for the API key in the Create service Id V1 REST request.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateServiceID options.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
Parameters for the API key in the Create service Id V1 REST request.
- Apikey
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.
Indicates if the service ID is locked for further write operations. False by default.
Default:
false
The createServiceId options.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
Parameters for the API key in the Create service Id V1 REST request.
- apikey
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.
Indicates if the service ID is locked for further write operations. False by default.
Default:
false
parameters
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
Parameters for the API key in the Create service Id V1 REST request.
- apikey
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.
Indicates if the service ID is locked for further write operations. False by default.
Default:
false
parameters
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
Parameters for the API key in the Create service Id V1 REST request.
- apikey
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
You can optionally passthrough the API key value for this API key. If passed, a minimum length validation of 32 characters for that apiKey value is done, i.e. the value can contain any characters and can even be non-URL safe, but the minimum length requirement must be met. If omitted, the API key management will create an URL safe opaque API key value. The value of the API key is checked for uniqueness. Ensure enough variations when passing in this value.
Send true or false to set whether the API key value is retrievable in the future by using the Get details of an API key request. If you create an API key for a user, you must specify
false
or omit the value. We don't allow storing of API keys for users.
Indicates if the service ID is locked for further write operations. False by default.
Default:
false
curl -X POST "https://iam.cloud.ibm.com/v1/serviceids" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --data '{ "name": "My-serviceID", "description": "my special service ID", "account_id": "ACCOUNT_ID" }'
createServiceIDOptions := iamIdentityService.NewCreateServiceIDOptions(accountID, serviceIDName) createServiceIDOptions.SetDescription("Example ServiceId") serviceID, response, err := iamIdentityService.CreateServiceID(createServiceIDOptions) if err != nil { panic(err) } svcID = *serviceID.ID b, _ := json.MarshalIndent(serviceID, "", " ") fmt.Println(string(b))
CreateServiceIdOptions createServiceIdOptions = new CreateServiceIdOptions.Builder() .accountId(accountId) .name(serviceIdName) .description("Example ServiceId") .build(); Response<ServiceId> response = service.createServiceId(createServiceIdOptions).execute(); ServiceId serviceId = response.getResult(); svcId = serviceId.getId(); System.out.println(serviceId);
const params = { accountId: accountId, name: serviceIdName, description: 'Example ServiceId', }; try { const res = await iamIdentityService.createServiceId(params); svcId = res.result.id; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
service_id = iam_identity_service.create_service_id( account_id=account_id, name=serviceid_name, description='Example ServiceId' ).get_result() print(json.dumps(service_id, indent=2))
Response
Response body format for service ID V1 REST requests.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
Context with key properties for problem determination.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
Response body format for API key V1 REST requests.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- Apikey
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Service ID successfully created.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Create Conflict - service ID could not be created. Response if the Object could not be created in the persistence layer.
Internal Server error. Response if unexpected error situation happened.
{ "id": "ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "iam_id": "iam-ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "entity_tag": "1-b5edc4362f94fb1fa5f009467b1db039", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "locked": false, "created_at": "2020-11-10T14:05+0000", "modified_at": "2020-11-10T14:05+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "New-serviceID", "description": "New-serviceID-desc", "unique_instance_crns": [] }
{ "id": "ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "iam_id": "iam-ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "entity_tag": "1-b5edc4362f94fb1fa5f009467b1db039", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "locked": false, "created_at": "2020-11-10T14:05+0000", "modified_at": "2020-11-10T14:05+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "New-serviceID", "description": "New-serviceID-desc", "unique_instance_crns": [] }
Get details of a service ID
Returns the details of a service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns the details of a service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns the details of a service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns the details of a service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
Returns the details of a service ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an api key.
GET /v1/serviceids/{id}
(iamIdentity *IamIdentityV1) GetServiceID(getServiceIDOptions *GetServiceIDOptions) (result *ServiceID, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetServiceIDWithContext(ctx context.Context, getServiceIDOptions *GetServiceIDOptions) (result *ServiceID, response *core.DetailedResponse, err error)
ServiceCall<ServiceId> getServiceId(GetServiceIdOptions getServiceIdOptions)
getServiceId(params)
get_service_id(
self,
id: str,
*,
include_history: Optional[bool] = None,
include_activity: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetServiceIDOptions
struct and set the fields to provide parameter values for the GetServiceID
method.
Use the GetServiceIdOptions.Builder
to create a GetServiceIdOptions
object that contains the parameter values for the getServiceId
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the service ID.
Query Parameters
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetServiceID options.
Unique ID of the service ID.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
The getServiceId options.
Unique ID of the service ID.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
parameters
Unique ID of the service ID.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
parameters
Unique ID of the service ID.
Defines if the entity history is included in the response.
Default:
false
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/serviceids/SERVICE_ID_UNIQUE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getServiceIDOptions := iamIdentityService.NewGetServiceIDOptions(svcID) getServiceIDOptions.SetIncludeActivity(false) serviceID, response, err := iamIdentityService.GetServiceID(getServiceIDOptions) if err != nil { panic(err) } svcIDEtag = response.GetHeaders().Get("Etag") b, _ := json.MarshalIndent(serviceID, "", " ") fmt.Println(string(b))
GetServiceIdOptions getServiceIdOptions = new GetServiceIdOptions.Builder() .id(svcId) .includeActivity(false) .build(); Response<ServiceId> response = service.getServiceId(getServiceIdOptions).execute(); ServiceId serviceId = response.getResult(); svcIdEtag = response.getHeaders().values("Etag").get(0); System.out.println(serviceId);
const params = { id: svcId, includeActivity: true, }; try { const res = await iamIdentityService.getServiceId(params) svcIdEtag = res.headers['etag']; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_service_id( id=svc_id, include_history=True, include_activity=True, ) service_id = response.get_result() print(json.dumps(service_id, indent=2))
Response
Response body format for service ID V1 REST requests.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
Context with key properties for problem determination.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
Response body format for API key V1 REST requests.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- Apikey
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful response. No further actions.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
service ID with provided ID not found.
Internal Server error. Response if unexpected error situation happened.
{ "id": "ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "iam_id": "iam-ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "entity_tag": "1-b5edc4362f94fb1fa5f009467b1db039", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "locked": false, "created_at": "2020-11-10T14:05+0000", "modified_at": "2020-11-10T14:05+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "New-serviceID", "description": "New-serviceID-desc", "unique_instance_crns": [] }
{ "id": "ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "iam_id": "iam-ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "entity_tag": "1-b5edc4362f94fb1fa5f009467b1db039", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "locked": false, "created_at": "2020-11-10T14:05+0000", "modified_at": "2020-11-10T14:05+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "New-serviceID", "description": "New-serviceID-desc", "unique_instance_crns": [] }
Update service ID
Updates properties of a service ID. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update a service ID, pass the property to be modified. To delete one property's value, pass the property with an empty value "".Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an apikey.
Updates properties of a service ID. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update a service ID, pass the property to be modified. To delete one property's value, pass the property with an empty value "".Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an apikey.
Updates properties of a service ID. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update a service ID, pass the property to be modified. To delete one property's value, pass the property with an empty value "".Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an apikey.
Updates properties of a service ID. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update a service ID, pass the property to be modified. To delete one property's value, pass the property with an empty value "".Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an apikey.
Updates properties of a service ID. This does NOT affect existing access tokens. Their token content will stay unchanged until the access token is refreshed. To update a service ID, pass the property to be modified. To delete one property's value, pass the property with an empty value "".Users can manage user API keys for themself, or service ID API keys for service IDs they have access to. Note: apikey details are only included in the response when creating a Service ID with an apikey.
PUT /v1/serviceids/{id}
(iamIdentity *IamIdentityV1) UpdateServiceID(updateServiceIDOptions *UpdateServiceIDOptions) (result *ServiceID, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateServiceIDWithContext(ctx context.Context, updateServiceIDOptions *UpdateServiceIDOptions) (result *ServiceID, response *core.DetailedResponse, err error)
ServiceCall<ServiceId> updateServiceId(UpdateServiceIdOptions updateServiceIdOptions)
updateServiceId(params)
update_service_id(
self,
id: str,
if_match: str,
*,
name: Optional[str] = None,
description: Optional[str] = None,
unique_instance_crns: Optional[List[str]] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateServiceIDOptions
struct and set the fields to provide parameter values for the UpdateServiceID
method.
Use the UpdateServiceIdOptions.Builder
to create a UpdateServiceIdOptions
object that contains the parameter values for the updateServiceId
method.
Custom Headers
Version of the service ID to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the service ID. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the service ID to be updated.
Request to update a service ID.
The name of the service ID to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the service ID to update. If specified an empty description will clear the description of the service ID. If an non empty value is provided the service ID will be updated.
List of CRNs which point to the services connected to this service ID. If specified an empty list will clear all existing unique instance crns of the service ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateServiceID options.
Unique ID of the service ID to be updated.
Version of the service ID to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the service ID. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the service ID to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the service ID to update. If specified an empty description will clear the description of the service ID. If an non empty value is provided the service ID will be updated.
List of CRNs which point to the services connected to this service ID. If specified an empty list will clear all existing unique instance crns of the service ID.
The updateServiceId options.
Unique ID of the service ID to be updated.
Version of the service ID to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the service ID. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the service ID to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the service ID to update. If specified an empty description will clear the description of the service ID. If an non empty value is provided the service ID will be updated.
List of CRNs which point to the services connected to this service ID. If specified an empty list will clear all existing unique instance crns of the service ID.
parameters
Unique ID of the service ID to be updated.
Version of the service ID to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the service ID. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the service ID to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the service ID to update. If specified an empty description will clear the description of the service ID. If an non empty value is provided the service ID will be updated.
List of CRNs which point to the services connected to this service ID. If specified an empty list will clear all existing unique instance crns of the service ID.
parameters
Unique ID of the service ID to be updated.
Version of the service ID to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the service ID. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The name of the service ID to update. If specified in the request the parameter must not be empty. The name is not checked for uniqueness. Failure to this will result in an Error condition.
The description of the service ID to update. If specified an empty description will clear the description of the service ID. If an non empty value is provided the service ID will be updated.
List of CRNs which point to the services connected to this service ID. If specified an empty list will clear all existing unique instance crns of the service ID.
curl -X PUT "https://iam.cloud.ibm.com/v1/serviceids/SERVICE_ID_UNIQUE_ID" --header "Authorization: Bearer $TOKEN" --header "If-Match: <value of etag header from GET request>" --header "Content-Type: application/json" --data '{ "name": "My-super-secret-serviceid", "description": "super secret service ID" }'
updateServiceIDOptions := iamIdentityService.NewUpdateServiceIDOptions(svcID, svcIDEtag) updateServiceIDOptions.SetDescription("This is an updated description") serviceID, response, err := iamIdentityService.UpdateServiceID(updateServiceIDOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(serviceID, "", " ") fmt.Println(string(b))
UpdateServiceIdOptions updateServiceIdOptions = new UpdateServiceIdOptions.Builder() .id(svcId) .ifMatch(svcIdEtag) .description("This is an updated description") .build(); Response<ServiceId> response = service.updateServiceId(updateServiceIdOptions).execute(); ServiceId serviceId = response.getResult(); System.out.println(serviceId);
const params = { id: svcId, ifMatch: svcIdEtag, description: 'This is an updated description', }; try { const res = await iamIdentityService.updateServiceId(params) console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
service_id = iam_identity_service.update_service_id( id=svc_id, if_match=svc_id_etag, description='This is an updated description' ).get_result() print(json.dumps(service_id, indent=2))
Response
Response body format for service ID V1 REST requests.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
Context with key properties for problem determination.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
Response body format for API key V1 REST requests.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- Apikey
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for service ID V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this Service Id.
Cloud wide identifier for identities of this service ID.
Version of the service ID details object. You need to specify this value when updating the service ID to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::serviceid:1234-5678-9012'.
The service ID cannot be changed if set to true.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the account the service ID belongs to.
Name of the Service Id. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the Service Id.
The optional description of the Service Id. The 'description' property is only available if a description was provided during a create of a Service Id.
Optional list of CRNs (string array) which point to the services connected to the service ID.
History of the Service ID.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Response body format for API key V1 REST requests.
- apikey
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique identifier of this API Key.
Version of the API Key details object. You need to specify this value when updating the API key to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::apikey:1234-9012-5678'.
The API key cannot be changed if set to true.
Defines if API key is disabled, API key cannot be used if 'disabled' is set to true.
If set contains a date time string of the creation date in ISO format.
IAM ID of the user or service which created the API key.
If set contains a date time string of the last modification date in ISO format.
Name of the API key. The name is not checked for uniqueness. Therefore multiple names with the same value can exist. Access is done via the UUID of the API key.
Defines if the API key supports sessions. Sessions are only supported for user apikeys.
Defines the action to take when API key is leaked, valid values are 'none', 'disable' and 'delete'.
The optional description of the API key. The 'description' property is only available if a description was provided during a create of an API key.
The iam_id that this API key authenticates.
ID of the account that this API key authenticates for.
The API key value. This property only contains the API key value for the following cases: create an API key, update a service ID API key that stores the API key value as retrievable, or get a service ID API key that stores the API key value as retrievable. All other operations don't return the API key value, for example all user API key related operations, except for create, don't contain the API key value.
History of the API key.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful - service ID updated.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Service ID with provided parameters not found
Conflict - there must have been an update in parallel, the specified If-Match header does not match the current service ID record. Retrieve the current service ID again and apply the changes to that version.
Internal Server error.
{ "id": "ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "iam_id": "iam-ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "entity_tag": "2-6dd669bd2257898957b2d117ec93e730", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "locked": false, "created_at": "2020-11-10T14:05+0000", "modified_at": "2020-11-10T14:13+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "New-serviceID-updated", "description": "New-serviceID-desc-updated", "unique_instance_crns": [] }
{ "id": "ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "iam_id": "iam-ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "entity_tag": "2-6dd669bd2257898957b2d117ec93e730", "crn": "crn:v1:bluemix:public:iam-identity::a/100abcde100a41abc100aza678abc0zz::serviceid:ServiceId-cb36c9a9-778f-4985-a398-dbec6523054a", "locked": false, "created_at": "2020-11-10T14:05+0000", "modified_at": "2020-11-10T14:13+0000", "account_id": "100abcde100a41abc100aza678abc0zz", "name": "New-serviceID-updated", "description": "New-serviceID-desc-updated", "unique_instance_crns": [] }
Deletes a service ID and associated API keys
Deletes a service ID and all API keys associated to it. Before deleting the service ID, all associated API keys are deleted. In case a Delete Conflict (status code 409) a retry of the request may help as the service ID is only deleted if the associated API keys were successfully deleted before. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes a service ID and all API keys associated to it. Before deleting the service ID, all associated API keys are deleted. In case a Delete Conflict (status code 409) a retry of the request may help as the service ID is only deleted if the associated API keys were successfully deleted before. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes a service ID and all API keys associated to it. Before deleting the service ID, all associated API keys are deleted. In case a Delete Conflict (status code 409) a retry of the request may help as the service ID is only deleted if the associated API keys were successfully deleted before. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes a service ID and all API keys associated to it. Before deleting the service ID, all associated API keys are deleted. In case a Delete Conflict (status code 409) a retry of the request may help as the service ID is only deleted if the associated API keys were successfully deleted before. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Deletes a service ID and all API keys associated to it. Before deleting the service ID, all associated API keys are deleted. In case a Delete Conflict (status code 409) a retry of the request may help as the service ID is only deleted if the associated API keys were successfully deleted before. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
DELETE /v1/serviceids/{id}
(iamIdentity *IamIdentityV1) DeleteServiceID(deleteServiceIDOptions *DeleteServiceIDOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteServiceIDWithContext(ctx context.Context, deleteServiceIDOptions *DeleteServiceIDOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteServiceId(DeleteServiceIdOptions deleteServiceIdOptions)
deleteServiceId(params)
delete_service_id(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteServiceIDOptions
struct and set the fields to provide parameter values for the DeleteServiceID
method.
Use the DeleteServiceIdOptions.Builder
to create a DeleteServiceIdOptions
object that contains the parameter values for the deleteServiceId
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the service ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteServiceID options.
Unique ID of the service ID.
The deleteServiceId options.
Unique ID of the service ID.
parameters
Unique ID of the service ID.
parameters
Unique ID of the service ID.
curl -X DELETE "https://iam.cloud.ibm.com/v1/serviceids/SERVICE_ID_UNIQUE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
deleteServiceIDOptions := iamIdentityService.NewDeleteServiceIDOptions(svcID) response, err := iamIdentityService.DeleteServiceID(deleteServiceIDOptions) if err != nil { panic(err) }
DeleteServiceIdOptions deleteServiceIdOptions = new DeleteServiceIdOptions.Builder() .id(svcId) .build(); Response<Void> response = service.deleteServiceId(deleteServiceIdOptions).execute();
const params = { id: svcId, }; try { await iamIdentityService.deleteServiceId(params) } catch (err) { console.warn(err); }
response = iam_identity_service.delete_service_id(id=svc_id)
Response
Status Code
service ID successfully deleted. Response if the Object was successfully deleted from the persistence layer.
The service ID is locked.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
service ID with provided ID not found.
Delete Conflict - service ID could not be deleted. Response if the Object could not be deleted from the persistence layer.
Internal Server error. Response if unexpected error situation happened.
No Sample Response
Lock the service ID
Locks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Locks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
POST /v1/serviceids/{id}/lock
(iamIdentity *IamIdentityV1) LockServiceID(lockServiceIDOptions *LockServiceIDOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) LockServiceIDWithContext(ctx context.Context, lockServiceIDOptions *LockServiceIDOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> lockServiceId(LockServiceIdOptions lockServiceIdOptions)
lockServiceId(params)
lock_service_id(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the LockServiceIDOptions
struct and set the fields to provide parameter values for the LockServiceID
method.
Use the LockServiceIdOptions.Builder
to create a LockServiceIdOptions
object that contains the parameter values for the lockServiceId
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the service ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The LockServiceID options.
Unique ID of the service ID.
The lockServiceId options.
Unique ID of the service ID.
parameters
Unique ID of the service ID.
parameters
Unique ID of the service ID.
curl -X POST "https://iam.cloud.ibm.com/v1/serviceids/SERVICE_ID_UNIQUE_ID/lock" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
lockServiceIDOptions := iamIdentityService.NewLockServiceIDOptions(svcID) response, err := iamIdentityService.LockServiceID(lockServiceIDOptions) if err != nil { panic(err) }
LockServiceIdOptions lockServiceIdOptions = new LockServiceIdOptions.Builder() .id(svcId) .build(); Response<Void> response = service.lockServiceId(lockServiceIdOptions).execute();
const params = { id: svcId, }; try { await iamIdentityService.lockServiceId(params); } catch (err) { console.warn(err); }
response = iam_identity_service.lock_service_id(id=svc_id)
Response
Status Code
Successful locked.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Service ID with provided uuid not found.
Internal Server error.
No Sample Response
Unlock the service ID
Unlocks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
Unlocks a service ID by ID. Users can manage user API keys for themself, or service ID API keys for service IDs they have access to.
DELETE /v1/serviceids/{id}/lock
(iamIdentity *IamIdentityV1) UnlockServiceID(unlockServiceIDOptions *UnlockServiceIDOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UnlockServiceIDWithContext(ctx context.Context, unlockServiceIDOptions *UnlockServiceIDOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> unlockServiceId(UnlockServiceIdOptions unlockServiceIdOptions)
unlockServiceId(params)
unlock_service_id(
self,
id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UnlockServiceIDOptions
struct and set the fields to provide parameter values for the UnlockServiceID
method.
Use the UnlockServiceIdOptions.Builder
to create a UnlockServiceIdOptions
object that contains the parameter values for the unlockServiceId
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the service ID.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UnlockServiceID options.
Unique ID of the service ID.
The unlockServiceId options.
Unique ID of the service ID.
parameters
Unique ID of the service ID.
parameters
Unique ID of the service ID.
curl -X DELETE "https://iam.cloud.ibm.com/v1/serviceids/SERVICE_ID_UNIQUE_ID/lock" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
unlockServiceIDOptions := iamIdentityService.NewUnlockServiceIDOptions(svcID) response, err := iamIdentityService.UnlockServiceID(unlockServiceIDOptions) if err != nil { panic(err) }
UnlockServiceIdOptions unlockServiceIdOptions = new UnlockServiceIdOptions.Builder() .id(svcId) .build(); Response<Void> response = service.unlockServiceId(unlockServiceIdOptions).execute();
const params = { id: svcId, }; try { await iamIdentityService.unlockServiceId(params); } catch (err) { console.warn(err); }
response = iam_identity_service.unlock_service_id(id=svc_id)
Response
Status Code
Successful unlocked.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Service ID with provided uuid not found.
Internal Server error.
No Sample Response
Create a trusted profile
Create a trusted profile for a given account ID.
Create a trusted profile for a given account ID.
Create a trusted profile for a given account ID.
Create a trusted profile for a given account ID.
Create a trusted profile for a given account ID.
POST /v1/profiles
(iamIdentity *IamIdentityV1) CreateProfile(createProfileOptions *CreateProfileOptions) (result *TrustedProfile, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateProfileWithContext(ctx context.Context, createProfileOptions *CreateProfileOptions) (result *TrustedProfile, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfile> createProfile(CreateProfileOptions createProfileOptions)
createProfile(params)
create_profile(
self,
name: str,
account_id: str,
*,
description: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateProfileOptions
struct and set the fields to provide parameter values for the CreateProfile
method.
Use the CreateProfileOptions.Builder
to create a CreateProfileOptions
object that contains the parameter values for the createProfile
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Request to create a trusted profile.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The account ID of the trusted profile.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during creation of trusted profile.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateProfile options.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The account ID of the trusted profile.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during creation of trusted profile.
The createProfile options.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The account ID of the trusted profile.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during creation of trusted profile.
parameters
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The account ID of the trusted profile.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during creation of trusted profile.
parameters
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The account ID of the trusted profile.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during creation of trusted profile.
curl -X POST "https://iam.cloud.ibm.com/v1/profiles" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json" --data '{ "name": "My Nice Profile", "description": "My Nice Profile - desc", "account_id": "ACCOUNT_ID" }'
createProfileOptions := iamIdentityService.NewCreateProfileOptions(profileName, accountID) createProfileOptions.SetDescription("Example Profile") profile, response, err := iamIdentityService.CreateProfile(createProfileOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(profile, "", " ") fmt.Println(string(b)) profileId = *profile.ID
CreateProfileOptions createProfileOptions = new CreateProfileOptions.Builder() .name(profileName) .description("Example Profile") .accountId(accountId) .build(); Response<TrustedProfile> response = service.createProfile(createProfileOptions).execute(); TrustedProfile profile = response.getResult(); profileId = profile.getId(); System.out.println(profile);
const params = { name: 'profileName', description: 'Example Profile', accountId, }; try { const res = await iamIdentityService.createProfile(params); profileId = res.result.id console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
profile = iam_identity_service.create_profile( name="example profile", description="example profile", account_id=account_id ).get_result() print(json.dumps(profile, indent=2))
Response
Response body format for trusted profile V1 REST requests.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
Context with key properties for problem determination.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile
IMS user ID of the trusted profile
History of the trusted profile.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Trusted profile successfully created. Response if the Object could be created in the persistence layer.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Create Conflict - Trusted profile could not be created. Response if the Object could not be created in the persistence layer.
Internal Server error.
{ "iam_id": "iam-Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c", "id": "Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c", "entity_tag": "1-eb85ef473fd681c90c8743fc13a38119", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "account_id": "18e3020749ce4744b0b472466d61fdb4", "name": "My profile", "description": "A superb profile" }
{ "iam_id": "iam-Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c", "id": "Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c", "entity_tag": "1-eb85ef473fd681c90c8743fc13a38119", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "account_id": "18e3020749ce4744b0b472466d61fdb4", "name": "My profile", "description": "A superb profile" }
List trusted profiles
List the trusted profiles in an account. The account_id
query parameter determines the account from which to retrieve the list of trusted profiles.
List the trusted profiles in an account. The account_id
query parameter determines the account from which to retrieve the list of trusted profiles.
List the trusted profiles in an account. The account_id
query parameter determines the account from which to retrieve the list of trusted profiles.
List the trusted profiles in an account. The account_id
query parameter determines the account from which to retrieve the list of trusted profiles.
List the trusted profiles in an account. The account_id
query parameter determines the account from which to retrieve the list of trusted profiles.
GET /v1/profiles
(iamIdentity *IamIdentityV1) ListProfiles(listProfilesOptions *ListProfilesOptions) (result *TrustedProfilesList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListProfilesWithContext(ctx context.Context, listProfilesOptions *ListProfilesOptions) (result *TrustedProfilesList, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfilesList> listProfiles(ListProfilesOptions listProfilesOptions)
listProfiles(params)
list_profiles(
self,
account_id: str,
*,
name: Optional[str] = None,
pagesize: Optional[int] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[bool] = None,
pagetoken: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListProfilesOptions
struct and set the fields to provide parameter values for the ListProfiles
method.
Use the ListProfilesOptions.Builder
to create a ListProfilesOptions
object that contains the parameter values for the listProfiles
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID to query for trusted profiles.
Name of the trusted profile to query.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListProfiles options.
Account ID to query for trusted profiles.
Name of the trusted profile to query.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
The listProfiles options.
Account ID to query for trusted profiles.
Name of the trusted profile to query.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
parameters
Account ID to query for trusted profiles.
Name of the trusted profile to query.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
parameters
Account ID to query for trusted profiles.
Name of the trusted profile to query.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Optional sort property, valid values are name, description, created_at and modified_at. If specified, the items are sorted by the value of this property.
Optional sort order, valid values are asc and desc. Default: asc.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles?account_id=ACCOUNT_ID" --header "Authorization: Bearer $TOKEN" --header "Accept: application/json"
listProfilesOptions := iamIdentityService.NewListProfilesOptions(accountID) listProfilesOptions.SetIncludeHistory(false) trustedProfiles, response, err := iamIdentityService.ListProfiles(listProfilesOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(trustedProfiles, "", " ") fmt.Println(string(b))
ListProfilesOptions listProfilesOptions = new ListProfilesOptions.Builder() .accountId(accountId) .includeHistory(false) .build(); Response<TrustedProfilesList> response = service.listProfiles(listProfilesOptions).execute(); TrustedProfilesList profiles = response.getResult(); System.out.println(profiles);
const params = { accountId: accountId, includeHistory: false, }; try { const res = await iamIdentityService.listProfiles(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
profile_list = iam_identity_service.list_profiles(account_id=account_id, include_history=True).get_result() print(json.dumps(profile_list, indent=2))
Response
Response body format for the List trusted profiles V1 REST request.
List of trusted profiles
Context with key properties for problem determination.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Response body format for the List trusted profiles V1 REST request.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of trusted profiles.
- Profiles
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the List trusted profiles V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of trusted profiles.
- profiles
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the List trusted profiles V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of trusted profiles.
- profiles
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for the List trusted profiles V1 REST request.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of trusted profiles.
- profiles
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful operation.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
account_id does not match Authorization token, account_id not found.
Internal Server error.
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profiles?account_id=18e3020749ce4744b0b472466d61fdb4", "profiles": [ { "id": "Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "entity_tag": "5-29d5f70272e5f13930938ca32f30223d", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "name": "My profile v1", "description": "A superb profile v1", "created_at": "2021-07-28T09:59+0000", "modified_at": "2021-07-28T16:29+0000", "iam_id": "iam-Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "account_id": "18e3020749ce4744b0b472466d61fdb4", "ims_account_id": 8794967, "ims_user_id": 234876 } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profiles?account_id=18e3020749ce4744b0b472466d61fdb4", "profiles": [ { "id": "Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "entity_tag": "5-29d5f70272e5f13930938ca32f30223d", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "name": "My profile v1", "description": "A superb profile v1", "created_at": "2021-07-28T09:59+0000", "modified_at": "2021-07-28T16:29+0000", "iam_id": "iam-Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "account_id": "18e3020749ce4744b0b472466d61fdb4", "ims_account_id": 8794967, "ims_user_id": 234876 } ] }
Get a trusted profile
Retrieve a trusted profile by its profile-id
. Only the trusted profile's data is returned (name
, description
, iam_id
, etc.), not the federated users or compute resources that qualify to apply the trusted profile.
Retrieve a trusted profile by its profile-id
. Only the trusted profile's data is returned (name
, description
, iam_id
, etc.), not the federated users or compute resources that qualify to apply the trusted profile.
Retrieve a trusted profile by its profile-id
. Only the trusted profile's data is returned (name
, description
, iam_id
, etc.), not the federated users or compute resources that qualify to apply the trusted profile.
Retrieve a trusted profile by its profile-id
. Only the trusted profile's data is returned (name
, description
, iam_id
, etc.), not the federated users or compute resources that qualify to apply the trusted profile.
Retrieve a trusted profile by its profile-id
. Only the trusted profile's data is returned (name
, description
, iam_id
, etc.), not the federated users or compute resources that qualify to apply the trusted profile.
GET /v1/profiles/{profile-id}
(iamIdentity *IamIdentityV1) GetProfile(getProfileOptions *GetProfileOptions) (result *TrustedProfile, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetProfileWithContext(ctx context.Context, getProfileOptions *GetProfileOptions) (result *TrustedProfile, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfile> getProfile(GetProfileOptions getProfileOptions)
getProfile(params)
get_profile(
self,
profile_id: str,
*,
include_activity: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetProfileOptions
struct and set the fields to provide parameter values for the GetProfile
method.
Use the GetProfileOptions.Builder
to create a GetProfileOptions
object that contains the parameter values for the getProfile
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile to get.
Query Parameters
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetProfile options.
ID of the trusted profile to get.
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
The getProfile options.
ID of the trusted profile to get.
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
parameters
ID of the trusted profile to get.
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
parameters
ID of the trusted profile to get.
Defines if the entity's activity is included in the response. Retrieving activity data is an expensive operation, so only request this when needed.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID" --header "Authorization: Bearer $TOKEN" --header "Accept: application/json"
getProfileOptions := iamIdentityService.NewGetProfileOptions(profileId) getProfileOptions.SetIncludeActivity(false) profile, response, err := iamIdentityService.GetProfile(getProfileOptions) if err != nil { panic(err) } profileEtag = response.GetHeaders().Get("Etag") b, _ := json.MarshalIndent(profile, "", " ") fmt.Println(string(b))
GetProfileOptions getProfileOptions = new GetProfileOptions.Builder() .profileId(profileId) .includeActivity(false) .build(); Response<TrustedProfile> response = service.getProfile(getProfileOptions).execute(); TrustedProfile profile = response.getResult(); profileEtag = response.getHeaders().values("Etag").get(0); System.out.println(profile);
const params = { profileId, includeActivity: true, }; try { const res = await iamIdentityService.getProfile(params) profileEtag = res.headers['etag']; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_profile( profile_id=profile_id, include_activity=True, ) profile = response.get_result() print(json.dumps(profile, indent=2))
Response
Response body format for trusted profile V1 REST requests.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
Context with key properties for problem determination.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile
IMS user ID of the trusted profile
History of the trusted profile.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful - Get of Trusted profile.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Trusted profile with provided parameters not found.
Internal Server error.
{ "id": "Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "entity_tag": "5-29d5f70272e5f13930938ca32f30223d", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "name": "My profile v1", "description": "A superb profile v1", "created_at": "2021-07-28T09:59+0000", "modified_at": "2021-07-28T16:29+0000", "iam_id": "iam-Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "account_id": "18e3020749ce4744b0b472466d61fdb4", "ims_account_id": 8794967, "ims_user_id": 234876 }
{ "id": "Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "entity_tag": "5-29d5f70272e5f13930938ca32f30223d", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "name": "My profile v1", "description": "A superb profile v1", "created_at": "2021-07-28T09:59+0000", "modified_at": "2021-07-28T16:29+0000", "iam_id": "iam-Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "account_id": "18e3020749ce4744b0b472466d61fdb4", "ims_account_id": 8794967, "ims_user_id": 234876 }
Update a trusted profile
Update the name or description of an existing trusted profile.
Update the name or description of an existing trusted profile.
Update the name or description of an existing trusted profile.
Update the name or description of an existing trusted profile.
Update the name or description of an existing trusted profile.
PUT /v1/profiles/{profile-id}
(iamIdentity *IamIdentityV1) UpdateProfile(updateProfileOptions *UpdateProfileOptions) (result *TrustedProfile, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateProfileWithContext(ctx context.Context, updateProfileOptions *UpdateProfileOptions) (result *TrustedProfile, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfile> updateProfile(UpdateProfileOptions updateProfileOptions)
updateProfile(params)
update_profile(
self,
profile_id: str,
if_match: str,
*,
name: Optional[str] = None,
description: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateProfileOptions
struct and set the fields to provide parameter values for the UpdateProfile
method.
Use the UpdateProfileOptions.Builder
to create a UpdateProfileOptions
object that contains the parameter values for the updateProfile
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Version of the trusted profile to be updated. Specify the version that you retrived when reading list of trusted profiles. This value helps to identify any parallel usage of trusted profile. Pass * to indicate to update any version available. This might result in stale updates.
Path Parameters
ID of the trusted profile to be updated.
Request to update a trusted profile.
The name of the trusted profile to update. If specified in the request the parameter must not be empty. The name is checked for uniqueness. Failure to this will result in an Error condition.
The description of the trusted profile to update. If specified an empty description will clear the description of the trusted profile. If a non empty value is provided the trusted profile will be updated.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateProfile options.
ID of the trusted profile to be updated.
Version of the trusted profile to be updated. Specify the version that you retrived when reading list of trusted profiles. This value helps to identify any parallel usage of trusted profile. Pass * to indicate to update any version available. This might result in stale updates.
The name of the trusted profile to update. If specified in the request the parameter must not be empty. The name is checked for uniqueness. Failure to this will result in an Error condition.
The description of the trusted profile to update. If specified an empty description will clear the description of the trusted profile. If a non empty value is provided the trusted profile will be updated.
The updateProfile options.
ID of the trusted profile to be updated.
Version of the trusted profile to be updated. Specify the version that you retrived when reading list of trusted profiles. This value helps to identify any parallel usage of trusted profile. Pass * to indicate to update any version available. This might result in stale updates.
The name of the trusted profile to update. If specified in the request the parameter must not be empty. The name is checked for uniqueness. Failure to this will result in an Error condition.
The description of the trusted profile to update. If specified an empty description will clear the description of the trusted profile. If a non empty value is provided the trusted profile will be updated.
parameters
ID of the trusted profile to be updated.
Version of the trusted profile to be updated. Specify the version that you retrived when reading list of trusted profiles. This value helps to identify any parallel usage of trusted profile. Pass * to indicate to update any version available. This might result in stale updates.
The name of the trusted profile to update. If specified in the request the parameter must not be empty. The name is checked for uniqueness. Failure to this will result in an Error condition.
The description of the trusted profile to update. If specified an empty description will clear the description of the trusted profile. If a non empty value is provided the trusted profile will be updated.
parameters
ID of the trusted profile to be updated.
Version of the trusted profile to be updated. Specify the version that you retrived when reading list of trusted profiles. This value helps to identify any parallel usage of trusted profile. Pass * to indicate to update any version available. This might result in stale updates.
The name of the trusted profile to update. If specified in the request the parameter must not be empty. The name is checked for uniqueness. Failure to this will result in an Error condition.
The description of the trusted profile to update. If specified an empty description will clear the description of the trusted profile. If a non empty value is provided the trusted profile will be updated.
curl -X PUT "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json" --header "If-Match: <value of etag header from GET request>" --data '{ "name": "My Profile updated", "description": "My updated desc" }'
updateProfileOptions := iamIdentityService.NewUpdateProfileOptions(profileId, profileEtag) updateProfileOptions.SetDescription("This is an updated description") profile, response, err := iamIdentityService.UpdateProfile(updateProfileOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(profile, "", " ") fmt.Println(string(b))
String newDescription = "updated description"; UpdateProfileOptions updateProfileOptions = new UpdateProfileOptions.Builder() .profileId(profileId) .ifMatch(profileEtag) .description(newDescription) .build(); Response<TrustedProfile> response = service.updateProfile(updateProfileOptions).execute(); TrustedProfile profile = response.getResult(); System.out.println(profile);
const params = { profileId: profileId, ifMatch: profileEtag, description: 'This is an updated description', }; try { const res = await iamIdentityService.updateProfile(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
profile = iam_identity_service.update_profile( profile_id=profile_id, if_match=profile_etag, description='This is an updated description' ).get_result() print(json.dumps(profile, indent=2))
Response
Response body format for trusted profile V1 REST requests.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
Context with key properties for problem determination.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile
IMS user ID of the trusted profile
History of the trusted profile.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- Activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Response body format for trusted profile V1 REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
the unique identifier of the trusted profile. Example:'Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Version of the trusted profile details object. You need to specify this value when updating the trusted profile to avoid stale updates.
Cloud Resource Name of the item. Example Cloud Resource Name: 'crn:v1:bluemix:public:iam-identity:us-south:a/myaccount::profile:Profile-94497d0d-2ac3-41bf-a993-a49d1b14627c'.
Name of the trusted profile. The name is checked for uniqueness. Therefore trusted profiles with the same names can not exist in the same account.
The optional description of the trusted profile. The 'description' property is only available if a description was provided during a create of a trusted profile.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The iam_id of this trusted profile.
ID of the account that this trusted profile belong to.
ID of the IAM template that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
ID of the assignment that was used to create an enterprise-managed trusted profile in your account. When returned, this indicates that the trusted profile is created from and managed by a template in the root enterprise account.
IMS acount ID of the trusted profile.
IMS user ID of the trusted profile.
History of the trusted profile.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
- activity
Time when the entity was last authenticated.
Authentication count, number of times the entity was authenticated.
Status Code
Successful - Trusted profile updated.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Trusted profile with provided parameters not found.
Conflict - there must have been an update in parallel, the specified If-Match header does not match the current Trusted profile record. Retrieve the current Trusted profile again and apply the changes to that version.
Internal Server error.
{ "id": "Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "entity_tag": "5-29d5f70272e5f13930938ca32f30223d", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "name": "My profile updated", "description": "A superb profile updated", "created_at": "2021-07-28T09:59+0000", "modified_at": "2021-07-28T16:29+0000", "iam_id": "iam-Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "account_id": "18e3020749ce4744b0b472466d61fdb4", "ims_account_id": 8794967, "ims_user_id": 234876 }
{ "id": "Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "entity_tag": "5-29d5f70272e5f13930938ca32f30223d", "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "name": "My profile updated", "description": "A superb profile updated", "created_at": "2021-07-28T09:59+0000", "modified_at": "2021-07-28T16:29+0000", "iam_id": "iam-Profile-94188726-7725-4c78-a686-b5deb4d47cb5", "account_id": "18e3020749ce4744b0b472466d61fdb4", "ims_account_id": 8794967, "ims_user_id": 234876 }
Delete a trusted profile
Delete a trusted profile. When you delete trusted profile, compute resources and federated users are unlinked from the profile and can no longer apply the trusted profile identity.
Delete a trusted profile. When you delete trusted profile, compute resources and federated users are unlinked from the profile and can no longer apply the trusted profile identity.
Delete a trusted profile. When you delete trusted profile, compute resources and federated users are unlinked from the profile and can no longer apply the trusted profile identity.
Delete a trusted profile. When you delete trusted profile, compute resources and federated users are unlinked from the profile and can no longer apply the trusted profile identity.
Delete a trusted profile. When you delete trusted profile, compute resources and federated users are unlinked from the profile and can no longer apply the trusted profile identity.
DELETE /v1/profiles/{profile-id}
(iamIdentity *IamIdentityV1) DeleteProfile(deleteProfileOptions *DeleteProfileOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteProfileWithContext(ctx context.Context, deleteProfileOptions *DeleteProfileOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteProfile(DeleteProfileOptions deleteProfileOptions)
deleteProfile(params)
delete_profile(
self,
profile_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteProfileOptions
struct and set the fields to provide parameter values for the DeleteProfile
method.
Use the DeleteProfileOptions.Builder
to create a DeleteProfileOptions
object that contains the parameter values for the deleteProfile
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteProfile options.
ID of the trusted profile.
The deleteProfile options.
ID of the trusted profile.
parameters
ID of the trusted profile.
parameters
ID of the trusted profile.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID" --header "Authorization: Bearer $TOKEN"
deleteProfileOptions := iamIdentityService.NewDeleteProfileOptions(profileId) response, err := iamIdentityService.DeleteProfile(deleteProfileOptions) if err != nil { panic(err) }
DeleteProfileOptions deleteProfileOptions = new DeleteProfileOptions.Builder() .profileId(profileId) .build(); Response<Void> response = service.deleteProfile(deleteProfileOptions).execute();
const params = { profileId }; try { await iamIdentityService.deleteProfile(params); } catch (err) { console.warn(err); }
response = iam_identity_service.delete_profile(profile_id=profile_id)
Response
Status Code
Deleted Successful - no further details.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Trusted profile with given ID not found.
Conflict - Trusted profile could not be deleted.
Internal Server error.
No Sample Response
Create claim rule for a trusted profile
Create a claim rule for a trusted profile. There is a limit of 20 rules per trusted profile.
Create a claim rule for a trusted profile. There is a limit of 20 rules per trusted profile.
Create a claim rule for a trusted profile. There is a limit of 20 rules per trusted profile.
Create a claim rule for a trusted profile. There is a limit of 20 rules per trusted profile.
Create a claim rule for a trusted profile. There is a limit of 20 rules per trusted profile.
POST /v1/profiles/{profile-id}/rules
(iamIdentity *IamIdentityV1) CreateClaimRule(createClaimRuleOptions *CreateClaimRuleOptions) (result *ProfileClaimRule, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateClaimRuleWithContext(ctx context.Context, createClaimRuleOptions *CreateClaimRuleOptions) (result *ProfileClaimRule, response *core.DetailedResponse, err error)
ServiceCall<ProfileClaimRule> createClaimRule(CreateClaimRuleOptions createClaimRuleOptions)
createClaimRule(params)
create_claim_rule(
self,
profile_id: str,
type: str,
conditions: List['ProfileClaimRuleConditions'],
*,
context: Optional['ResponseContext'] = None,
name: Optional[str] = None,
realm_name: Optional[str] = None,
cr_type: Optional[str] = None,
expiration: Optional[int] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateClaimRuleOptions
struct and set the fields to provide parameter values for the CreateClaimRule
method.
Use the CreateClaimRuleOptions.Builder
to create a CreateClaimRuleOptions
object that contains the parameter values for the createClaimRule
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile to create a claim rule.
Request to create a claim rule for trusted profile.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'
Conditions of this claim rule.
Context with key properties for problem determination.
Name of the claim rule to be created or updated
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateClaimRule options.
ID of the trusted profile to create a claim rule.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
The createClaimRule options.
ID of the trusted profile to create a claim rule.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
parameters
ID of the trusted profile to create a claim rule.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
parameters
ID of the trusted profile to create a claim rule.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
curl -X POST "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/rules" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json" --data '{ "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 43200, "conditions": [ { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } ] }'
profileClaimRuleConditions := new(iamidentityv1.ProfileClaimRuleConditions) profileClaimRuleConditions.Claim = core.StringPtr("blueGroups") profileClaimRuleConditions.Operator = core.StringPtr("EQUALS") profileClaimRuleConditions.Value = core.StringPtr("\"cloud-docs-dev\"") createClaimRuleOptions := iamIdentityService.NewCreateClaimRuleOptions(profileId, claimRuleType, []iamidentityv1.ProfileClaimRuleConditions{*profileClaimRuleConditions}) createClaimRuleOptions.SetName("claimRule") createClaimRuleOptions.SetRealmName(realmName) createClaimRuleOptions.SetExpiration(int64(43200)) claimRule, response, err := iamIdentityService.CreateClaimRule(createClaimRuleOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(claimRule, "", " ") fmt.Println(string(b)) claimRuleId = *claimRule.ID
ProfileClaimRuleConditions condition = new ProfileClaimRuleConditions.Builder() .claim("blueGroups") .operator("EQUALS") .value("\"cloud-docs-dev\"") .build(); List<ProfileClaimRuleConditions> conditions = new ArrayList<>(); conditions.add(condition); CreateClaimRuleOptions createClaimRuleOptions = new CreateClaimRuleOptions.Builder() .profileId(profileId) .type(claimRuleType) .realmName(realmName) .expiration(43200) .conditions(conditions) .build(); Response<ProfileClaimRule> response = service.createClaimRule(createClaimRuleOptions).execute(); ProfileClaimRule claimRule = response.getResult(); claimRuleId = claimRule.getId(); System.out.println(claimRule);
const val = "{'Europe_Group'}"; const profileClaimRuleConditionsModel = { claim: 'blueGroups', operator: 'EQUALS', value: JSON.stringify(val), }; const conditions = [profileClaimRuleConditionsModel]; const params = { profileId: profileId, type: 'Profile-SAML', realmName: realmName, expiration: 43200, conditions, }; try { const res = await iamIdentityService.createClaimRule(params); claimRuleId = res.result.id console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
profile_claim_rule_conditions_model = {} profile_claim_rule_conditions_model['claim'] = 'blueGroups' profile_claim_rule_conditions_model['operator'] = 'EQUALS' profile_claim_rule_conditions_model['value'] = '\"cloud-docs-dev\"' claimRule = iam_identity_service.create_claim_rule( profile_id=profile_id, type='Profile-SAML', realm_name='https://sdk.test.realm/1234', expiration=43200, conditions=[profile_claim_rule_conditions_model], ).get_result() print(json.dumps(claimRule, indent=2))
Response
the unique identifier of the claim rule
version of the claim rule
If set contains a date time string of the creation date in ISO format.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'
Session expiration in seconds
Conditions of this claim rule.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name
The realm name of the Idp this claim rule applies to
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Create Conflict - Claim rule could not be created. Response if the Object could not be created in the persistence layer.
Internal Server error.
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "My Claim rule", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 3600, "conditions": { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } }
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "My Claim rule", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 3600, "conditions": { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } }
List claim rules for a trusted profile
Get a list of all claim rules for a trusted profile. The profile-id
query parameter determines the profile from which to retrieve the list of claim rules.
Get a list of all claim rules for a trusted profile. The profile-id
query parameter determines the profile from which to retrieve the list of claim rules.
Get a list of all claim rules for a trusted profile. The profile-id
query parameter determines the profile from which to retrieve the list of claim rules.
Get a list of all claim rules for a trusted profile. The profile-id
query parameter determines the profile from which to retrieve the list of claim rules.
Get a list of all claim rules for a trusted profile. The profile-id
query parameter determines the profile from which to retrieve the list of claim rules.
GET /v1/profiles/{profile-id}/rules
(iamIdentity *IamIdentityV1) ListClaimRules(listClaimRulesOptions *ListClaimRulesOptions) (result *ProfileClaimRuleList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListClaimRulesWithContext(ctx context.Context, listClaimRulesOptions *ListClaimRulesOptions) (result *ProfileClaimRuleList, response *core.DetailedResponse, err error)
ServiceCall<ProfileClaimRuleList> listClaimRules(ListClaimRulesOptions listClaimRulesOptions)
listClaimRules(params)
list_claim_rules(
self,
profile_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListClaimRulesOptions
struct and set the fields to provide parameter values for the ListClaimRules
method.
Use the ListClaimRulesOptions.Builder
to create a ListClaimRulesOptions
object that contains the parameter values for the listClaimRules
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListClaimRules options.
ID of the trusted profile.
The listClaimRules options.
ID of the trusted profile.
parameters
ID of the trusted profile.
parameters
ID of the trusted profile.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/rules" --header "Authorization: Bearer $TOKEN" --header "Accept: application/json"
listClaimRulesOptions := iamIdentityService.NewListClaimRulesOptions(profileId) claimRulesList, response, err := iamIdentityService.ListClaimRules(listClaimRulesOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(claimRulesList, "", " ") fmt.Println(string(b))
ListClaimRulesOptions listClaimRulesOptions = new ListClaimRulesOptions.Builder() .profileId(profileId) .build(); Response<ProfileClaimRuleList> response = service.listClaimRules(listClaimRulesOptions).execute(); ProfileClaimRuleList claimRules = response.getResult(); System.out.println(claimRules);
const params = { profileId, }; try { const res = await iamIdentityService.listClaimRules(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
claimRule_list = iam_identity_service.list_claim_rules( profile_id=profile_id, ).get_result() print(json.dumps(claimRule_list, indent=2))
Response
List of claim rules
Context with key properties for problem determination.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
List of claim rules.
- Rules
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
List of claim rules.
- rules
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
List of claim rules.
- rules
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
List of claim rules.
- rules
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Status Code
Successful operation.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Trusted profile ID does not match Authorization token, Trusted profile ID not found.
Internal Server error.
{ "rules": [ { "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "My Claim rule", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 3600, "conditions": [ { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } ] } ] }
{ "rules": [ { "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "My Claim rule", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 3600, "conditions": [ { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } ] } ] }
Get a claim rule for a trusted profile
A specific claim rule can be fetched for a given trusted profile ID and rule ID.
A specific claim rule can be fetched for a given trusted profile ID and rule ID.
A specific claim rule can be fetched for a given trusted profile ID and rule ID.
A specific claim rule can be fetched for a given trusted profile ID and rule ID.
A specific claim rule can be fetched for a given trusted profile ID and rule ID.
GET /v1/profiles/{profile-id}/rules/{rule-id}
(iamIdentity *IamIdentityV1) GetClaimRule(getClaimRuleOptions *GetClaimRuleOptions) (result *ProfileClaimRule, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetClaimRuleWithContext(ctx context.Context, getClaimRuleOptions *GetClaimRuleOptions) (result *ProfileClaimRule, response *core.DetailedResponse, err error)
ServiceCall<ProfileClaimRule> getClaimRule(GetClaimRuleOptions getClaimRuleOptions)
getClaimRule(params)
get_claim_rule(
self,
profile_id: str,
rule_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetClaimRuleOptions
struct and set the fields to provide parameter values for the GetClaimRule
method.
Use the GetClaimRuleOptions.Builder
to create a GetClaimRuleOptions
object that contains the parameter values for the getClaimRule
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
ID of the claim rule to get.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetClaimRule options.
ID of the trusted profile.
ID of the claim rule to get.
The getClaimRule options.
ID of the trusted profile.
ID of the claim rule to get.
parameters
ID of the trusted profile.
ID of the claim rule to get.
parameters
ID of the trusted profile.
ID of the claim rule to get.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/rules/CLAIM_RULE_ID" --header "Authorization: Bearer $TOKEN" --header "Accept: application/json"
getClaimRuleOptions := iamIdentityService.NewGetClaimRuleOptions(profileId, claimRuleId) claimRule, response, err := iamIdentityService.GetClaimRule(getClaimRuleOptions) if err != nil { panic(err) } claimRuleEtag = response.GetHeaders().Get("Etag") b, _ := json.MarshalIndent(claimRule, "", " ") fmt.Println(string(b))
GetClaimRuleOptions getClaimRuleOptions = new GetClaimRuleOptions.Builder() .profileId(profileId) .ruleId(claimRuleId) .build(); Response<ProfileClaimRule> response = service.getClaimRule(getClaimRuleOptions).execute(); ProfileClaimRule claimRule = response.getResult(); claimRuleEtag = response.getHeaders().values("Etag").get(0); System.out.println(claimRule);
const params = { profileId, ruleId: claimRuleId, }; try { const res = await iamIdentityService.getClaimRule(params); claimRuleEtag = res.headers['etag']; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_claim_rule(profile_id=profile_id, rule_id=claimRule_id) claimRule = response.get_result() print(json.dumps(claimRule, indent=2))
Response
the unique identifier of the claim rule
version of the claim rule
If set contains a date time string of the creation date in ISO format.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'
Session expiration in seconds
Conditions of this claim rule.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name
The realm name of the Idp this claim rule applies to
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Status Code
Successful - Get of Claim rule.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Claim rule with provided parameters not found.
Internal Server error.
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "My Claim rule", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 3600, "conditions": { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } }
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "My Claim rule", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 3600, "conditions": { "claim": "groups", "operator": "EQUALS", "value": "\"cloud-docs-dev\"" } }
Update claim rule for a trusted profile
Update a specific claim rule for a given trusted profile ID and rule ID.
Update a specific claim rule for a given trusted profile ID and rule ID.
Update a specific claim rule for a given trusted profile ID and rule ID.
Update a specific claim rule for a given trusted profile ID and rule ID.
Update a specific claim rule for a given trusted profile ID and rule ID.
PUT /v1/profiles/{profile-id}/rules/{rule-id}
(iamIdentity *IamIdentityV1) UpdateClaimRule(updateClaimRuleOptions *UpdateClaimRuleOptions) (result *ProfileClaimRule, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateClaimRuleWithContext(ctx context.Context, updateClaimRuleOptions *UpdateClaimRuleOptions) (result *ProfileClaimRule, response *core.DetailedResponse, err error)
ServiceCall<ProfileClaimRule> updateClaimRule(UpdateClaimRuleOptions updateClaimRuleOptions)
updateClaimRule(params)
update_claim_rule(
self,
profile_id: str,
rule_id: str,
if_match: str,
type: str,
conditions: List['ProfileClaimRuleConditions'],
*,
context: Optional['ResponseContext'] = None,
name: Optional[str] = None,
realm_name: Optional[str] = None,
cr_type: Optional[str] = None,
expiration: Optional[int] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateClaimRuleOptions
struct and set the fields to provide parameter values for the UpdateClaimRule
method.
Use the UpdateClaimRuleOptions.Builder
to create a UpdateClaimRuleOptions
object that contains the parameter values for the updateClaimRule
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Version of the claim rule to be updated. Specify the version that you retrived when reading list of claim rules. This value helps to identify any parallel usage of claim rule. Pass * to indicate to update any version available. This might result in stale updates.
Path Parameters
ID of the trusted profile.
ID of the claim rule to update.
Request to update a claim rule.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'
Conditions of this claim rule.
Context with key properties for problem determination.
Name of the claim rule to be created or updated
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateClaimRule options.
ID of the trusted profile.
ID of the claim rule to update.
Version of the claim rule to be updated. Specify the version that you retrived when reading list of claim rules. This value helps to identify any parallel usage of claim rule. Pass * to indicate to update any version available. This might result in stale updates.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
The updateClaimRule options.
ID of the trusted profile.
ID of the claim rule to update.
Version of the claim rule to be updated. Specify the version that you retrived when reading list of claim rules. This value helps to identify any parallel usage of claim rule. Pass * to indicate to update any version available. This might result in stale updates.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
parameters
ID of the trusted profile.
ID of the claim rule to update.
Version of the claim rule to be updated. Specify the version that you retrived when reading list of claim rules. This value helps to identify any parallel usage of claim rule. Pass * to indicate to update any version available. This might result in stale updates.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
parameters
ID of the trusted profile.
ID of the claim rule to update.
Version of the claim rule to be updated. Specify the version that you retrived when reading list of claim rules. This value helps to identify any parallel usage of claim rule. Pass * to indicate to update any version available. This might result in stale updates.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Name of the claim rule to be created or updated.
The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
The compute resource type the rule applies to, required only if type is specified as 'Profile-CR'. Valid values are VSI, IKS_SA, ROKS_SA.
Session expiration in seconds, only required if type is 'Profile-SAML'.
curl -X PUT "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/rules/CLAIM_RULE_ID" --header "Authorization: Bearer $TOKEN" --header "If-Match: <value of etag header from GET request>" --header "Content-Type: application/json" --header "Accept: application/json" --data '{ "type": "Profile-SAML", "realm_name": "https://w3id.sso.ibm.com/auth/sps/samlidp2/saml20", "expiration": 10000, "conditions": [ { "claim": "groups", "operator": "CONTAINS", [object Object] } ] }'
profileClaimRuleConditions := new(iamidentityv1.ProfileClaimRuleConditions) profileClaimRuleConditions.Claim = core.StringPtr("blueGroups") profileClaimRuleConditions.Operator = core.StringPtr("EQUALS") profileClaimRuleConditions.Value = core.StringPtr("\"Europe_Group\"") updateClaimRuleOptions := iamIdentityService.NewUpdateClaimRuleOptions(profileId, claimRuleId, claimRuleEtag, claimRuleType, []iamidentityv1.ProfileClaimRuleConditions{*profileClaimRuleConditions}) updateClaimRuleOptions.SetRealmName(realmName) updateClaimRuleOptions.SetExpiration(int64(33200)) claimRule, response, err := iamIdentityService.UpdateClaimRule(updateClaimRuleOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(claimRule, "", " ") fmt.Println(string(b))
ProfileClaimRuleConditions condition = new ProfileClaimRuleConditions.Builder() .claim("blueGroups") .operator("CONTAINS") .value("\"Europe_Group\"") .build(); List<ProfileClaimRuleConditions> conditions = new ArrayList<>(); conditions.add(condition); UpdateClaimRuleOptions updateClaimRuleOptions = new UpdateClaimRuleOptions.Builder() .profileId(profileId) .ruleId(claimRuleId) .ifMatch(claimRuleEtag) .expiration(33200) .conditions(conditions) .type(claimRuleType) .realmName(realmName) .build(); Response<ProfileClaimRule> response = service.updateClaimRule(updateClaimRuleOptions).execute(); ProfileClaimRule claimRule = response.getResult(); System.out.println(claimRule);
const val = "{'Europe_Group'}"; const profileClaimRuleConditionsModel = { claim: 'blueGroups', operator: 'EQUALS', value: JSON.stringify(val), }; const conditions = [profileClaimRuleConditionsModel]; const params = { profileId, ruleId: claimRuleId, ifMatch: claimRuleEtag, type: 'Profile-SAML', realmName: realmName, expiration: 33200, conditions, }; try { const res = await iamIdentityService.updateClaimRule(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
profile_claim_rule_conditions_model = {} profile_claim_rule_conditions_model['claim'] = 'blueGroups' profile_claim_rule_conditions_model['operator'] = 'EQUALS' profile_claim_rule_conditions_model['value'] = '\"Europe_Group\"' claimRule = iam_identity_service.update_claim_rule( profile_id=profile_id, rule_id=claimRule_id, if_match=claimRule_etag, expiration=33200, conditions=[profile_claim_rule_conditions_model], type='Profile-SAML', realm_name='https://sdk.test.realm/1234', ).get_result() print(json.dumps(claimRule, indent=2))
Response
the unique identifier of the claim rule
version of the claim rule
If set contains a date time string of the creation date in ISO format.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'
Session expiration in seconds
Conditions of this claim rule.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name
The realm name of the Idp this claim rule applies to
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
the unique identifier of the claim rule.
version of the claim rule.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The optional claim rule name.
Type of the claim rule, either 'Profile-SAML' or 'Profile-CR'.
The realm name of the Idp this claim rule applies to.
Session expiration in seconds.
The compute resource type. Not required if type is Profile-SAML. Valid values are VSI, IKS_SA, ROKS_SA.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Status Code
Successful - Claim rule updated.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Claim rule with provided parameters not found.
Conflict - there must have been an update in parallel, the specified If-Match header does not match the current claim rule record. Retrieve the current claim rule again and apply the changes to that version.
Internal Server error.
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T17:16+0000", "name": "My Claim rule updated", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 2600, "conditions": { "claim": "groups", "operator": "CONTAINS", "value": "\"cloud-docs-dev\"" } }
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T17:16+0000", "name": "My Claim rule updated", "type": "Profile-SAML", "realm_name": "https://www.example.org/my-nice-idp", "expiration": 2600, "conditions": { "claim": "groups", "operator": "CONTAINS", "value": "\"cloud-docs-dev\"" } }
Delete a claim rule
Delete a claim rule. When you delete a claim rule, federated user or compute resources are no longer required to meet the conditions of the claim rule in order to apply the trusted profile.
Delete a claim rule. When you delete a claim rule, federated user or compute resources are no longer required to meet the conditions of the claim rule in order to apply the trusted profile.
Delete a claim rule. When you delete a claim rule, federated user or compute resources are no longer required to meet the conditions of the claim rule in order to apply the trusted profile.
Delete a claim rule. When you delete a claim rule, federated user or compute resources are no longer required to meet the conditions of the claim rule in order to apply the trusted profile.
Delete a claim rule. When you delete a claim rule, federated user or compute resources are no longer required to meet the conditions of the claim rule in order to apply the trusted profile.
DELETE /v1/profiles/{profile-id}/rules/{rule-id}
(iamIdentity *IamIdentityV1) DeleteClaimRule(deleteClaimRuleOptions *DeleteClaimRuleOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteClaimRuleWithContext(ctx context.Context, deleteClaimRuleOptions *DeleteClaimRuleOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteClaimRule(DeleteClaimRuleOptions deleteClaimRuleOptions)
deleteClaimRule(params)
delete_claim_rule(
self,
profile_id: str,
rule_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteClaimRuleOptions
struct and set the fields to provide parameter values for the DeleteClaimRule
method.
Use the DeleteClaimRuleOptions.Builder
to create a DeleteClaimRuleOptions
object that contains the parameter values for the deleteClaimRule
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
ID of the claim rule to delete.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteClaimRule options.
ID of the trusted profile.
ID of the claim rule to delete.
The deleteClaimRule options.
ID of the trusted profile.
ID of the claim rule to delete.
parameters
ID of the trusted profile.
ID of the claim rule to delete.
parameters
ID of the trusted profile.
ID of the claim rule to delete.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/rules/CLAIM_RULE_ID" --header "Authorization: Bearer $TOKEN"
deleteClaimRuleOptions := iamIdentityService.NewDeleteClaimRuleOptions(profileId, claimRuleId) response, err := iamIdentityService.DeleteClaimRule(deleteClaimRuleOptions) if err != nil { panic(err) }
DeleteClaimRuleOptions deleteClaimRuleOptions = new DeleteClaimRuleOptions.Builder() .profileId(profileId) .ruleId(claimRuleId) .build(); Response<Void> response = service.deleteClaimRule(deleteClaimRuleOptions).execute();
const params = { profileId, ruleId: claimRuleId, }; try { await iamIdentityService.deleteClaimRule(params); } catch (err) { console.warn(err); }
response = iam_identity_service.delete_claim_rule(profile_id=profile_id, rule_id=claimRule_id)
Response
Status Code
Deleted Successful - no further details.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Claim rule with given ID not found.
Conflict - Claim rule could not be deleted.
Internal Server error.
No Sample Response
Create link to a trusted profile
Create a direct link between a specific compute resource and a trusted profile, rather than creating conditions that a compute resource must fulfill to apply a trusted profile.
Create a direct link between a specific compute resource and a trusted profile, rather than creating conditions that a compute resource must fulfill to apply a trusted profile.
Create a direct link between a specific compute resource and a trusted profile, rather than creating conditions that a compute resource must fulfill to apply a trusted profile.
Create a direct link between a specific compute resource and a trusted profile, rather than creating conditions that a compute resource must fulfill to apply a trusted profile.
Create a direct link between a specific compute resource and a trusted profile, rather than creating conditions that a compute resource must fulfill to apply a trusted profile.
POST /v1/profiles/{profile-id}/links
(iamIdentity *IamIdentityV1) CreateLink(createLinkOptions *CreateLinkOptions) (result *ProfileLink, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateLinkWithContext(ctx context.Context, createLinkOptions *CreateLinkOptions) (result *ProfileLink, response *core.DetailedResponse, err error)
ServiceCall<ProfileLink> createLink(CreateLinkOptions createLinkOptions)
createLink(params)
create_link(
self,
profile_id: str,
cr_type: str,
link: 'CreateProfileLinkRequestLink',
*,
name: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateLinkOptions
struct and set the fields to provide parameter values for the CreateLink
method.
Use the CreateLinkOptions.Builder
to create a CreateLinkOptions
object that contains the parameter values for the createLink
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
Request to create a Link to Trusted profile.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA
Link details
- link
The CRN of the compute resource
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA
Optional name of the Link
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateLink options.
ID of the trusted profile.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
Link details.
- Link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Optional name of the Link.
The createLink options.
ID of the trusted profile.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
Link details.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Optional name of the Link.
parameters
ID of the trusted profile.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
Link details.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Optional name of the Link.
parameters
ID of the trusted profile.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
Link details.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Optional name of the Link.
curl -X POST "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/links" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json" --data '{ "name": "my link", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::computeresource:Fake-Compute-Resource", "namespace": "default", "name": "my compute resource name" } }'
createProfileLinkRequestLink := new(iamidentityv1.CreateProfileLinkRequestLink) createProfileLinkRequestLink.CRN = core.StringPtr("crn:v1:staging:public:iam-identity::a/" + accountID + "::computeresource:Fake-Compute-Resource") createProfileLinkRequestLink.Namespace = core.StringPtr("default") createProfileLinkRequestLink.Name = core.StringPtr("niceName") createLinkOptions := iamIdentityService.NewCreateLinkOptions(profileId, "ROKS_SA", createProfileLinkRequestLink) createLinkOptions.SetName("niceLink") link, response, err := iamIdentityService.CreateLink(createLinkOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(link, "", " ") fmt.Println(string(b)) linkId = *link.ID
CreateProfileLinkRequestLink link = new CreateProfileLinkRequestLink.Builder() .crn("crn:v1:staging:public:iam-identity::a/" + accountId + "::computeresource:Fake-Compute-Resource") .namespace("default") .name("nice name") .build(); CreateLinkOptions createLinkOptions = new CreateLinkOptions.Builder() .profileId(profileId) .name("Nice link") .crType("ROKS_SA") .link(link) .build(); Response<ProfileLink> response = service.createLink(createLinkOptions).execute(); ProfileLink linkResponse = response.getResult(); linkId = linkResponse.getId(); System.out.println(linkResponse);
const CreateProfileLinkRequestLink = { crn: `crn:v1:staging:public:iam-identity::a/{accountId}::computeresource:Fake-Compute-Resource`, namespace: 'default', name: 'nice name', }; const params = { profileId: profileId, name: 'nice link', crType: 'ROKS_SA', link: CreateProfileLinkRequestLink, }; try { const res = await iamIdentityService.createLink(params) linkId = res.result.id console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
CreateProfileLinkRequestLink = {} CreateProfileLinkRequestLink['crn'] = ( 'crn:v1:staging:public:iam-identity::a/' + account_id + '::computeresource:Fake-Compute-Resource' ) CreateProfileLinkRequestLink['namespace'] = 'default' CreateProfileLinkRequestLink['name'] = 'nice name' link = iam_identity_service.create_link( profile_id=profile_id, name='nice link', cr_type='ROKS_SA', link=CreateProfileLinkRequestLink ).get_result() print(json.dumps(link, indent=2))
Response
Link details
the unique identifier of the link
version of the link
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA
- link
The CRN of the compute resource
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA
Optional name of the Link
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- Link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Status Code
Link successfully created for trusted profile. Response if the Object could be created in the persistence layer.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Create Conflict - Link could not be created. Response if the Object could not be created in the persistence layer.
Internal Server error. Response if unexpected error situation. happened.
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "Link to Compute Resource", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "namespace": "default", "name": "my compute resource name" } }
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "Link to Compute Resource", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "namespace": "default", "name": "my compute resource name" } }
List links to a trusted profile
Get a list of links to a trusted profile.
Get a list of links to a trusted profile.
Get a list of links to a trusted profile.
Get a list of links to a trusted profile.
Get a list of links to a trusted profile.
GET /v1/profiles/{profile-id}/links
(iamIdentity *IamIdentityV1) ListLinks(listLinksOptions *ListLinksOptions) (result *ProfileLinkList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListLinksWithContext(ctx context.Context, listLinksOptions *ListLinksOptions) (result *ProfileLinkList, response *core.DetailedResponse, err error)
ServiceCall<ProfileLinkList> listLinks(ListLinksOptions listLinksOptions)
listLinks(params)
list_links(
self,
profile_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListLinksOptions
struct and set the fields to provide parameter values for the ListLinks
method.
Use the ListLinksOptions.Builder
to create a ListLinksOptions
object that contains the parameter values for the listLinks
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListLinks options.
ID of the trusted profile.
The listLinks options.
ID of the trusted profile.
parameters
ID of the trusted profile.
parameters
ID of the trusted profile.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/links" --header "Authorization: Bearer $TOKEN" --header "Accept: application/json"
listLinksOptions := iamIdentityService.NewListLinksOptions(profileId) linkList, response, err := iamIdentityService.ListLinks(listLinksOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(linkList, "", " ") fmt.Println(string(b))
ListLinksOptions listLinksOptions = new ListLinksOptions.Builder() .profileId(profileId) .build(); Response<ProfileLinkList> response = service.listLinks(listLinksOptions).execute(); ProfileLinkList links = response.getResult(); System.out.println(links);
const params = { profileId, }; try { const res = await iamIdentityService.listLinks(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
link_list = iam_identity_service.list_links( profile_id=profile_id, ).get_result() print(json.dumps(link_list, indent=2))
Response
List of links to a trusted profile
List of links to a trusted profile.
- Links
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- Link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
List of links to a trusted profile.
- links
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
List of links to a trusted profile.
- links
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
List of links to a trusted profile.
- links
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Status Code
Successful - Get list of link to a trusted profile
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
profile with provided ID not found.
Internal Server error.
{ "links": [ { "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "Link to Compute Resource", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "namespace": "default", "name": "my compute resource name" } } ] }
{ "links": [ { "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "Link to Compute Resource", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "namespace": "default", "name": "my compute resource name" } } ] }
Get link to a trusted profile
Get a specific link to a trusted profile by link_id
.
Get a specific link to a trusted profile by link_id
.
Get a specific link to a trusted profile by link_id
.
Get a specific link to a trusted profile by link_id
.
Get a specific link to a trusted profile by link_id
.
GET /v1/profiles/{profile-id}/links/{link-id}
(iamIdentity *IamIdentityV1) GetLink(getLinkOptions *GetLinkOptions) (result *ProfileLink, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetLinkWithContext(ctx context.Context, getLinkOptions *GetLinkOptions) (result *ProfileLink, response *core.DetailedResponse, err error)
ServiceCall<ProfileLink> getLink(GetLinkOptions getLinkOptions)
getLink(params)
get_link(
self,
profile_id: str,
link_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetLinkOptions
struct and set the fields to provide parameter values for the GetLink
method.
Use the GetLinkOptions.Builder
to create a GetLinkOptions
object that contains the parameter values for the getLink
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile
ID of the link
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetLink options.
ID of the trusted profile.
ID of the link.
The getLink options.
ID of the trusted profile.
ID of the link.
parameters
ID of the trusted profile.
ID of the link.
parameters
ID of the trusted profile.
ID of the link.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/links/LINK_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getLinkOptions := iamIdentityService.NewGetLinkOptions(profileId, linkId) link, response, err := iamIdentityService.GetLink(getLinkOptions) if err != nil { panic(err) }
GetLinkOptions getLinkOptions = new GetLinkOptions.Builder() .profileId(profileId) .linkId(linkId) .build(); Response<ProfileLink> response = service.getLink(getLinkOptions).execute(); ProfileLink link = response.getResult(); System.out.println(link);
const params = { profileId: profileId, linkId, }; try { const res = await iamIdentityService.getLink(params) console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_link(profile_id=profile_id, link_id=link_id) link = response.get_result() print(json.dumps(link, indent=2))
Response
Link details
the unique identifier of the link
version of the link
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA
- link
The CRN of the compute resource
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA
Optional name of the Link
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- Link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Link details.
the unique identifier of the link.
version of the link.
If set contains a date time string of the creation date in ISO format.
If set contains a date time string of the last modification date in ISO format.
Optional name of the Link.
The compute resource type. Valid values are VSI, IKS_SA, ROKS_SA.
- link
The CRN of the compute resource.
The compute resource namespace, only required if cr_type is IKS_SA or ROKS_SA.
Name of the compute resource, only required if cr_type is IKS_SA or ROKS_SA.
Status Code
Successful - Get of link to a trusted profile
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Link with provided ID not found.
Internal Server error.
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "Link to Compute Resource", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "namespace": "default", "name": "my compute resource name" } }
{ "id": "ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "created_at": "2021-07-28T10:23+0000", "modified_at": "2021-07-28T10:23+0000", "name": "Link to Compute Resource", "cr_type": "VSI", "link": { "crn": "crn:v1:bluemix:public:iam-identity::a/18e3020749ce4744b0b472466d61fdb4::profile:ClaimRule-faa0b1f4-d9e0-42f3-b61c-3927db1cef9b", "namespace": "default", "name": "my compute resource name" } }
Delete link to a trusted profile
Delete a link between a compute resource and a trusted profile.
Delete a link between a compute resource and a trusted profile.
Delete a link between a compute resource and a trusted profile.
Delete a link between a compute resource and a trusted profile.
Delete a link between a compute resource and a trusted profile.
DELETE /v1/profiles/{profile-id}/links/{link-id}
(iamIdentity *IamIdentityV1) DeleteLink(deleteLinkOptions *DeleteLinkOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteLinkWithContext(ctx context.Context, deleteLinkOptions *DeleteLinkOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteLink(DeleteLinkOptions deleteLinkOptions)
deleteLink(params)
delete_link(
self,
profile_id: str,
link_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteLinkOptions
struct and set the fields to provide parameter values for the DeleteLink
method.
Use the DeleteLinkOptions.Builder
to create a DeleteLinkOptions
object that contains the parameter values for the deleteLink
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile
ID of the link
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteLink options.
ID of the trusted profile.
ID of the link.
The deleteLink options.
ID of the trusted profile.
ID of the link.
parameters
ID of the trusted profile.
ID of the link.
parameters
ID of the trusted profile.
ID of the link.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/links/LINKS_ID" --header "Authorization: Bearer $TOKEN"
deleteLinkOptions := iamIdentityService.NewDeleteLinkOptions(profileId, linkId) response, err := iamIdentityService.DeleteLink(deleteLinkOptions) if err != nil { panic(err) }
DeleteLinkOptions deleteLinkOptions = new DeleteLinkOptions.Builder() .profileId(profileId) .linkId(linkId) .build(); Response<Void> response = service.deleteLink(deleteLinkOptions).execute();
const params = { profileId, linkId, }; try { await iamIdentityService.deleteLink(params); } catch (err) { console.warn(err); }
response = iam_identity_service.delete_link(profile_id=profile_id, link_id=link_id)
Response
Status Code
Deleted Successful - no further details.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Link with given ID not found.
Conflict - Link could not be deleted.
Internal Server error.
No Sample Response
Get a list of identities that can assume the trusted profile
Get a list of identities that can assume the trusted profile
Get a list of identities that can assume the trusted profile.
Get a list of identities that can assume the trusted profile.
Get a list of identities that can assume the trusted profile.
Get a list of identities that can assume the trusted profile.
GET /v1/profiles/{profile-id}/identities
(iamIdentity *IamIdentityV1) GetProfileIdentities(getProfileIdentitiesOptions *GetProfileIdentitiesOptions) (result *ProfileIdentitiesResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetProfileIdentitiesWithContext(ctx context.Context, getProfileIdentitiesOptions *GetProfileIdentitiesOptions) (result *ProfileIdentitiesResponse, response *core.DetailedResponse, err error)
ServiceCall<ProfileIdentitiesResponse> getProfileIdentities(GetProfileIdentitiesOptions getProfileIdentitiesOptions)
getProfileIdentities(params)
get_profile_identities(
self,
profile_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetProfileIdentitiesOptions
struct and set the fields to provide parameter values for the GetProfileIdentities
method.
Use the GetProfileIdentitiesOptions.Builder
to create a GetProfileIdentitiesOptions
object that contains the parameter values for the getProfileIdentities
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetProfileIdentities options.
ID of the trusted profile.
The getProfileIdentities options.
ID of the trusted profile.
parameters
ID of the trusted profile.
parameters
ID of the trusted profile.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/identities" --header "Authorization: Bearer $TOKEN" --header "Accept: application/json"
getProfileIdentitiesOptions := iamidentityv1.GetProfileIdentitiesOptions{ ProfileID: &profileId, } profileIdentities, response, err := iamIdentityService.GetProfileIdentities(&getProfileIdentitiesOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(profileIdentities, "", " ") fmt.Println(string(b))
GetProfileIdentitiesOptions getProfileIdentitiesOptions = new GetProfileIdentitiesOptions.Builder() .profileId(profileId).build(); Response<ProfileIdentitiesResponse> response = service.getProfileIdentities(getProfileIdentitiesOptions) .execute(); ProfileIdentitiesResponse profileIdentityResponseResult = response.getResult(); profileIdentitiesEtag = profileIdentityResponseResult.getEntityTag();
const params = { profileId, }; try { const res = await iamIdentityService.getProfileIdentities(params); const { result } = res; profileIdentitiesEtag = result.entity_tag; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_profile_identities(profile_id=profile_id)
Response
Entity tag of the profile identities response
List of identities
Entity tag of the profile identities response.
List of identities.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Entity tag of the profile identities response.
List of identities.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Entity tag of the profile identities response.
List of identities.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Entity tag of the profile identities response.
List of identities.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Status Code
Successful response with identities
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Profile not found.
Internal Server error.
{ "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "identities": [ { "iam_id": "IBMid-1234567898", "identifier": "IBMid-1234567898", "type": "user", "name": "user@ibm.com", "email": "user@ibm.com", "accounts": "account in the token", "description": "description" }, { "iam_id": "iam-ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "identifier": "ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "type": "serviceid" }, { "iam_id": "crn-crn:v1:bluemix:public:cloudantnosqldb:us-south:a/36d797c19715462e8a0eaeacefe82f8b:4adba58a-c3f7-4c37-b904-bc965e6d562a::", "identifier": "crn:v1:bluemix:public:cloudantnosqldb:us-south:a/36d797c19715462e8a0eaeacefe82f8b:4adba58a-c3f7-4c37-b904-bc965e6d562a::", "type": "crn", "description": "cloudant database shared with profile" } ] }
{ "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "identities": [ { "iam_id": "IBMid-1234567898", "identifier": "IBMid-1234567898", "type": "user", "name": "user@ibm.com", "email": "user@ibm.com", "accounts": "account in the token", "description": "description" }, { "iam_id": "iam-ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "identifier": "ServiceId-ee1103f8-e03b-4d02-a977-e540ebdffb16", "type": "serviceid" }, { "iam_id": "crn-crn:v1:bluemix:public:cloudantnosqldb:us-south:a/36d797c19715462e8a0eaeacefe82f8b:4adba58a-c3f7-4c37-b904-bc965e6d562a::", "identifier": "crn:v1:bluemix:public:cloudantnosqldb:us-south:a/36d797c19715462e8a0eaeacefe82f8b:4adba58a-c3f7-4c37-b904-bc965e6d562a::", "type": "crn", "description": "cloudant database shared with profile" } ] }
Update the list of identities that can assume the trusted profile
Update the list of identities that can assume the trusted profile
Update the list of identities that can assume the trusted profile.
Update the list of identities that can assume the trusted profile.
Update the list of identities that can assume the trusted profile.
Update the list of identities that can assume the trusted profile.
PUT /v1/profiles/{profile-id}/identities
(iamIdentity *IamIdentityV1) SetProfileIdentities(setProfileIdentitiesOptions *SetProfileIdentitiesOptions) (result *ProfileIdentitiesResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) SetProfileIdentitiesWithContext(ctx context.Context, setProfileIdentitiesOptions *SetProfileIdentitiesOptions) (result *ProfileIdentitiesResponse, response *core.DetailedResponse, err error)
ServiceCall<ProfileIdentitiesResponse> setProfileIdentities(SetProfileIdentitiesOptions setProfileIdentitiesOptions)
setProfileIdentities(params)
set_profile_identities(
self,
profile_id: str,
if_match: str,
*,
identities: Optional[List['ProfileIdentityRequest']] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the SetProfileIdentitiesOptions
struct and set the fields to provide parameter values for the SetProfileIdentities
method.
Use the SetProfileIdentitiesOptions.Builder
to create a SetProfileIdentitiesOptions
object that contains the parameter values for the setProfileIdentities
method.
Custom Headers
Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile.
Request to update identities.
List of identities that can assume the trusted profile
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The SetProfileIdentities options.
ID of the trusted profile.
Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates.
List of identities that can assume the trusted profile.
- Identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
The setProfileIdentities options.
ID of the trusted profile.
Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates.
List of identities that can assume the trusted profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
parameters
ID of the trusted profile.
Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates.
List of identities that can assume the trusted profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
parameters
ID of the trusted profile.
Entity tag of the Identities to be updated. Specify the tag that you retrieved when reading the Profile Identities. This value helps identify parallel usage of this API. Pass * to indicate updating any available version, which may result in stale updates.
List of identities that can assume the trusted profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
curl -X PUT "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/identities" --header "Authorization: Bearer $TOKEN" --header "If-Match: <value of etag header from GET request>" --header "Content-Type: application/json" --header "Accept: application/json" --data '{ "identities": [ { "iam_id": "IBMid-665002HHL3", "identifier": "IBMid-665002HHL3 "type": "user", "description": "member of main account" "accounts": ["36d797c19715462e8a0eaeacefe82f8b"] } ] }'
accounts := []string{accountID} identity := &iamidentityv1.ProfileIdentityRequest{ Identifier: &iamID, Accounts: accounts, Type: core.StringPtr("user"), Description: core.StringPtr("Identity description"), } listProfileIdentity := []iamidentityv1.ProfileIdentityRequest{*identity} setProfileIdentitiesOptions := iamidentityv1.SetProfileIdentitiesOptions{ ProfileID: &profileId, Identities: listProfileIdentity, IfMatch: &profileEtag, } profileIdnetities, response, err := iamIdentityService.SetProfileIdentities(&setProfileIdentitiesOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(profileIdnetities, "", " ") fmt.Println(string(b))
List<String> accounts = new ArrayList<String>(); accounts.add(accountId); String type = "user"; String description = "Identity description"; ProfileIdentityRequest profileIdentity = new ProfileIdentityRequest.Builder() .identifier(iamId) .accounts(accounts) .type(type) .description(description) .build(); List<ProfileIdentityRequest> listProfileIdentity = new ArrayList<ProfileIdentityRequest>(); listProfileIdentity.add(profileIdentity); SetProfileIdentitiesOptions setProfileIdentitiesOptions = new SetProfileIdentitiesOptions.Builder() .profileId(profileId) .identities(listProfileIdentity) .ifMatch(profileIdentitiesEtag) .build(); Response<ProfileIdentitiesResponse> response = service.setProfileIdentities(setProfileIdentitiesOptions) .execute(); ProfileIdentitiesResponse profileIdentitiesResponseResult = response.getResult();
const profileaccounts=[accountId]; const ProfileIdentity= { identifier: iamId, type: 'user', accounts: profileaccounts, description: 'identity description' } const profileIdentities= [ProfileIdentity] const params = { profileId: profileId, identities: profileIdentities, ifMatch: profileIdentitiesEtag }; try { const res = await iamIdentityService.setProfileIdentities(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
accounts = [account_id] profileIdentity = ProfileIdentityRequest( identifier=iam_id, accounts=accounts, type="user", description="Identity description" ) profile_identities_input = [profileIdentity] response = iam_identity_service.set_profile_identities( profile_id=profile_id, if_match=profile_identity_etag, identities=profile_identities_input )
Response
Entity tag of the profile identities response
List of identities
Entity tag of the profile identities response.
List of identities.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Entity tag of the profile identities response.
List of identities.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Entity tag of the profile identities response.
List of identities.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Entity tag of the profile identities response.
List of identities.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Status Code
Successful response with identities
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Profile not found.
Internal Server error.
{ "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "identities": [ { "iam_id": "IBMid-12345678", "identifier": "IBMid-12345678", "type": "user", "accounts": "BSS_account_id in token", "description": "description" } ] }
{ "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "identities": [ { "iam_id": "IBMid-12345678", "identifier": "IBMid-12345678", "type": "user", "accounts": "BSS_account_id in token", "description": "description" } ] }
Add a specific identity that can assume the trusted profile
Add a specific identity that can assume the trusted profile
Add a specific identity that can assume the trusted profile.
Add a specific identity that can assume the trusted profile.
Add a specific identity that can assume the trusted profile.
Add a specific identity that can assume the trusted profile.
POST /v1/profiles/{profile-id}/identities/{identity-type}
(iamIdentity *IamIdentityV1) SetProfileIdentity(setProfileIdentityOptions *SetProfileIdentityOptions) (result *ProfileIdentityResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) SetProfileIdentityWithContext(ctx context.Context, setProfileIdentityOptions *SetProfileIdentityOptions) (result *ProfileIdentityResponse, response *core.DetailedResponse, err error)
ServiceCall<ProfileIdentityResponse> setProfileIdentity(SetProfileIdentityOptions setProfileIdentityOptions)
setProfileIdentity(params)
set_profile_identity(
self,
profile_id: str,
identity_type: str,
identifier: str,
type: str,
*,
accounts: Optional[List[str]] = None,
description: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the SetProfileIdentityOptions
struct and set the fields to provide parameter values for the SetProfileIdentity
method.
Use the SetProfileIdentityOptions.Builder
to create a SetProfileIdentityOptions
object that contains the parameter values for the setProfileIdentity
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile
Type of the identity
Allowable values: [
user
,serviceid
,crn
]
Request to update identities.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The SetProfileIdentity options.
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
The setProfileIdentity options.
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
parameters
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
parameters
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
curl -X POST "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/identities/IDENTITY_TYPE" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json" --data '{ "iam_id": "IBMid-665002HHL3", "identifier": "IBMid-665002HHL3", "type": "user", "description": "member of main account", "accounts": ["36d797c19715462e8a0eaeacefe82f8b"] }'
accounts := []string{accountID} setProfileIdentityOptions := iamidentityv1.SetProfileIdentityOptions{ ProfileID: &profileId, IdentityType: core.StringPtr("user"), Identifier: &iamIDMember, Accounts: accounts, Type: core.StringPtr("user"), Description: core.StringPtr("Identity description"), } profileIdnetity, response, err := iamIdentityService.SetProfileIdentity(&setProfileIdentityOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(profileIdnetity, "", " ") fmt.Println(string(b))
List<String> accounts = new ArrayList<String>(); accounts.add(accountId); String type = "user"; String description = "Identity description"; SetProfileIdentityOptions setProfileIdentityOptions = new SetProfileIdentityOptions.Builder() .profileId(profileId) .identityType(type) .identifier(iamIdMember) .type("user") .accounts(accounts) .description(description) .build(); Response<ProfileIdentityResponse> response = service.setProfileIdentity(setProfileIdentityOptions).execute(); ProfileIdentityResponse profileIdentityResponseResult = response.getResult(); System.out.println(profileIdentityResponseResult);
const profileaccounts=[accountId]; const params = { profileId: profileId, identityType: 'user', identifier: iamIdMember, type: 'user', accounts: profileaccounts, description: 'identity description' }; try { const res = await iamIdentityService.setProfileIdentity(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
accounts = [account_id] response = iam_identity_service.set_profile_identity( profile_id=profile_id, identity_type="user", identifier=iam_id_member, type="user", accounts=accounts, description="Identity description", )
Response
IAM ID of the identity
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Status Code
Successful response with identities
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Profile not found.
Internal Server error.
{ "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "identities": [ { "iam_id": "IBMid-12345678", "identifier": "IBMid-12345678", "type": "user", "accounts": [ "BSS_account_id" ], "description": "description" } ] }
{ "entity_tag": "1-cd52f1eaf1e7464f9ba30f37c5c5fe32", "identities": [ { "iam_id": "IBMid-12345678", "identifier": "IBMid-12345678", "type": "user", "accounts": [ "BSS_account_id" ], "description": "description" } ] }
Get the identity that can assume the trusted profile
Get the identity that can assume the trusted profile
Get the identity that can assume the trusted profile.
Get the identity that can assume the trusted profile.
Get the identity that can assume the trusted profile.
Get the identity that can assume the trusted profile.
GET /v1/profiles/{profile-id}/identities/{identity-type}/{identifier-id}
(iamIdentity *IamIdentityV1) GetProfileIdentity(getProfileIdentityOptions *GetProfileIdentityOptions) (result *ProfileIdentityResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetProfileIdentityWithContext(ctx context.Context, getProfileIdentityOptions *GetProfileIdentityOptions) (result *ProfileIdentityResponse, response *core.DetailedResponse, err error)
ServiceCall<ProfileIdentityResponse> getProfileIdentity(GetProfileIdentityOptions getProfileIdentityOptions)
getProfileIdentity(params)
get_profile_identity(
self,
profile_id: str,
identity_type: str,
identifier_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetProfileIdentityOptions
struct and set the fields to provide parameter values for the GetProfileIdentity
method.
Use the GetProfileIdentityOptions.Builder
to create a GetProfileIdentityOptions
object that contains the parameter values for the getProfileIdentity
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile
Type of the identity
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetProfileIdentity options.
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
The getProfileIdentity options.
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
parameters
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
parameters
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
curl -X GET "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/identities/IDENTITY_TYPE/IDENTIFIER_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json"
getProfileIdentityOptions := iamidentityv1.GetProfileIdentityOptions{ ProfileID: &profileId, IdentityType: core.StringPtr("user"), IdentifierID: &iamIDMember, } profileIdnetity, response, err := iamIdentityService.GetProfileIdentity(&getProfileIdentityOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(profileIdnetity, "", " ") fmt.Println(string(b))
GetProfileIdentityOptions getProfileIdentityOptions = new GetProfileIdentityOptions.Builder() .profileId(profileId) .identityType("user") .identifierId(iamIdMember) .build(); Response<ProfileIdentityResponse> response = service.getProfileIdentity(getProfileIdentityOptions).execute(); ProfileIdentityResponse profileIdentityResponseResult = response.getResult(); System.out.println(profileIdentityResponseResult);
const params = { profileId: profileId, identityType: 'user', identifierId: iamId }; try { const res = await iamIdentityService.getProfileIdentity(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_profile_identity( profile_id=profile_id, identity_type="user", identifier_id=iam_id_member )
Response
IAM ID of the identity
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Status Code
Successful response with identities
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Profile not found.
Internal Server error.
{ "iam_id": "IBMid-12345678", "identifier": "IBMid-12345678", "type": "user", "accounts": [ "BSS_account_id" ], "description": "description" }
{ "iam_id": "IBMid-12345678", "identifier": "IBMid-12345678", "type": "user", "accounts": [ "BSS_account_id" ], "description": "description" }
Delete the identity that can assume the trusted profile
Delete the identity that can assume the trusted profile
Delete the identity that can assume the trusted profile.
Delete the identity that can assume the trusted profile.
Delete the identity that can assume the trusted profile.
Delete the identity that can assume the trusted profile.
DELETE /v1/profiles/{profile-id}/identities/{identity-type}/{identifier-id}
(iamIdentity *IamIdentityV1) DeleteProfileIdentity(deleteProfileIdentityOptions *DeleteProfileIdentityOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteProfileIdentityWithContext(ctx context.Context, deleteProfileIdentityOptions *DeleteProfileIdentityOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteProfileIdentity(DeleteProfileIdentityOptions deleteProfileIdentityOptions)
deleteProfileIdentity(params)
delete_profile_identity(
self,
profile_id: str,
identity_type: str,
identifier_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteProfileIdentityOptions
struct and set the fields to provide parameter values for the DeleteProfileIdentity
method.
Use the DeleteProfileIdentityOptions.Builder
to create a DeleteProfileIdentityOptions
object that contains the parameter values for the deleteProfileIdentity
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile
Type of the identity
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteProfileIdentity options.
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
The deleteProfileIdentity options.
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
parameters
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
parameters
ID of the trusted profile.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Identifier of the identity that can assume the trusted profiles.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profiles/PROFILE_ID/identities/IDENTITY_TYPE/IDENTIFIER_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Accept: application/json"
deleteProfileIdentityOptions := iamidentityv1.DeleteProfileIdentityOptions{ ProfileID: &profileId, IdentityType: core.StringPtr("user"), IdentifierID: &iamIDMember, } response, err := iamIdentityService.DeleteProfileIdentity(&deleteProfileIdentityOptions) if err != nil { panic(err) }
DeleteProfileIdentityOptions deleteProfileIdentityOptions = new DeleteProfileIdentityOptions.Builder() .profileId(profileId) .identityType("user") .identifierId(iamIdMember) .build(); Response<Void> response = service.deleteProfileIdentity(deleteProfileIdentityOptions).execute(); Void profileIdentityResponseResult = response.getResult(); System.out.println(profileIdentityResponseResult);
const params = { profileId: profileId, identityType: 'user', identifierId: iamIdMember }; try { const res = await iamIdentityService.deleteProfileIdentity(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.delete_profile_identity( profile_id=profile_id, identity_type="user", identifier_id=iam_id_member )
Response
Status Code
Deleted Successful - no further details.
Parameter validation failed.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Profile not found.
Internal Server error.
No Sample Response
Create an IAM access token for a user or service ID using an API key
Creates a non-opaque access token for an API key.
POST /identity/token#apikey
Request
Custom Headers
A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.
Form Parameters
Grant type for this API call. You must set the grant type to
urn:ibm:params:oauth:grant-type:apikey
.The value of the api key.
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header "Content-Type: application/x-www-form-urlencoded" --data 'grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=$MY_APIKEY'
Response
Response body for POST /identity/token.
The IAM access token that can be used to invoke various IBM Cloud APIs. Use this token with the prefix Bearer in the HTTP header Authorization for invocations of IAM compatible APIs.
(optional) A refresh token that can be used to get a new IAM access token if that token is expired. When using the default client (no basic authorization header) as described in this documentation, this refresh_token cannot be used to retrieve a new IAM access token. When the IAM access token is about to be expired, use the API key to create a new access token.
(optional) A delegated refresh token that can only be consumed by the clients that have been specified in the API call as 'receiver_client_ids'
The type of the token. Currently, only Bearer is returned.
Number of seconds until the IAM access token will expire.
Number of seconds counted since January 1st, 1970, until the IAM access token will expire.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "access_token": "ACCESS_TOKEN", "refresh_token": "not_supported", "token_type": "bearer", "expires_in": 3600, "expiration": 1616750582 }
Create an IAM access token for a user using username / password credentials and an optional account identifier
Creates a non-opaque access token for a username and password. To be able to call IBM Cloud APIs, the token must be made account-specific. For this purpose, also pass the 32 character long identifier for your account in the API call. This API call is possible only for non-federated IBMid users.
POST /identity/token#password
Request
Custom Headers
Basic Authorization Header containing a valid client ID and secret. If this header is omitted the request fails with BXNIM0308E: 'No authorization header found'. You can use the client ID and secret that is used by the IBM Cloud CLI:
bx / bx
A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the username / password / account combination can only be created if the account id matches the passed account or the account is member of the enterprise id in this header.
Form Parameters
Grant type for this API call. You must set the grant type to
password
.The value of the username.
The value of the password.
The 32 character identifier of the account. Specify this parameter to get an account-specific IAM token. IBM Cloud APIs require that IAM tokens are account-specific.
curl -X POST \-u 'bx:bx' "https://iam.cloud.ibm.com/identity/token" --header "Content-Type: application/x-www-form-urlencoded" --data 'grant_type=password&username=$USERNAME&password=$PASSWORD&account=$ACCOUNT_IDENTIFIER'
Response
Response body for POST /identity/token.
The IAM access token that can be used to invoke various IBM Cloud APIs. Use this token with the prefix Bearer in the HTTP header Authorization for invocations of IAM compatible APIs.
(optional) A refresh token that can be used to get a new IAM access token if that token is expired. When using the default client (no basic authorization header) as described in this documentation, this refresh_token cannot be used to retrieve a new IAM access token. When the IAM access token is about to be expired, use the API key to create a new access token.
(optional) A delegated refresh token that can only be consumed by the clients that have been specified in the API call as 'receiver_client_ids'
The type of the token. Currently, only Bearer is returned.
Number of seconds until the IAM access token will expire.
Number of seconds counted since January 1st, 1970, until the IAM access token will expire.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain valid authentication information.
The incoming request did not contain valid authentication information.
Internal server error. Response if unexpected error situation happened.
{ "access_token": "ACCESS_TOKEN", "refresh_token": "not_supported", "token_type": "bearer", "expires_in": 3600, "expiration": 1616750582 }
Create an IAM access token based on an authorization policy
Creates a non-opaque access token, if an appropriate authorization policy is in place. This kind of IAM access token is typically used for access between services.
POST /identity/token#iam-authz
Request
Form Parameters
Grant type for this API call. You must set the grant type to
urn:ibm:params:oauth:grant-type:iam-authz
.The IAM access token of the identity that has the appropriate authorization to create an IAM access token for a given resource.
The IAM ID of the IAM access token identity that should be created. The desired_iam_id identifies a resource identity. The IAM ID consists of the prefix crn- and the CRN of the target identity, e.g. crn-crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::.
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header "Content-Type: application/x-www-form-urlencoded" --data 'grant_type=urn:ibm:params:oauth:grant-type:iam-authz&access_token=...&desired_iam_id=crn-crn:v1:bluemix:public:cloud-object-storage:global:a/59bcbfa6ea2f006b4ed7094c1a08dcdd:1a0ec336-f391-4091-a6fb-5e084a4c56f4::'
Response
Response body for POST /identity/token.
The IAM access token that can be used to invoke various IBM Cloud APIs. Use this token with the prefix Bearer in the HTTP header Authorization for invocations of IAM compatible APIs.
(optional) A refresh token that can be used to get a new IAM access token if that token is expired. When using the default client (no basic authorization header) as described in this documentation, this refresh_token cannot be used to retrieve a new IAM access token. When the IAM access token is about to be expired, use the API key to create a new access token.
(optional) A delegated refresh token that can only be consumed by the clients that have been specified in the API call as 'receiver_client_ids'
The type of the token. Currently, only Bearer is returned.
Number of seconds until the IAM access token will expire.
Number of seconds counted since January 1st, 1970, until the IAM access token will expire.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "access_token": "ACCESS_TOKEN", "refresh_token": "not_supported", "token_type": "bearer", "expires_in": 3600, "expiration": 1616750582 }
Create an IAM access token and delegated refresh token for a user or service ID
Creates a non-opaque access token and a delegated refresh token for an API key.
POST /identity/token#apikey-delegated-refresh-token
Request
Custom Headers
A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the API key can only be created if the account id or enterprise id of the API key is contained in this header.
Form Parameters
Grant type for this API call. You must set the grant type to
urn:ibm:params:oauth:grant-type:apikey
.The value of the API key.
Either 'delegated_refresh_token' to receive a delegated refresh token only, or 'cloud_iam delegated_refresh_token' to receive both an IAM access token and a delegated refresh token in one API call.
A comma separated list of one or more client IDs that will be able to consume the delegated refresh token. The service that accepts a delegated refresh token as API parameter must expose its client ID to allow this API call. The receiver of the delegated refresh token will be able to use the refresh token until it expires.
Expiration in seconds until the delegated refresh token must be consumed by the receiver client IDs. After the expiration, no client ID can consume the delegated refresh token, even if the life time of the refresh token inside is still not expired. The default, if not specified, is 518,400 seconds which corresponds to 6 days.
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header "Content-Type: application/x-www-form-urlencoded" --data 'grant_type=urn:ibm:params:oauth:grant-type:apikey&apikey=$MY_APIKEY&response_type=cloud_iam+delegated_refresh_token&receiver_client_ids=RECEIVER_CLIENTS&delegated_refresh_token_expiry=300'
Response
Response body for POST /identity/token.
The IAM access token that can be used to invoke various IBM Cloud APIs. Use this token with the prefix Bearer in the HTTP header Authorization for invocations of IAM compatible APIs.
(optional) A refresh token that can be used to get a new IAM access token if that token is expired. When using the default client (no basic authorization header) as described in this documentation, this refresh_token cannot be used to retrieve a new IAM access token. When the IAM access token is about to be expired, use the API key to create a new access token.
(optional) A delegated refresh token that can only be consumed by the clients that have been specified in the API call as 'receiver_client_ids'
The type of the token. Currently, only Bearer is returned.
Number of seconds until the IAM access token will expire.
Number of seconds counted since January 1st, 1970, until the IAM access token will expire.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "access_token": "ACCESS_TOKEN", "refresh_token": "not_supported", "delegated_refresh_token": "DELEGATED_REFRESH_TOKEN", "token_type": "bearer", "expires_in": 3600, "expiration": 1616750582 }
Create an IAM access token for a Trusted Profile based on the provided Compute Resource token
Creates a non-opaque access token without a refresh token for a Trusted Profile
POST /identity/token#cr-token
Request
Custom Headers
IBM Services can pass in a Basic Authorization Header representing a client id with a secret. For customers, omit this header parameter. To build a valid Basic Authorization Header, concatenate the client id with a colon and the secret, i.e.
client_id:client_secret
. This sequence must be Base64 encoded, and prefixed withBasic
, so that a valid Basic Authorization Header would be:Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=
A comma separated list of enterprise ids and/or account ids. If present, an IAM token for the Trusted Profile can only be created if the Trusted Profile is part of one of the account ids or enterprise ids provided in this header.
Form Parameters
Grant type for this API call. You must set the grant type to
urn:ibm:params:oauth:grant-type:cr-token
.The value of the Compute Resource token. As this is a JWT token, the string can get very long.
Pass one of 'profile_id', 'profile_name' or 'profile_crn to select which profile should be used for this IAM token. This call can only succeed if you have also linked the Trusted Profile to the Compute Resource, or you have created a Trust Rule from the Trusted Profile to the Compute Resource. If you pass a 'profile_name', then the profile is looked up based on the account_id of the Compute resource. If you pass a 'profile_id' or 'profile_crn', then the profile must exist in the same account like the Compute Resource.
see 'profile_id'
see 'profile_id'
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header "Content-Type: application/x-www-form-urlencoded" --header "Authorization: Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=" --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:cr-token' --data-urlencode 'cr_token=CR-TOKEN' --data-urlencode 'profile_name=My first profile'
Response
Response body for POST /identity/token.
The IAM access token that can be used to invoke various IBM Cloud APIs. Use this token with the prefix Bearer in the HTTP header Authorization for invocations of IAM compatible APIs.
(optional) A refresh token that can be used to get a new IAM access token if that token is expired. When using the default client (no basic authorization header) as described in this documentation, this refresh_token cannot be used to retrieve a new IAM access token. When the IAM access token is about to be expired, use the API key to create a new access token.
(optional) A delegated refresh token that can only be consumed by the clients that have been specified in the API call as 'receiver_client_ids'
The type of the token. Currently, only Bearer is returned.
Number of seconds until the IAM access token will expire.
Number of seconds counted since January 1st, 1970, until the IAM access token will expire.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "access_token": "ACCESS_TOKEN", "refresh_token": "", "token_type": "bearer", "expires_in": 3600, "expiration": 1616750582 }
Create an IAM access token for a Trusted Profile based on the provided entity. Provided entity can be a identity based token which can be a user token, service id token or a cookie.
Creates a non-opaque access token for a profile.
POST /identity/token#assume
Request
Form Parameters
Grant type for this API call. You must set the grant type to
urn:ibm:params:oauth:grant-type:assume
.Pass one of 'access_token', 'refresh_token' or 'cookie' to get a token for the profile. Provided access_token/refresh_token/iam_cookie need to be generated for the user or service id that has trust relationship with the profile. If the profile being assumed must satisfy an MFA requirement for the account, the access_token/refresh_token (...etc) used to assume the profile must meet the same requirement, using the same level MFA or higher.
see 'access_token'
see 'access_token'
Pass one of 'profile_id', 'profile_crn' or 'profile_name' and 'account' to select which profile should be used for this IAM token. If you pass a 'profile_id' or 'profile_crn', then the profile must exist in the same account. If you pass a 'profile_name' then 'account' need to be passed in the request where the profile is looked up based on the account.
see 'profile_id'
see 'profile_id'
ID of the account the profile belongs to
curl -X POST "https://iam.cloud.ibm.com/identity/token" --header "Content-Type: application/x-www-form-urlencoded" --data-urlencode 'grant_type=urn:ibm:params:oauth:grant-type:assume' --data-urlencode 'access_token=ACCESS-TOKEN' --data-urlencode 'profile_name=My first profile'
Response
Response body for POST /identity/token.
The IAM access token that can be used to invoke various IBM Cloud APIs. Use this token with the prefix Bearer in the HTTP header Authorization for invocations of IAM compatible APIs.
(optional) A refresh token that can be used to get a new IAM access token if that token is expired. When using the default client (no basic authorization header) as described in this documentation, this refresh_token cannot be used to retrieve a new IAM access token. When the IAM access token is about to be expired, use the API key to create a new access token.
(optional) A delegated refresh token that can only be consumed by the clients that have been specified in the API call as 'receiver_client_ids'
The type of the token. Currently, only Bearer is returned.
Number of seconds until the IAM access token will expire.
Number of seconds counted since January 1st, 1970, until the IAM access token will expire.
Status Code
Successful operation.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "access_token": "ACCESS_TOKEN", "refresh_token": "REFRESH_TOKEN", "token_type": "bearer", "expires_in": 3600, "expiration": 1616750582 }
Get account configurations
Returns the details of an account's configuration.
Returns the details of an account's configuration.
Returns the details of an account's configuration.
Returns the details of an account's configuration.
Returns the details of an account's configuration.
GET /v1/accounts/{account_id}/settings/identity
(iamIdentity *IamIdentityV1) GetAccountSettings(getAccountSettingsOptions *GetAccountSettingsOptions) (result *AccountSettingsResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetAccountSettingsWithContext(ctx context.Context, getAccountSettingsOptions *GetAccountSettingsOptions) (result *AccountSettingsResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsResponse> getAccountSettings(GetAccountSettingsOptions getAccountSettingsOptions)
getAccountSettings(params)
get_account_settings(
self,
account_id: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetAccountSettingsOptions
struct and set the fields to provide parameter values for the GetAccountSettings
method.
Use the GetAccountSettingsOptions.Builder
to create a GetAccountSettingsOptions
object that contains the parameter values for the getAccountSettings
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the account.
Query Parameters
Defines if the entity history is included in the response.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetAccountSettings options.
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
The getAccountSettings options.
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
parameters
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
parameters
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/accounts/ACCOUNT_ID/settings/identity" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getAccountSettingsOptions := iamIdentityService.NewGetAccountSettingsOptions(accountID) accountSettingsResponse, response, err := iamIdentityService.GetAccountSettings(getAccountSettingsOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(accountSettingsResponse, "", " ") fmt.Println(string(b))
GetAccountSettingsOptions getAccountSettingsOptions = new GetAccountSettingsOptions.Builder() .accountId(accountId) .build(); Response<AccountSettingsResponse> response = service.getAccountSettings(getAccountSettingsOptions).execute(); AccountSettingsResponse accountSettingsResponse = response.getResult(); accountSettingsEtag = response.getHeaders().values("Etag").get(0); System.out.println(accountSettingsResponse);
const params = { accountId: accountId, }; try { const res = await iamIdentityService.getAccountSettings(params); accountSettingsEtag = res.headers['etag']; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err) }
response = iam_identity_service.get_account_settings(account_id=account_id) settings = response.get_result() print(json.dumps(settings, indent=2))
Response
Response body format for Account Settings REST requests.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default
Context with key properties for problem determination.
History of the Account Settings.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Status Code
Successful response. No further actions.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "account_id": "5bbe28be34524avs8a34d37d1f2294a8a", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "entity_tag": "1-b67c932537dee167ce71be73d59d6a5c", "mfa": "NONE", "user_mfa": { "iam_id": "IBMid-1234567898", "mfa": "NONE" }, "session_expiration_in_seconds": "NOT_SET", "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" }
{ "account_id": "5bbe28be34524avs8a34d37d1f2294a8a", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "entity_tag": "1-b67c932537dee167ce71be73d59d6a5c", "mfa": "NONE", "user_mfa": { "iam_id": "IBMid-1234567898", "mfa": "NONE" }, "session_expiration_in_seconds": "NOT_SET", "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" }
Update account configurations
Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes, access control for creating new identities, and enforcing IP restrictions on token creation.
Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes, access control for creating new identities, and enforcing IP restrictions on token creation.
Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes, access control for creating new identities, and enforcing IP restrictions on token creation.
Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes, access control for creating new identities, and enforcing IP restrictions on token creation.
Allows a user to configure settings on their account with regards to MFA, MFA excemption list, session lifetimes, access control for creating new identities, and enforcing IP restrictions on token creation.
PUT /v1/accounts/{account_id}/settings/identity
(iamIdentity *IamIdentityV1) UpdateAccountSettings(updateAccountSettingsOptions *UpdateAccountSettingsOptions) (result *AccountSettingsResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateAccountSettingsWithContext(ctx context.Context, updateAccountSettingsOptions *UpdateAccountSettingsOptions) (result *AccountSettingsResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsResponse> updateAccountSettings(UpdateAccountSettingsOptions updateAccountSettingsOptions)
updateAccountSettings(params)
update_account_settings(
self,
if_match: str,
account_id: str,
*,
restrict_create_service_id: Optional[str] = None,
restrict_create_platform_apikey: Optional[str] = None,
allowed_ip_addresses: Optional[str] = None,
mfa: Optional[str] = None,
user_mfa: Optional[List['AccountSettingsUserMFA']] = None,
session_expiration_in_seconds: Optional[str] = None,
session_invalidation_in_seconds: Optional[str] = None,
max_sessions_per_identity: Optional[str] = None,
system_access_token_expiration_in_seconds: Optional[str] = None,
system_refresh_token_expiration_in_seconds: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateAccountSettingsOptions
struct and set the fields to provide parameter values for the UpdateAccountSettings
method.
Use the UpdateAccountSettingsOptions.Builder
to create a UpdateAccountSettingsOptions
object that contains the parameter values for the updateAccountSettings
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Version of the account settings to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Path Parameters
The id of the account to update the settings for.
Request to update an account's settings.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - only users assigned the 'User API key creator' role on the IAM Identity Service can create API keys, including the account owner
- NOT_RESTRICTED - all members of an account can create platform API keys
- NOT_SET - to 'unset' a previous set value
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default
Default:
7200
Defines the max allowed sessions per identity required by the account. Value values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default
Default:
259200
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateAccountSettings options.
Version of the account settings to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The id of the account to update the settings for.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - only users assigned the 'User API key creator' role on the IAM Identity Service can create API keys, including the account owner
- NOT_RESTRICTED - all members of an account can create platform API keys
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Value values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
The updateAccountSettings options.
Version of the account settings to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The id of the account to update the settings for.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - only users assigned the 'User API key creator' role on the IAM Identity Service can create API keys, including the account owner
- NOT_RESTRICTED - all members of an account can create platform API keys
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Value values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
Version of the account settings to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The id of the account to update the settings for.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - only users assigned the 'User API key creator' role on the IAM Identity Service can create API keys, including the account owner
- NOT_RESTRICTED - all members of an account can create platform API keys
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Value values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
Version of the account settings to be updated. Specify the version that you retrieved as entity_tag (ETag header) when reading the account. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
The id of the account to update the settings for.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - only users assigned the 'User API key creator' role on the IAM Identity Service can create API keys, including the account owner
- NOT_RESTRICTED - all members of an account can create platform API keys
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Value values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
curl -X PUT "https://iam.cloud.ibm.com/v1/accounts/ACCOUNT_ID/settings/identity" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "If-Match: <value of etag header from GET request>" --data '{ "restrict_create_service_id": "RESTRICTED", "restrict_create_platform_apikey": "RESTRICTED", "allowed_ip_addresses": "127.0.0.1", "mfa": "NONE" "session_expiration_in_seconds": "900", "session_invalidation_in_seconds": "800", "max_sessions_per_identity": "10" }'
accountSettingsUserMFA := new(iamidentityv1.AccountSettingsUserMfa) accountSettingsUserMFA.IamID = core.StringPtr(iamIDMember) accountSettingsUserMFA.Mfa = core.StringPtr("NONE") updateAccountSettingsOptions := iamIdentityService.NewUpdateAccountSettingsOptions( accountSettingEtag, accountID, ) updateAccountSettingsOptions.SetSessionExpirationInSeconds("86400") updateAccountSettingsOptions.SetSessionInvalidationInSeconds("7200") updateAccountSettingsOptions.SetMfa("NONE") updateAccountSettingsOptions.SetUserMfa([]iamidentityv1.AccountSettingsUserMfa{*accountSettingsUserMFA}) updateAccountSettingsOptions.SetRestrictCreatePlatformApikey("NOT_RESTRICTED") updateAccountSettingsOptions.SetRestrictCreatePlatformApikey("NOT_RESTRICTED") updateAccountSettingsOptions.SetSystemAccessTokenExpirationInSeconds("3600") updateAccountSettingsOptions.SetSystemRefreshTokenExpirationInSeconds("259200") accountSettingsResponse, response, err := iamIdentityService.UpdateAccountSettings(updateAccountSettingsOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(accountSettingsResponse, "", " ") fmt.Println(string(b))
AccountSettingsUserMFA userMFA = new AccountSettingsUserMFA.Builder() .iamId(iamIdMember) .mfa("NONE") .build(); List<AccountSettingsUserMFA> userMFAExpList = new ArrayList<>(); userMFAExpList.add(userMFA); UpdateAccountSettingsOptions updateAccountSettingsOptions = new UpdateAccountSettingsOptions.Builder() .ifMatch(accountSettingsEtag) .accountId(accountId) .sessionExpirationInSeconds("86400") .sessionInvalidationInSeconds("7200") .restrictCreatePlatformApikey("NOT_RESTRICTED") .restrictCreateServiceId("NOT_RESTRICTED") .mfa("NONE") .userMfa(userMFAExpList) .systemAccessTokenExpirationInSeconds("3600") .systemRefreshTokenExpirationInSeconds("259200") .build(); Response<AccountSettingsResponse> response = service.updateAccountSettings(updateAccountSettingsOptions).execute(); AccountSettingsResponse accountSettingsResponse = response.getResult(); System.out.println(accountSettingsResponse);
const accountSettingsUserMFA = { iam_id: iamIdMember, mfa: 'NONE', }; const userMfa = [accountSettingsUserMFA]; const params = { ifMatch: accountSettingsEtag, accountId: accountId, restrictCreateServiceId: "NOT_RESTRICTED", restrictCreatePlatformApikey: "NOT_RESTRICTED", mfa: "NONE", userMfa, sessionExpirationInSeconds: "86400", sessionInvalidationInSeconds: "7200", systemAccessTokenExpirationInSeconds: '3600', systemRefreshTokenExpirationInSeconds: '259200', }; try { const res = await iamIdentityService.updateAccountSettings(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err) }
account_settings_user_mfa = {} account_settings_user_mfa['iam_id'] = iam_id_member account_settings_user_mfa['mfa'] = 'NONE' account_settings_response = iam_identity_service.update_account_settings( account_id=account_id, if_match=account_settings_etag, restrict_create_service_id="NOT_RESTRICTED", restrict_create_platform_apikey="NOT_RESTRICTED", mfa="NONE", user_mfa=[account_settings_user_mfa], session_expiration_in_seconds="86400", session_invalidation_in_seconds="7200", max_sessions_per_identity='10', system_access_token_expiration_in_seconds='3600', system_refresh_token_expiration_in_seconds='259200', ).get_result() print(json.dumps(account_settings_response, indent=2))
Response
Response body format for Account Settings REST requests.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default
Context with key properties for problem determination.
History of the Account Settings.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Version of the account settings.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Status Code
Successful account configuration update.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error.
{ "account_id": "5bbe28be34524avs8a34d37d1f2294a8a", "restrict_create_service_id": "RESTRICTED", "restrict_create_platform_apikey": "RESTRICTED", "allowed_ip_addresses": "127.0.0.1", "entity_tag": "2-b67acg2537dee167ce71be73d59d6a5c", "mfa": "NONE", "user_mfa": { "iam_id": "IBMid-1234567898", "mfa": "LEVEL1" }, "session_expiration_in_seconds": "3600", "session_invalidation_in_seconds": "1800", "max_sessions_per_identity": "10", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200" }
{ "account_id": "5bbe28be34524avs8a34d37d1f2294a8a", "restrict_create_service_id": "RESTRICTED", "restrict_create_platform_apikey": "RESTRICTED", "allowed_ip_addresses": "127.0.0.1", "entity_tag": "2-b67acg2537dee167ce71be73d59d6a5c", "mfa": "NONE", "user_mfa": { "iam_id": "IBMid-1234567898", "mfa": "LEVEL1" }, "session_expiration_in_seconds": "3600", "session_invalidation_in_seconds": "1800", "max_sessions_per_identity": "10", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200" }
Get MFA enrollment status for a single user in the account.
Get MFA enrollment status for a single user in the account.
Get MFA enrollment status for a single user in the account.
Get MFA enrollment status for a single user in the account.
Get MFA enrollment status for a single user in the account.
Get MFA enrollment status for a single user in the account.
GET /v1/mfa/accounts/{account_id}/status
(iamIdentity *IamIdentityV1) GetMfaStatus(getMfaStatusOptions *GetMfaStatusOptions) (result *UserMfaEnrollments, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetMfaStatusWithContext(ctx context.Context, getMfaStatusOptions *GetMfaStatusOptions) (result *UserMfaEnrollments, response *core.DetailedResponse, err error)
ServiceCall<UserMfaEnrollments> getMfaStatus(GetMfaStatusOptions getMfaStatusOptions)
getMfaStatus(params)
get_mfa_status(
self,
account_id: str,
iam_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetMfaStatusOptions
struct and set the fields to provide parameter values for the GetMfaStatus
method.
Use the GetMfaStatusOptions.Builder
to create a GetMfaStatusOptions
object that contains the parameter values for the getMfaStatus
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account
Query Parameters
iam_id of the user. This user must be the member of the account.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetMfaStatus options.
ID of the account.
iam_id of the user. This user must be the member of the account.
The getMfaStatus options.
ID of the account.
iam_id of the user. This user must be the member of the account.
parameters
ID of the account.
iam_id of the user. This user must be the member of the account.
parameters
ID of the account.
iam_id of the user. This user must be the member of the account.
curl -X GET "https://iam.cloud.ibm.com/v1/mfa/accounts/ACCOUNT_ID/status?iam_id=IAM_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getMfaStatusOptions := iamIdentityService.NewGetMfaStatusOptions(accountID, iamID) mfaStatusResponse, response, err := iamIdentityService.GetMfaStatus(getMfaStatusOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(mfaStatusResponse, "", " ") fmt.Println(string(b))
GetMfaStatusOptions getMfaStatusOptions = new GetMfaStatusOptions.Builder() .accountId(accountId) .iamId(iamId) .build(); Response<UserMfaEnrollments> response = service.getMfaStatus(getMfaStatusOptions).execute(); UserMfaEnrollments userMfaEnrollmentsResponse = response.getResult(); System.out.println(userMfaEnrollmentsResponse);
const params = { accountId: accountId, iamId: iamId, }; try { const res = await iamIdentityService.getMfaStatus(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_mfa_status_response = iam_identity_service.get_mfa_status( account_id=account_id, iam_id=iam_id ).get_result() print(json.dumps(get_mfa_status_response, indent=2))
Response
IAMid of the user
currently effective mfa type i.e. id_based_mfa or account_based_mfa
list of mfa traits associated with the identity
list of account based mfa types for the identity
IAMid of the user.
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- IDBasedMfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- AccountBasedMfa
- SecurityQuestions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- Totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- Verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
IAMid of the user.
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- idBasedMfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- accountBasedMfa
- securityQuestions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
IAMid of the user.
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- id_based_mfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- account_based_mfa
- security_questions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
IAMid of the user.
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- id_based_mfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- account_based_mfa
- security_questions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
Status Code
Successful response. No further actions.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Report not found.
Internal Server error. Response if unexpected error situation happened.
{ "iam_id": "IBMid-12345678", "effective_mfa_type": "id_based_mfa", "id_based_mfa": { "trait_account_default": "LEVEL3", "trait_user_specific\"": "LEVEL2", "trait_effective": "LEVEL2", "complies": true }, "account_based_mfa": { "complies": true, "security_questions": { "required": true, "enrolled": true }, "totp": { "required\"": true, "enrolled\"": true }, "verisign": { "required\"": false, "enrolled": false } } }
{ "iam_id": "IBMid-12345678", "effective_mfa_type": "id_based_mfa", "id_based_mfa": { "trait_account_default": "LEVEL3", "trait_user_specific\"": "LEVEL2", "trait_effective": "LEVEL2", "complies": true }, "account_based_mfa": { "complies": true, "security_questions": { "required": true, "enrolled": true }, "totp": { "required\"": true, "enrolled\"": true }, "verisign": { "required\"": false, "enrolled": false } } }
Trigger MFA enrollment status report for the account
Trigger MFA enrollment status report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger MFA enrollment status report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger MFA enrollment status report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger MFA enrollment status report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger MFA enrollment status report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
POST /v1/mfa/accounts/{account_id}/report
(iamIdentity *IamIdentityV1) CreateMfaReport(createMfaReportOptions *CreateMfaReportOptions) (result *ReportReference, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateMfaReportWithContext(ctx context.Context, createMfaReportOptions *CreateMfaReportOptions) (result *ReportReference, response *core.DetailedResponse, err error)
ServiceCall<ReportReference> createMfaReport(CreateMfaReportOptions createMfaReportOptions)
createMfaReport(params)
create_mfa_report(
self,
account_id: str,
*,
type: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateMfaReportOptions
struct and set the fields to provide parameter values for the CreateMfaReport
method.
Use the CreateMfaReportOptions.Builder
to create a CreateMfaReportOptions
object that contains the parameter values for the createMfaReport
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account
Query Parameters
Optional report type. The supported value is 'mfa_status'. List MFA enrollment status for all the identities.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateMfaReport options.
ID of the account.
Optional report type. The supported value is 'mfa_status'. List MFA enrollment status for all the identities.
The createMfaReport options.
ID of the account.
Optional report type. The supported value is 'mfa_status'. List MFA enrollment status for all the identities.
parameters
ID of the account.
Optional report type. The supported value is 'mfa_status'. List MFA enrollment status for all the identities.
parameters
ID of the account.
Optional report type. The supported value is 'mfa_status'. List MFA enrollment status for all the identities.
curl -X POST "https://iam.cloud.ibm.com/v1/mfa/accounts/ACCOUNT_ID/report?type=mfa_status" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
createMfaReportOptions := iamIdentityService.NewCreateMfaReportOptions(accountID) createMfaReportOptions.SetType("mfa_status") report, response, err := iamIdentityService.CreateMfaReport(createMfaReportOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(report, "", " ") fmt.Println(string(b))
CreateMfaReportOptions createMfaReportOptions = new CreateMfaReportOptions.Builder() .accountId(accountId) .type("mfa_status") .build(); Response<ReportReference> response = service.createMfaReport(createMfaReportOptions).execute(); ReportReference reportReference = response.getResult(); reportReferenceValue = reportReference.getReference(); System.out.println(reportReferenceValue);
const params = { accountId: accountId, type: 'mfa_status', }; try { const res = await iamIdentityService.createMfaReport(params); reportReferenceMfa = res.result.reference; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
create_report_response = iam_identity_service.create_mfa_report( account_id=account_id, type="mfa_status" ).get_result() print(json.dumps(create_report_response, indent=2))
Response
Reference for the report to be generated.
Reference for the report to be generated.
Reference for the report to be generated.
Reference for the report to be generated.
Reference for the report to be generated.
Status Code
Create report accepted.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "reference": "abc11111-b222-c333-d444-abc123def456" }
{ "reference": "abc11111-b222-c333-d444-abc123def456" }
Get MFA enrollment status report for the account
Get MFA enrollment status report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get MFA enrollment status report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get MFA enrollment status report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get MFA enrollment status report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get MFA enrollment status report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
GET /v1/mfa/accounts/{account_id}/report/{reference}
(iamIdentity *IamIdentityV1) GetMfaReport(getMfaReportOptions *GetMfaReportOptions) (result *ReportMfaEnrollmentStatus, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetMfaReportWithContext(ctx context.Context, getMfaReportOptions *GetMfaReportOptions) (result *ReportMfaEnrollmentStatus, response *core.DetailedResponse, err error)
ServiceCall<ReportMfaEnrollmentStatus> getMfaReport(GetMfaReportOptions getMfaReportOptions)
getMfaReport(params)
get_mfa_report(
self,
account_id: str,
reference: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetMfaReportOptions
struct and set the fields to provide parameter values for the GetMfaReport
method.
Use the GetMfaReportOptions.Builder
to create a GetMfaReportOptions
object that contains the parameter values for the getMfaReport
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetMfaReport options.
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
The getMfaReport options.
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
parameters
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
parameters
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
curl -X GET "https://iam.cloud.ibm.com/v1/mfa/accounts/ACCOUNT_ID/report/REFERENCE" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getMfaReportOptions := iamIdentityService.NewGetMfaReportOptions(accountID, "latest") report, response, err := iamIdentityService.GetMfaReport(getMfaReportOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(report, "", " ") fmt.Println(string(b))
GetMfaReportOptions getMfaReportOptions = new GetMfaReportOptions.Builder() .accountId(accountId) .reference(reportReferenceValue) .build(); Response<ReportMfaEnrollmentStatus> response = service.getMfaReport(getMfaReportOptions).execute(); ReportMfaEnrollmentStatus fetchedReport = response.getResult(); System.out.println(fetchedReport);
const params = { accountId: accountId, reference: 'latest', }; try { const res = await iamIdentityService.getMfaReport(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_report_response = iam_identity_service.get_mfa_report( account_id=account_id, reference=report_reference_mfa ).get_result() print(json.dumps(get_report_response, indent=2))
Response
IAMid of the user who triggered the report
Unique reference used to generate the report
Date time at which report is generated. Date is in ISO format.
BSS account id of the user who triggered the report
IMS account id of the user who triggered the report
List of users
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Date time at which report is generated. Date is in ISO format.
BSS account id of the user who triggered the report.
IMS account id of the user who triggered the report.
List of users.
- Users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
- Enrollments
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- IDBasedMfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- AccountBasedMfa
- SecurityQuestions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- Totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- Verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Date time at which report is generated. Date is in ISO format.
BSS account id of the user who triggered the report.
IMS account id of the user who triggered the report.
List of users.
- users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
- enrollments
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- idBasedMfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- accountBasedMfa
- securityQuestions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Date time at which report is generated. Date is in ISO format.
BSS account id of the user who triggered the report.
IMS account id of the user who triggered the report.
List of users.
- users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
- enrollments
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- id_based_mfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- account_based_mfa
- security_questions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Date time at which report is generated. Date is in ISO format.
BSS account id of the user who triggered the report.
IMS account id of the user who triggered the report.
List of users.
- users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
- enrollments
currently effective mfa type i.e. id_based_mfa or account_based_mfa.
- id_based_mfa
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]The enrollment complies to the effective requirement.
Defines comply state for the account. Valid values:
- NO - User does not comply in the given account.
- ACCOUNT- User complies in the given account, but does not comply in at least one of the other account memberships.
- CROSS_ACCOUNT - User complies in the given account and across all other account memberships.
Possible values: [
NO
,ACCOUNT
,CROSS_ACCOUNT
]
- account_based_mfa
- security_questions
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- totp
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
- verisign
Describes whether the enrollment type is required.
Describes whether the enrollment type is enrolled.
The enrollment complies to the effective requirement.
Status Code
Successful - report retrieved.
Report not complete yet.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Report not found.
Internal Server error. Response if unexpected error situation happened.
{ "created_by": "iam-id", "reference": "abc11111-b222-c333-d444-abc123def456", "report_time": "2022-01-24T19:07:37:999+0000", "account_id": "BSS_account_id", "ims_account_id": "IMS_account_id", "users": { "iam_id": "IBMid-12345678", "name": "Name123", "username": "user@ibm.com", "email": "user@ibm.com" }, "enrollments": { "effective_mfa_type": "id_based_mfa", "id_based_mfa": { "trait_account_default": "LEVEL3", "trait_user_specific\"": "LEVEL2", "trait_effective": "LEVEL2", "complies": true }, "account_based_mfa": { "complies": true, "security_questions": { "required": true, "enrolled": true }, "totp": { "required\"": true, "enrolled\"": true }, "verisign": { "required\"": false, "enrolled": false } } } }
{ "created_by": "iam-id", "reference": "abc11111-b222-c333-d444-abc123def456", "report_time": "2022-01-24T19:07:37:999+0000", "account_id": "BSS_account_id", "ims_account_id": "IMS_account_id", "users": { "iam_id": "IBMid-12345678", "name": "Name123", "username": "user@ibm.com", "email": "user@ibm.com" }, "enrollments": { "effective_mfa_type": "id_based_mfa", "id_based_mfa": { "trait_account_default": "LEVEL3", "trait_user_specific\"": "LEVEL2", "trait_effective": "LEVEL2", "complies": true }, "account_based_mfa": { "complies": true, "security_questions": { "required": true, "enrolled": true }, "totp": { "required\"": true, "enrolled\"": true }, "verisign": { "required\"": false, "enrolled": false } } } }
Get effective account settings configuration
Returns effective account settings for given account ID
Returns effective account settings for given account ID.
Returns effective account settings for given account ID.
Returns effective account settings for given account ID.
Returns effective account settings for given account ID.
GET /v1/accounts/{account_id}/effective_settings/identity
(iamIdentity *IamIdentityV1) GetEffectiveAccountSettings(getEffectiveAccountSettingsOptions *GetEffectiveAccountSettingsOptions) (result *EffectiveAccountSettingsResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetEffectiveAccountSettingsWithContext(ctx context.Context, getEffectiveAccountSettingsOptions *GetEffectiveAccountSettingsOptions) (result *EffectiveAccountSettingsResponse, response *core.DetailedResponse, err error)
ServiceCall<EffectiveAccountSettingsResponse> getEffectiveAccountSettings(GetEffectiveAccountSettingsOptions getEffectiveAccountSettingsOptions)
getEffectiveAccountSettings(params)
get_effective_account_settings(
self,
account_id: str,
*,
include_history: Optional[bool] = None,
resolve_user_mfa: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetEffectiveAccountSettingsOptions
struct and set the fields to provide parameter values for the GetEffectiveAccountSettings
method.
Use the GetEffectiveAccountSettingsOptions.Builder
to create a GetEffectiveAccountSettingsOptions
object that contains the parameter values for the getEffectiveAccountSettings
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Unique ID of the account.
Query Parameters
Defines if the entity history is included in the response.
Default:
false
Enrich MFA exemptions with user information.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetEffectiveAccountSettings options.
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
Enrich MFA exemptions with user information.
Default:
false
The getEffectiveAccountSettings options.
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
Enrich MFA exemptions with user information.
Default:
false
parameters
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
Enrich MFA exemptions with user information.
Default:
false
parameters
Unique ID of the account.
Defines if the entity history is included in the response.
Default:
false
Enrich MFA exemptions with user information.
Default:
false
curl -X GET "https://iam.test.cloud.ibm.com/v1/accounts/ACCOUNT_ID/effective_settings/identity" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getEffectiveAccountSettingsOptions := iamIdentityService.NewGetEffectiveAccountSettingsOptions(accountID) effectiveAccountSettingsResponse, response, err := iamIdentityService.GetEffectiveAccountSettings(getEffectiveAccountSettingsOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(effectiveAccountSettingsResponse, "", " ") fmt.Println(string(b))
GetEffectiveAccountSettingsOptions getEffectiveAccountSettingsOptions = new GetEffectiveAccountSettingsOptions.Builder() .accountId(accountId) .build(); Response<EffectiveAccountSettingsResponse> response = service.getEffectiveAccountSettings(getEffectiveAccountSettingsOptions).execute(); EffectiveAccountSettingsResponse effectiveAccountSettingsResponse = response.getResult(); System.out.println(effectiveAccountSettingsResponse);
const params = { accountId: accountId, }; try { const res = await iamIdentityService.getEffectiveAccountSettings(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err) }
response = iam_identity_service.get_effective_account_settings(account_id=account_id) settings = response.get_result() print(json.dumps(settings, indent=2))
Response
Response body format for Account Settings REST requests.
Unique ID of the account.
effective section.
account section.
Context with key properties for problem determination.
assigned template section.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
- Effective
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
- Account
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
History of the Account Settings.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
assigned template section.
- AssignedTemplates
Template Id.
Template version.
Template name.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
- effective
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
- account
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
assigned template section.
- assignedTemplates
Template Id.
Template version.
Template name.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
- effective
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
- account
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
assigned template section.
- assigned_templates
Template Id.
Template version.
Template name.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Response body format for Account Settings REST requests.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Unique ID of the account.
- effective
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
- account
Unique ID of the account.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
History of the Account Settings.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
assigned template section.
- assigned_templates
Template Id.
Template version.
Template name.
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]name of the user account.
userName of the user.
email of the user.
optional description.
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Status Code
Successful response. No further actions.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "account_id": "c847c915b2fbde106934e45d43993103", "effective": { "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": null, "mfa": "NONE", "user_mfa": [ { "iam_id": "iam-internal", "mfa": "NONE", "name": "name", "userName": "username", "email": "email", "description\"": "description" } ], "session_expiration_in_seconds": 50, "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" }, "account": { "account_id": "c847c915b2fbde106934e45d43993103", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": null, "entity_tag": "1701-5237bb550c744bad0d8d0303b2f51bae", "mfa": "NONE", "user_mfa": [ { "iam_id": "iam-internal", "mfa": "NONE", "name": "name", "userName": "username", "email": "email", "description": "description" } ], "history": [ { "timestamp": "2024-02-22T13:54+0000", "iam_id": "iam-internal", "action": "iam-identity.optout.applied", "params": [ "account_mfa_default_noropc NONE mfa_not_updated timestamp=1708610075198" ], "message": "iam-identity.optout.applied" } ], "session_expiration_in_seconds": 50, "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" }, "assigned_templates": [ { "template_id": "template_id", "template_name": "template_name", "template_version": 123456, "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": null, "mfa": "NONE", "user_mfa": [ { "iam_id": "iam-internal", "mfa": "NONE", "name": "name", "userName": "username", "email": "email", "description": "description" } ], "session_expiration_in_seconds": 50, "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" } ] }
{ "account_id": "c847c915b2fbde106934e45d43993103", "effective": { "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": null, "mfa": "NONE", "user_mfa": [ { "iam_id": "iam-internal", "mfa": "NONE", "name": "name", "userName": "username", "email": "email", "description\"": "description" } ], "session_expiration_in_seconds": 50, "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" }, "account": { "account_id": "c847c915b2fbde106934e45d43993103", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": null, "entity_tag": "1701-5237bb550c744bad0d8d0303b2f51bae", "mfa": "NONE", "user_mfa": [ { "iam_id": "iam-internal", "mfa": "NONE", "name": "name", "userName": "username", "email": "email", "description": "description" } ], "history": [ { "timestamp": "2024-02-22T13:54+0000", "iam_id": "iam-internal", "action": "iam-identity.optout.applied", "params": [ "account_mfa_default_noropc NONE mfa_not_updated timestamp=1708610075198" ], "message": "iam-identity.optout.applied" } ], "session_expiration_in_seconds": 50, "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" }, "assigned_templates": [ { "template_id": "template_id", "template_name": "template_name", "template_version": 123456, "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": null, "mfa": "NONE", "user_mfa": [ { "iam_id": "iam-internal", "mfa": "NONE", "name": "name", "userName": "username", "email": "email", "description": "description" } ], "session_expiration_in_seconds": 50, "session_invalidation_in_seconds": "NOT_SET", "max_sessions_per_identity": "NOT_SET", "system_access_token_expiration_in_seconds": "NOT_SET", "system_refresh_token_expiration_in_seconds": "NOT_SET" } ] }
Trigger activity report for the account
Trigger activity report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger activity report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger activity report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger activity report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
Trigger activity report for the account by specifying the account ID. It can take a few minutes to generate the report for retrieval.
POST /v1/activity/accounts/{account_id}/report
(iamIdentity *IamIdentityV1) CreateReport(createReportOptions *CreateReportOptions) (result *ReportReference, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateReportWithContext(ctx context.Context, createReportOptions *CreateReportOptions) (result *ReportReference, response *core.DetailedResponse, err error)
ServiceCall<ReportReference> createReport(CreateReportOptions createReportOptions)
createReport(params)
create_report(
self,
account_id: str,
*,
type: Optional[str] = None,
duration: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateReportOptions
struct and set the fields to provide parameter values for the CreateReport
method.
Use the CreateReportOptions.Builder
to create a CreateReportOptions
object that contains the parameter values for the createReport
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account
Query Parameters
Optional report type. The supported value is 'inactive'. List all identities that have not authenticated within the time indicated by duration.
Default:
inactive
Optional duration of the report. The supported unit of duration is hours.
Default:
720
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateReport options.
ID of the account.
Optional report type. The supported value is 'inactive'. List all identities that have not authenticated within the time indicated by duration.
Default:
inactive
Optional duration of the report. The supported unit of duration is hours.
Default:
720
The createReport options.
ID of the account.
Optional report type. The supported value is 'inactive'. List all identities that have not authenticated within the time indicated by duration.
Default:
inactive
Optional duration of the report. The supported unit of duration is hours.
Default:
720
parameters
ID of the account.
Optional report type. The supported value is 'inactive'. List all identities that have not authenticated within the time indicated by duration.
Default:
inactive
Optional duration of the report. The supported unit of duration is hours.
Default:
720
parameters
ID of the account.
Optional report type. The supported value is 'inactive'. List all identities that have not authenticated within the time indicated by duration.
Default:
inactive
Optional duration of the report. The supported unit of duration is hours.
Default:
720
curl -X POST "https://iam.cloud.ibm.com/v1/activity/accounts/ACCOUNT_ID/report" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
createReportOptions := iamIdentityService.NewCreateReportOptions(accountID) createReportOptions.SetType("inactive") createReportOptions.SetDuration("120") report, response, err := iamIdentityService.CreateReport(createReportOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(report, "", " ") fmt.Println(string(b))
CreateReportOptions createReportOptions = new CreateReportOptions.Builder() .accountId(accountId) .build(); Response<ReportReference> response = service.createReport(createReportOptions).execute(); ReportReference reportReference = response.getResult(); reportReferenceValue = reportReference.getReference(); System.out.println(reportReferenceValue);
const params = { accountId: accountId, type: 'inactive', duration: '120', }; try { const res = await iamIdentityService.createReport(params); reportReference = res.reference; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
create_report_response = iam_identity_service.create_report( account_id=account_id, type="inactive", duration="120", ).get_result() print(json.dumps(create_report_response, indent=2))
Response
Reference for the report to be generated.
Reference for the report to be generated.
Reference for the report to be generated.
Reference for the report to be generated.
Reference for the report to be generated.
Status Code
Create report accepted.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error. Response if unexpected error situation happened.
{ "reference": "abc11111-b222-c333-d444-abc123def456" }
{ "reference": "abc11111-b222-c333-d444-abc123def456" }
Get activity report for the account
Get activity report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get activity report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get activity report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get activity report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
Get activity report for the account by specifying the account ID and the reference that is generated by triggering the report. Reports older than a day are deleted when generating a new report.
GET /v1/activity/accounts/{account_id}/report/{reference}
(iamIdentity *IamIdentityV1) GetReport(getReportOptions *GetReportOptions) (result *Report, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetReportWithContext(ctx context.Context, getReportOptions *GetReportOptions) (result *Report, response *core.DetailedResponse, err error)
ServiceCall<Report> getReport(GetReportOptions getReportOptions)
getReport(params)
get_report(
self,
account_id: str,
reference: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetReportOptions
struct and set the fields to provide parameter values for the GetReport
method.
Use the GetReportOptions.Builder
to create a GetReportOptions
object that contains the parameter values for the getReport
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetReport options.
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
The getReport options.
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
parameters
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
parameters
ID of the account.
Reference for the report to be generated, You can use 'latest' to get the latest report for the given account.
curl -X GET "https://iam.cloud.ibm.com/v1/activity/accounts/ACCOUNT_ID/report/REFERENCE" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
getReportOptions := iamIdentityService.NewGetReportOptions(accountID, "latest") report, response, err := iamIdentityService.GetReport(getReportOptions) if err != nil { panic(err) } b, _ := json.MarshalIndent(report, "", " ") fmt.Println(string(b))
GetReportOptions getReportOptions = new GetReportOptions.Builder() .accountId(accountId) .reference(reportReferenceValue) .build(); Response<Report> response = service.getReport(getReportOptions).execute(); Report fetchedReport = response.getResult(); System.out.println(fetchedReport);
const params = { accountId: accountId, reference: 'latest', }; try { const res = await iamIdentityService.getReport(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_report_response = iam_identity_service.get_report( account_id=account_id, reference="latest" ).get_result() print(json.dumps(get_report_response, indent=2))
Response
IAMid of the user who triggered the report
Unique reference used to generate the report
Duration in hours for which the report is generated.
Start time of the report
End time of the report
List of users
List of apikeys
List of serviceids
List of profiles
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Duration in hours for which the report is generated.
Start time of the report.
End time of the report.
List of users.
- Users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the user was last authenticated.
List of apikeys.
- Apikeys
Unique id of the apikey.
Name provided during creation of the apikey.
Type of the apikey. Supported values are
serviceid
anduser
.serviceid details will be present if type is
serviceid
.- Serviceid
Unique identifier of this Service Id.
Name provided during creation of the serviceid.
user details will be present if type is
user
.- User
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the apikey was last authenticated.
List of serviceids.
- Serviceids
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
List of profiles.
- Profiles
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Duration in hours for which the report is generated.
Start time of the report.
End time of the report.
List of users.
- users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the user was last authenticated.
List of apikeys.
- apikeys
Unique id of the apikey.
Name provided during creation of the apikey.
Type of the apikey. Supported values are
serviceid
anduser
.serviceid details will be present if type is
serviceid
.- serviceid
Unique identifier of this Service Id.
Name provided during creation of the serviceid.
user details will be present if type is
user
.- user
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the apikey was last authenticated.
List of serviceids.
- serviceids
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
List of profiles.
- profiles
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Duration in hours for which the report is generated.
Start time of the report.
End time of the report.
List of users.
- users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the user was last authenticated.
List of apikeys.
- apikeys
Unique id of the apikey.
Name provided during creation of the apikey.
Type of the apikey. Supported values are
serviceid
anduser
.serviceid details will be present if type is
serviceid
.- serviceid
Unique identifier of this Service Id.
Name provided during creation of the serviceid.
user details will be present if type is
user
.- user
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the apikey was last authenticated.
List of serviceids.
- serviceids
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
List of profiles.
- profiles
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
IAMid of the user who triggered the report.
Unique reference used to generate the report.
Duration in hours for which the report is generated.
Start time of the report.
End time of the report.
List of users.
- users
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the user was last authenticated.
List of apikeys.
- apikeys
Unique id of the apikey.
Name provided during creation of the apikey.
Type of the apikey. Supported values are
serviceid
anduser
.serviceid details will be present if type is
serviceid
.- serviceid
Unique identifier of this Service Id.
Name provided during creation of the serviceid.
user details will be present if type is
user
.- user
IAMid of the user.
Name of the user.
Username of the user.
Email of the user.
Time when the apikey was last authenticated.
List of serviceids.
- serviceids
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
List of profiles.
- profiles
Unique id of the entity.
Name provided during creation of the entity.
Time when the entity was last authenticated.
Status Code
Successful - report retrieved.
Report not complete yet.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Report not found.
Internal Server error. Response if unexpected error situation happened.
{ "created_by": "iam-id", "reference": "abc11111-b222-c333-d444-abc123def456", "report_duration": 720, "report_start_time": "2022-01-24T19:07:37:999+0000", "report_end_time": "2022-30-24T19:07:37:999+0000", "users": { "iam_id": "IBMid-12345678", "name": "Name123", "username": "user@ibm.com", "email": "user@ibm.com", "last_authn": "2022-03-18T19:07:37:999+0000" }, "serviceids": { "id": "serviceid-123", "name": "nice serviceid", "last_authn": "2022-03-18T19:07:37:999+0000" }, "profiles": { "id": "profileid-123", "name": "nice profile", "last_authn": "2022-03-18T19:07:37:999+0000" }, "apikeys": [ { "id": "apikey-123", "name": "sample serviceid apikey", "type": "serviceid", "serviceid": { "id": "serviceid-123", "name": "sample serviceid" }, "last_authn": "2022-03-18T19:07:37:999+0000" }, { "id": "apikey-456", "name": "sample user apikey", "type": "user", "user": { "iam_id": "IBMid-4567", "name": "Name456", "username": "user@ibm.com", "email": "user@ibm.com" }, "last_authn": "2022-03-10T19:07:37:999+0000" } ] }
{ "created_by": "iam-id", "reference": "abc11111-b222-c333-d444-abc123def456", "report_duration": 720, "report_start_time": "2022-01-24T19:07:37:999+0000", "report_end_time": "2022-30-24T19:07:37:999+0000", "users": { "iam_id": "IBMid-12345678", "name": "Name123", "username": "user@ibm.com", "email": "user@ibm.com", "last_authn": "2022-03-18T19:07:37:999+0000" }, "serviceids": { "id": "serviceid-123", "name": "nice serviceid", "last_authn": "2022-03-18T19:07:37:999+0000" }, "profiles": { "id": "profileid-123", "name": "nice profile", "last_authn": "2022-03-18T19:07:37:999+0000" }, "apikeys": [ { "id": "apikey-123", "name": "sample serviceid apikey", "type": "serviceid", "serviceid": { "id": "serviceid-123", "name": "sample serviceid" }, "last_authn": "2022-03-18T19:07:37:999+0000" }, { "id": "apikey-456", "name": "sample user apikey", "type": "user", "user": { "iam_id": "IBMid-4567", "name": "Name456", "username": "user@ibm.com", "email": "user@ibm.com" }, "last_authn": "2022-03-10T19:07:37:999+0000" } ] }
List trusted profile templates
List the trusted profile templates in an enterprise account.
List the trusted profile templates in an enterprise account.
List the trusted profile templates in an enterprise account.
List the trusted profile templates in an enterprise account.
List the trusted profile templates in an enterprise account.
GET /v1/profile_templates
(iamIdentity *IamIdentityV1) ListProfileTemplates(listProfileTemplatesOptions *ListProfileTemplatesOptions) (result *TrustedProfileTemplateList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListProfileTemplatesWithContext(ctx context.Context, listProfileTemplatesOptions *ListProfileTemplatesOptions) (result *TrustedProfileTemplateList, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateList> listProfileTemplates(ListProfileTemplatesOptions listProfileTemplatesOptions)
listProfileTemplates(params)
list_profile_templates(
self,
*,
account_id: Optional[str] = None,
limit: Optional[str] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListProfileTemplatesOptions
struct and set the fields to provide parameter values for the ListProfileTemplates
method.
Use the ListProfileTemplatesOptions.Builder
to create a ListProfileTemplatesOptions
object that contains the parameter values for the listProfileTemplates
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID of the trusted profile templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templates are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListProfileTemplates options.
Account ID of the trusted profile templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templates are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listProfileTemplates options.
Account ID of the trusted profile templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templates are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the trusted profile templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templates are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the trusted profile templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templates are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profile_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
listOptions := &iamidentityv1.ListProfileTemplatesOptions{ AccountID: &enterpriseAccountID, } listResponse, response, err := iamIdentityService.ListProfileTemplates(listOptions) b, _ := json.MarshalIndent(listResponse, "", " ") fmt.Println(string(b))
ListProfileTemplatesOptions listOptions = new ListProfileTemplatesOptions.Builder() .accountId(enterpriseAccountId) .build(); Response<TrustedProfileTemplateList> response = service.listProfileTemplates(listOptions).execute(); TrustedProfileTemplateList listResult = response.getResult(); System.out.println(listResult);
const params = { accountId: enterpriseAccountId, } try { const res = await iamIdentityService.listProfileTemplates(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
list_response = iam_identity_service.list_profile_templates(account_id=enterprise_account_id) profile_template_list = list_response.get_result() print('\nlist_profile_templates response: ', json.dumps(profile_template_list, indent=2))
Response
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
Context for problem determination.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- ProfileTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- profileTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- profile_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- profile_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profile_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "profile_templates": [ { "id": "ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new profile template", "committed": true, "profile": { "name": "Profile from template", "description": "this is my spanking profile created from a template v1", "rules": [ { "type": "Profile-SAML", "realm_name": "idp_realm_name", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"MyName\"" } ] } ] }, "policy_template_references": [ { "id": "Policy_Template-ABCD", "version": "1" }, { "id": "Policy_Template-ABCDe", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profile_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "profile_templates": [ { "id": "ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new profile template", "committed": true, "profile": { "name": "Profile from template", "description": "this is my spanking profile created from a template v1", "rules": [ { "type": "Profile-SAML", "realm_name": "idp_realm_name", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"MyName\"" } ] } ] }, "policy_template_references": [ { "id": "Policy_Template-ABCD", "version": "1" }, { "id": "Policy_Template-ABCDe", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
Create a trusted profile template
Create a new trusted profile template in an enterprise account.
Create a new trusted profile template in an enterprise account.
Create a new trusted profile template in an enterprise account.
Create a new trusted profile template in an enterprise account.
Create a new trusted profile template in an enterprise account.
POST /v1/profile_templates
(iamIdentity *IamIdentityV1) CreateProfileTemplate(createProfileTemplateOptions *CreateProfileTemplateOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateProfileTemplateWithContext(ctx context.Context, createProfileTemplateOptions *CreateProfileTemplateOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateResponse> createProfileTemplate(CreateProfileTemplateOptions createProfileTemplateOptions)
createProfileTemplate(params)
create_profile_template(
self,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
profile: Optional['TemplateProfileComponentRequest'] = None,
policy_template_references: Optional[List['PolicyTemplateReference']] = None,
action_controls: Optional['ActionControls'] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateProfileTemplateOptions
struct and set the fields to provide parameter values for the CreateProfileTemplate
method.
Use the CreateProfileTemplateOptions.Builder
to create a CreateProfileTemplateOptions
object that contains the parameter values for the createProfileTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Request to create a trusted profile template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action controls that you can define for identities, rules and policies.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateProfileTemplate options.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
The createProfileTemplate options.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
parameters
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
parameters
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
curl -X POST "https://iam.cloud.ibm.com/v1/profile_templates" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "identities": [ { "type": "user", "identifier": "IBMid-123456789", "accounts": [ "5bbe28be34524sdbdaa34d37d1f2294a" ] } ], "rules": [ { "type": "Profile", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": 1 } ] }'
profileClaimRuleConditions := new(iamidentityv1.ProfileClaimRuleConditions) profileClaimRuleConditions.Claim = core.StringPtr("blueGroups") profileClaimRuleConditions.Operator = core.StringPtr("EQUALS") profileClaimRuleConditions.Value = core.StringPtr("\"cloud-docs-dev\"") profileTemplateClaimRule := new(iamidentityv1.TrustedProfileTemplateClaimRule) profileTemplateClaimRule.Name = core.StringPtr("My Rule") profileTemplateClaimRule.RealmName = &realmName profileTemplateClaimRule.Type = &claimRuleType profileTemplateClaimRule.Expiration = core.Int64Ptr(int64(43200)) profileTemplateClaimRule.Conditions = []iamidentityv1.ProfileClaimRuleConditions{*profileClaimRuleConditions} profile := new(iamidentityv1.TemplateProfileComponentRequest) profile.Name = &profileTemplateProfileName profile.Description = core.StringPtr("Example Profile created from Profile Template") profile.Rules = []iamidentityv1.TrustedProfileTemplateClaimRule{*profileTemplateClaimRule} createOptions := &iamidentityv1.CreateProfileTemplateOptions{ Name: &profileTemplateName, Description: core.StringPtr("Example Profile Template"), AccountID: &enterpriseAccountID, Profile: profile, } createResponse, response, err := iamIdentityService.CreateProfileTemplate(createOptions) b, _ := json.MarshalIndent(createResponse, "", " ") fmt.Println(string(b)) // Grab the ID and Etag value from the response for use in the update operation profileTemplateId = *createResponse.ID profileTemplateVersion = *createResponse.Version profileTemplateEtag = response.GetHeaders().Get("Etag")
ProfileClaimRuleConditions condition = new ProfileClaimRuleConditions.Builder() .claim("blueGroups") .operator("EQUALS") .value("\"cloud-docs-dev\"") .build(); List<ProfileClaimRuleConditions> conditions = new ArrayList<>(); conditions.add(condition); TrustedProfileTemplateClaimRule claimRule = new TrustedProfileTemplateClaimRule.Builder() .name("My Rule") .realmName(realmName) .type(claimRuleType) .expiration(43200) .conditions(conditions) .build(); TemplateProfileComponentRequest profile = new TemplateProfileComponentRequest.Builder() .addRules(claimRule) .name(profileTemplateProfileName) .description("Trusted profile created from a template") .build(); CreateProfileTemplateOptions createProfileTemplateOptions = new CreateProfileTemplateOptions.Builder() .name(profileTemplateName) .description("IAM enterprise trusted profile template example") .accountId(enterpriseAccountId) .profile(profile) .build(); Response<TrustedProfileTemplateResponse> response = service.createProfileTemplate(createProfileTemplateOptions).execute(); TrustedProfileTemplateResponse trustedProfileTemplateResult = response.getResult(); // Save the id for use by other test methods. profileTemplateId = trustedProfileTemplateResult.getId(); profileTemplateVersion = trustedProfileTemplateResult.getVersion().longValue(); System.out.println(trustedProfileTemplateResult);
const condition = { claim: "blueGroups", operator: "EQUALS", value: "\"cloud-docs-dev\"", } const claimRule = { name: "My Rule", realm_name: realmName, type: 'Profile-SAML', expiration: 43200, conditions: [condition], } const profile = { rules: [claimRule], name: "Profile-From-Example-Template", description: "Trusted profile created from a template", } const templateParams = { name: "Example-Profile-Template", description: "IAM enterprise trusted profile template example", accountId: enterpriseAccountId, profile: profile, } try { const res = await iamIdentityService.createProfileTemplate(templateParams); profileTemplateEtag = res.headers.etag; const { result } = res; profileTemplateId = result.id; profileTemplateVersion = result.version; console.log(JSON.stringify(result, null, 2)); } catch (err) { console.warn(err); }
profile_claim_rule_conditions = {} profile_claim_rule_conditions['claim'] = 'blueGroups' profile_claim_rule_conditions['operator'] = 'EQUALS' profile_claim_rule_conditions['value'] = '\"cloud-docs-dev\"' profile_claim_rule = {} profile_claim_rule['name'] = 'My Rule' profile_claim_rule['realm_name'] = 'https://sdk.test.realm/1234' profile_claim_rule['type'] = 'Profile-SAML' profile_claim_rule['expiration'] = 43200 profile_claim_rule['conditions'] = [profile_claim_rule_conditions] profile = {} profile['name'] = 'Profile-From-Example-Template' profile['description'] = 'Trusted profile created from a template' profile['rules'] = [profile_claim_rule] create_response = iam_identity_service.create_profile_template( name='Example-Profile-Template', description='IAM enterprise trusted profile template example', account_id=enterprise_account_id, profile=profile, ) profile_template = create_response.get_result() print('\ncreate_profile_template() response: ', json.dumps(profile_template, indent=2))
Response
Response body format for Trusted Profile Template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action control defines adding and removing of identities, rules and policies
History of the trusted profile template.
Entity tag for this templateId-version combination
Cloud resource name
Timestamp of when the template was created
IAMid of the creator
Timestamp of when the template was last modified
IAMid of the identity that made the latest modification
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Template successfully created
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ], "identities": [ { "iam_id": "IBMid-123456789", "identifier": "IBMid-123456789", "accounts": [ "5bbe28be34524sdbdaa34d37d1f2294a" ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ], "identities": [ { "iam_id": "IBMid-123456789", "identifier": "IBMid-123456789", "accounts": [ "5bbe28be34524sdbdaa34d37d1f2294a" ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Get latest version of a trusted profile template
Get the latest version of a trusted profile template in an enterprise account.
Get the latest version of a trusted profile template in an enterprise account.
Get the latest version of a trusted profile template in an enterprise account.
Get the latest version of a trusted profile template in an enterprise account.
Get the latest version of a trusted profile template in an enterprise account.
GET /v1/profile_templates/{template_id}
(iamIdentity *IamIdentityV1) GetLatestProfileTemplateVersion(getLatestProfileTemplateVersionOptions *GetLatestProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetLatestProfileTemplateVersionWithContext(ctx context.Context, getLatestProfileTemplateVersionOptions *GetLatestProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateResponse> getLatestProfileTemplateVersion(GetLatestProfileTemplateVersionOptions getLatestProfileTemplateVersionOptions)
getLatestProfileTemplateVersion(params)
get_latest_profile_template_version(
self,
template_id: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetLatestProfileTemplateVersionOptions
struct and set the fields to provide parameter values for the GetLatestProfileTemplateVersion
method.
Use the GetLatestProfileTemplateVersionOptions.Builder
to create a GetLatestProfileTemplateVersionOptions
object that contains the parameter values for the getLatestProfileTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Query Parameters
Defines if the entity history is included in the response.
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetLatestProfileTemplateVersion options.
ID of the trusted profile template.
Defines if the entity history is included in the response.
Default:
false
The getLatestProfileTemplateVersion options.
ID of the trusted profile template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the trusted profile template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the trusted profile template.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profile_templates/ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
getOptions := &iamidentityv1.GetLatestProfileTemplateVersionOptions{ TemplateID: &profileTemplateId, } getResponse, response, err := iamIdentityService.GetLatestProfileTemplateVersion(getOptions) b, _ := json.MarshalIndent(getResponse, "", " ") fmt.Println(string(b))
GetLatestProfileTemplateVersionOptions getOptions = new GetLatestProfileTemplateVersionOptions.Builder() .templateId(profileTemplateId) .build(); Response<TrustedProfileTemplateResponse> getResponse = service.getLatestProfileTemplateVersion(getOptions).execute(); TrustedProfileTemplateResponse getResult = getResponse.getResult(); System.out.println(getResult);
const params = { templateId: profileTemplateId, } try { const res = await iamIdentityService.getLatestProfileTemplateVersion(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_response = iam_identity_service.get_latest_profile_template_version(template_id=profile_template_id) profile_template = get_response.get_result() print('\nget_latest_profile_template_version response: ', json.dumps(profile_template, indent=2))
Response
Response body format for Trusted Profile Template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action control defines adding and removing of identities, rules and policies
History of the trusted profile template.
Entity tag for this templateId-version combination
Cloud resource name
Timestamp of when the template was created
IAMid of the creator
Timestamp of when the template was last modified
IAMid of the identity that made the latest modification
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found.
Internal Server error
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Delete all versions of a trusted profile template
Delete all versions of a trusted profile template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of a trusted profile template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of a trusted profile template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of a trusted profile template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of a trusted profile template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
DELETE /v1/profile_templates/{template_id}
(iamIdentity *IamIdentityV1) DeleteAllVersionsOfProfileTemplate(deleteAllVersionsOfProfileTemplateOptions *DeleteAllVersionsOfProfileTemplateOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteAllVersionsOfProfileTemplateWithContext(ctx context.Context, deleteAllVersionsOfProfileTemplateOptions *DeleteAllVersionsOfProfileTemplateOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteAllVersionsOfProfileTemplate(DeleteAllVersionsOfProfileTemplateOptions deleteAllVersionsOfProfileTemplateOptions)
deleteAllVersionsOfProfileTemplate(params)
delete_all_versions_of_profile_template(
self,
template_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteAllVersionsOfProfileTemplateOptions
struct and set the fields to provide parameter values for the DeleteAllVersionsOfProfileTemplate
method.
Use the DeleteAllVersionsOfProfileTemplateOptions.Builder
to create a DeleteAllVersionsOfProfileTemplateOptions
object that contains the parameter values for the deleteAllVersionsOfProfileTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteAllVersionsOfProfileTemplate options.
ID of the trusted profile template.
The deleteAllVersionsOfProfileTemplate options.
ID of the trusted profile template.
parameters
ID of the trusted profile template.
parameters
ID of the trusted profile template.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profile_templates/ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
deleteOptions := &iamidentityv1.DeleteAllVersionsOfProfileTemplateOptions{ TemplateID: &profileTemplateId, } response, err := iamIdentityService.DeleteAllVersionsOfProfileTemplate(deleteOptions)
DeleteAllVersionsOfProfileTemplateOptions deleteTeplateOptions = new DeleteAllVersionsOfProfileTemplateOptions.Builder() .templateId(profileTemplateId) .build(); Response<Void> deleteResponse = service.deleteAllVersionsOfProfileTemplate(deleteTeplateOptions).execute();
const params = { templateId: profileTemplateId, } try { const res = await iamIdentityService.deleteAllVersionsOfProfileTemplate(params); } catch (err) { console.warn(err); }
delete_response = iam_identity_service.delete_all_versions_of_profile_template( template_id=profile_template_id )
Response
Status Code
Successful Template Deletion
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
No Sample Response
List trusted profile template versions
List the versions of a trusted profile template in an enterprise account.
List the versions of a trusted profile template in an enterprise account.
List the versions of a trusted profile template in an enterprise account.
List the versions of a trusted profile template in an enterprise account.
List the versions of a trusted profile template in an enterprise account.
GET /v1/profile_templates/{template_id}/versions
(iamIdentity *IamIdentityV1) ListVersionsOfProfileTemplate(listVersionsOfProfileTemplateOptions *ListVersionsOfProfileTemplateOptions) (result *TrustedProfileTemplateList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListVersionsOfProfileTemplateWithContext(ctx context.Context, listVersionsOfProfileTemplateOptions *ListVersionsOfProfileTemplateOptions) (result *TrustedProfileTemplateList, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateList> listVersionsOfProfileTemplate(ListVersionsOfProfileTemplateOptions listVersionsOfProfileTemplateOptions)
listVersionsOfProfileTemplate(params)
list_versions_of_profile_template(
self,
template_id: str,
*,
limit: Optional[str] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListVersionsOfProfileTemplateOptions
struct and set the fields to provide parameter values for the ListVersionsOfProfileTemplate
method.
Use the ListVersionsOfProfileTemplateOptions.Builder
to create a ListVersionsOfProfileTemplateOptions
object that contains the parameter values for the listVersionsOfProfileTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Query Parameters
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListVersionsOfProfileTemplate options.
ID of the trusted profile template.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listVersionsOfProfileTemplate options.
ID of the trusted profile template.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the trusted profile template.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the trusted profile template.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profile_templates/ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9/versions/" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
listOptions := &iamidentityv1.ListVersionsOfProfileTemplateOptions{ TemplateID: &profileTemplateId, } listResponse, response, err := iamIdentityService.ListVersionsOfProfileTemplate(listOptions) b, _ := json.MarshalIndent(listResponse, "", " ") fmt.Println(string(b))
ListVersionsOfProfileTemplateOptions listOptions = new ListVersionsOfProfileTemplateOptions.Builder() .templateId(profileTemplateId) .build(); Response<TrustedProfileTemplateList> listResponse = service.listVersionsOfProfileTemplate(listOptions).execute(); TrustedProfileTemplateList listResult = listResponse.getResult(); System.out.println(listResult);
const params = { templateId: profileTemplateId, } try { const res = await iamIdentityService.listVersionsOfProfileTemplate(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
list_response = iam_identity_service.list_versions_of_profile_template(template_id=profile_template_id) profile_template_list = list_response.get_result() print('\nlist_profile_template_versions response: ', json.dumps(profile_template_list, indent=2))
Response
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
Context for problem determination.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- ProfileTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- profileTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- profile_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Profile Templates based on the query paramters and the page size. The profile_templates array is always part of the response but might be empty depending on the query parameter values provided.
- profile_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions", "profile_templates": [ { "id": "ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new profile template", "committed": true, "profile": { "name": "Profile from template", "description": "this is my spanking profile created from a template v1", "rules": [ { "type": "Profile-SAML", "realm_name": "idp_realm_name", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"MyName\"" } ] } ] }, "policy_template_references": [ { "id": "Policy_Template-ABCD", "version": "1" }, { "id": "Policy_Template-ABCDe", "version": "1" } ], "action_controls": null, "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions", "profile_templates": [ { "id": "ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new profile template", "committed": true, "profile": { "name": "Profile from template", "description": "this is my spanking profile created from a template v1", "rules": [ { "type": "Profile-SAML", "realm_name": "idp_realm_name", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"MyName\"" } ] } ] }, "policy_template_references": [ { "id": "Policy_Template-ABCD", "version": "1" }, { "id": "Policy_Template-ABCDe", "version": "1" } ], "action_controls": null, "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
Create new version of a trusted profile template
Create a new version of a trusted profile template in an enterprise account.
Create a new version of a trusted profile template in an enterprise account.
Create a new version of a trusted profile template in an enterprise account.
Create a new version of a trusted profile template in an enterprise account.
Create a new version of a trusted profile template in an enterprise account.
POST /v1/profile_templates/{template_id}/versions
(iamIdentity *IamIdentityV1) CreateProfileTemplateVersion(createProfileTemplateVersionOptions *CreateProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateProfileTemplateVersionWithContext(ctx context.Context, createProfileTemplateVersionOptions *CreateProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateResponse> createProfileTemplateVersion(CreateProfileTemplateVersionOptions createProfileTemplateVersionOptions)
createProfileTemplateVersion(params)
create_profile_template_version(
self,
template_id: str,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
profile: Optional['TemplateProfileComponentRequest'] = None,
policy_template_references: Optional[List['PolicyTemplateReference']] = None,
action_controls: Optional['ActionControls'] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateProfileTemplateVersionOptions
struct and set the fields to provide parameter values for the CreateProfileTemplateVersion
method.
Use the CreateProfileTemplateVersionOptions.Builder
to create a CreateProfileTemplateVersionOptions
object that contains the parameter values for the createProfileTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Request to create new version of a Trusted Profile Template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action controls that you can define for identities, rules and policies.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateProfileTemplateVersion options.
ID of the trusted profile template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
The createProfileTemplateVersion options.
ID of the trusted profile template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
parameters
ID of the trusted profile template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
parameters
ID of the trusted profile template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
curl -X POST "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions/" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": 1 } ] }'
profileClaimRuleConditions := new(iamidentityv1.ProfileClaimRuleConditions) profileClaimRuleConditions.Claim = core.StringPtr("blueGroups") profileClaimRuleConditions.Operator = core.StringPtr("EQUALS") profileClaimRuleConditions.Value = core.StringPtr("\"cloud-docs-dev\"") profileTemplateClaimRule := new(iamidentityv1.TrustedProfileTemplateClaimRule) profileTemplateClaimRule.Name = core.StringPtr("My Rule") profileTemplateClaimRule.RealmName = &realmName profileTemplateClaimRule.Type = &claimRuleType profileTemplateClaimRule.Expiration = core.Int64Ptr(int64(43200)) profileTemplateClaimRule.Conditions = []iamidentityv1.ProfileClaimRuleConditions{*profileClaimRuleConditions} profile := new(iamidentityv1.TemplateProfileComponentRequest) profile.Name = &profileTemplateProfileName profile.Description = core.StringPtr("Example Profile created from Profile Template - new version") profile.Rules = []iamidentityv1.TrustedProfileTemplateClaimRule{*profileTemplateClaimRule} createOptions := &iamidentityv1.CreateProfileTemplateVersionOptions{ Name: &profileTemplateName, Description: core.StringPtr("Example Profile Template - new version"), AccountID: &enterpriseAccountID, TemplateID: &profileTemplateId, Profile: profile, } createResponse, response, err := iamIdentityService.CreateProfileTemplateVersion(createOptions) b, _ := json.MarshalIndent(createResponse, "", " ") fmt.Println(string(b)) // save the new version to be used in subsequent calls profileTemplateVersion = *createResponse.Version
ProfileClaimRuleConditions condition = new ProfileClaimRuleConditions.Builder() .claim("blueGroups") .operator("EQUALS") .value("\"cloud-docs-dev\"") .build(); List<ProfileClaimRuleConditions> conditions = new ArrayList<>(); conditions.add(condition); TrustedProfileTemplateClaimRule claimRule = new TrustedProfileTemplateClaimRule.Builder() .name("My Rule") .realmName(realmName) .type(claimRuleType) .expiration(43200) .conditions(conditions) .build(); List<String> accounts = new ArrayList<String>(); accounts.add(enterpriseAccountId); ProfileIdentityRequest profileIdentity = new ProfileIdentityRequest.Builder() .identifier(iamId) .accounts(accounts) .type("user") .description("Identity description") .build(); List<ProfileIdentityRequest> identities = new ArrayList<ProfileIdentityRequest>(); identities.add(profileIdentity); TemplateProfileComponentRequest profile = new TemplateProfileComponentRequest.Builder() .addRules(claimRule) .name(profileTemplateProfileName) .description("Trusted profile created from a template - new version") .identities(identities) .build(); CreateProfileTemplateVersionOptions createOptions = new CreateProfileTemplateVersionOptions.Builder() .accountId(enterpriseAccountId) .templateId(profileTemplateId) .name(profileTemplateName) .description("IAM enterprise trusted profile template example - new version") .profile(profile) .build(); Response<TrustedProfileTemplateResponse> createResponse = service.createProfileTemplateVersion(createOptions).execute(); TrustedProfileTemplateResponse createResult = createResponse.getResult(); // Save the version for use by other test methods. profileTemplateVersion = createResult.getVersion().longValue(); System.out.println(createResult);
const condition = { claim: "blueGroups", operator: "EQUALS", value: "\"cloud-docs-dev\"", } const claimRule = { name: "My Rule", realm_name: realmName, type: 'Profile-SAML', expiration: 43200, conditions: [condition], } const identity = { identifier: iamId, accounts: [enterpriseAccountId], type: "user", description: "Identity description", } const profile = { rules: [claimRule], name: "Profile-From-Example-Template", description: "Trusted profile created from a template - new version", identities: [identity], } const templateParams = { templateId: profileTemplateId, name: "Example-Profile-Template", description: "IAM enterprise trusted profile template example - new version", accountId: enterpriseAccountId, profile: profile, } try { const res = await iamIdentityService.createProfileTemplateVersion(templateParams); const { result } = res; profileTemplateVersion = result.version; console.log(JSON.stringify(result, null, 2)); } catch (err) { console.warn(err); }
profile_claim_rule_conditions = {} profile_claim_rule_conditions['claim'] = 'blueGroups' profile_claim_rule_conditions['operator'] = 'EQUALS' profile_claim_rule_conditions['value'] = '\"cloud-docs-dev\"' profile_claim_rule = {} profile_claim_rule['name'] = 'My Rule' profile_claim_rule['realm_name'] = 'https://sdk.test.realm/1234' profile_claim_rule['type'] = 'Profile-SAML' profile_claim_rule['expiration'] = 43200 profile_claim_rule['conditions'] = [profile_claim_rule_conditions] profile_identity = {} profile_identity['identifier'] = iam_id profile_identity['accounts'] = [enterprise_account_id] profile_identity['type'] = 'user' profile_identity['description'] = 'Identity description' profile = {} profile['name'] = 'Profile-From-Example-Template' profile['description'] = 'Trusted profile created from a template - new version' profile['rules'] = [profile_claim_rule] profile['identities'] = [profile_identity] create_response = iam_identity_service.create_profile_template_version( template_id=profile_template_id, name='Example-Profile-Template', description='IAM enterprise trusted profile template example - new version', account_id=enterprise_account_id, profile=profile, ) profile_template = create_response.get_result() print('\ncreate_profile_template_version() response: ', json.dumps(profile_template, indent=2))
Response
Response body format for Trusted Profile Template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action control defines adding and removing of identities, rules and policies
History of the trusted profile template.
Entity tag for this templateId-version combination
Cloud resource name
Timestamp of when the template was created
IAMid of the creator
Timestamp of when the template was last modified
IAMid of the identity that made the latest modification
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Template version created successfully
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 2, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T15:05:00:000+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 2, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T15:05:00:000+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Get version of trusted profile template
Get a specific version of a trusted profile template in an enterprise account.
Get a specific version of a trusted profile template in an enterprise account.
Get a specific version of a trusted profile template in an enterprise account.
Get a specific version of a trusted profile template in an enterprise account.
Get a specific version of a trusted profile template in an enterprise account.
GET /v1/profile_templates/{template_id}/versions/{version}
(iamIdentity *IamIdentityV1) GetProfileTemplateVersion(getProfileTemplateVersionOptions *GetProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetProfileTemplateVersionWithContext(ctx context.Context, getProfileTemplateVersionOptions *GetProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateResponse> getProfileTemplateVersion(GetProfileTemplateVersionOptions getProfileTemplateVersionOptions)
getProfileTemplateVersion(params)
get_profile_template_version(
self,
template_id: str,
version: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetProfileTemplateVersionOptions
struct and set the fields to provide parameter values for the GetProfileTemplateVersion
method.
Use the GetProfileTemplateVersionOptions.Builder
to create a GetProfileTemplateVersionOptions
object that contains the parameter values for the getProfileTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Version of the Profile Template
Query Parameters
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetProfileTemplateVersion options.
ID of the trusted profile template.
Version of the Profile Template.
Defines if the entity history is included in the response.
Default:
false
The getProfileTemplateVersion options.
ID of the trusted profile template.
Version of the Profile Template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the trusted profile template.
Version of the Profile Template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the trusted profile template.
Version of the Profile Template.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions/{version}" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
getOptions := &iamidentityv1.GetProfileTemplateVersionOptions{ TemplateID: &profileTemplateId, Version: core.StringPtr(strconv.FormatInt(profileTemplateVersion, 10)), } getResponse, response, err := iamIdentityService.GetProfileTemplateVersion(getOptions) b, _ := json.MarshalIndent(getResponse, "", " ") fmt.Println(string(b)) // Grab the Etag value from the response for use in the update operation profileTemplateEtag = response.GetHeaders().Get("Etag")
GetProfileTemplateVersionOptions getProfileTemplateOptions = new GetProfileTemplateVersionOptions.Builder() .templateId(profileTemplateId) .version(Long.toString(profileTemplateVersion)) .build(); Response<TrustedProfileTemplateResponse> response = service.getProfileTemplateVersion(getProfileTemplateOptions).execute(); TrustedProfileTemplateResponse profileTemplateResult = response.getResult(); // Grab the Etag value from the response for use in the update operation. profileTemplateEtag = response.getHeaders().values("Etag").get(0); System.out.println(profileTemplateResult);
const params = { templateId: profileTemplateId, version: profileTemplateVersion, } try { const res = await iamIdentityService.getProfileTemplateVersion(params); profileTemplateEtag = res.headers.etag; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_response = iam_identity_service.get_profile_template_version( template_id=profile_template_id, version=str(profile_template_version) ) profile_template = get_response.get_result() print('\nget_profile_template response: ', json.dumps(profile_template, indent=2))
Response
Response body format for Trusted Profile Template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action control defines adding and removing of identities, rules and policies
History of the trusted profile template.
Entity tag for this templateId-version combination
Cloud resource name
Timestamp of when the template was created
IAMid of the creator
Timestamp of when the template was last modified
IAMid of the identity that made the latest modification
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template version not found.
Internal Server error
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Update version of trusted profile template
Update a specific version of a trusted profile template in an enterprise account.
Update a specific version of a trusted profile template in an enterprise account.
Update a specific version of a trusted profile template in an enterprise account.
Update a specific version of a trusted profile template in an enterprise account.
Update a specific version of a trusted profile template in an enterprise account.
PUT /v1/profile_templates/{template_id}/versions/{version}
(iamIdentity *IamIdentityV1) UpdateProfileTemplateVersion(updateProfileTemplateVersionOptions *UpdateProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateProfileTemplateVersionWithContext(ctx context.Context, updateProfileTemplateVersionOptions *UpdateProfileTemplateVersionOptions) (result *TrustedProfileTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<TrustedProfileTemplateResponse> updateProfileTemplateVersion(UpdateProfileTemplateVersionOptions updateProfileTemplateVersionOptions)
updateProfileTemplateVersion(params)
update_profile_template_version(
self,
if_match: str,
template_id: str,
version: str,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
profile: Optional['TemplateProfileComponentRequest'] = None,
policy_template_references: Optional[List['PolicyTemplateReference']] = None,
action_controls: Optional['ActionControls'] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateProfileTemplateVersionOptions
struct and set the fields to provide parameter values for the UpdateProfileTemplateVersion
method.
Use the UpdateProfileTemplateVersionOptions.Builder
to create a UpdateProfileTemplateVersionOptions
object that contains the parameter values for the updateProfileTemplateVersion
method.
Custom Headers
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the Profile Template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Version of the Profile Template
Request to create a trusted profile template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action controls that you can define for identities, rules and policies.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateProfileTemplateVersion options.
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the Profile Template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the trusted profile template.
Version of the Profile Template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
The updateProfileTemplateVersion options.
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the Profile Template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the trusted profile template.
Version of the Profile Template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
parameters
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the Profile Template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the trusted profile template.
Version of the Profile Template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
parameters
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the Profile Template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the trusted profile template.
Version of the Profile Template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account. Required field when creating a new template. Otherwise this field is optional. If the field is included it will change the name value for all existing versions of the template.
The description of the trusted profile template. Describe the template for enterprise account users.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Allowable values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Allowable values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
curl -X PUT "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions/{version}" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --header "If-Match: <value of etag header from GET request>" --data '{ "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": 1 } ] }'
updateOptions := &iamidentityv1.UpdateProfileTemplateVersionOptions{ AccountID: &enterpriseAccountID, TemplateID: &profileTemplateId, Version: core.StringPtr(strconv.FormatInt(profileTemplateVersion, 10)), IfMatch: &profileTemplateEtag, Name: &profileTemplateName, Description: core.StringPtr("Example Profile Template - updated"), } updateResponse, response, err := iamIdentityService.UpdateProfileTemplateVersion(updateOptions) b, _ := json.MarshalIndent(updateResponse, "", " ") fmt.Println(string(b)) // Grab the Etag value from the response for use in the update operation. profileTemplateEtag = response.GetHeaders().Get("Etag")
UpdateProfileTemplateVersionOptions updateOptions = new UpdateProfileTemplateVersionOptions.Builder() .accountId(enterpriseAccountId) .templateId(profileTemplateId) .version(Long.toString(profileTemplateVersion)) .ifMatch(profileTemplateEtag) .name(profileTemplateName) .description("IAM enterprise trusted profile template example - updated") .build(); Response<TrustedProfileTemplateResponse> updateResponse = service.updateProfileTemplateVersion(updateOptions).execute(); TrustedProfileTemplateResponse updateResult = updateResponse.getResult(); // Grab the Etag value from the response for use in the update operation. profileTemplateEtag = updateResponse.getHeaders().values("Etag").get(0); System.out.println(updateResult);
const params = { accountId: enterpriseAccountId, templateId: profileTemplateId, version: profileTemplateVersion, ifMatch: profileTemplateEtag, name: "Example-Profile-Template", description: "IAM enterprise trusted profile template example - updated", } try { const res = await iamIdentityService.updateProfileTemplateVersion(params); profileTemplateEtag = res.headers.etag; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
update_response = iam_identity_service.update_profile_template_version( account_id=enterprise_account_id, template_id=profile_template_id, version=str(profile_template_version), if_match=profile_template_etag, name='Example-Profile-Template', description='IAM enterprise trusted profile template example - updated', ) profile_template = update_response.get_result() print('\nupdate_profile_template() response: ', json.dumps(profile_template, indent=2))
Response
Response body format for Trusted Profile Template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment
The trusted profile to be assigned in child accounts.
Existing policy templates that you can reference to assign access in the trusted profile component.
Action control defines adding and removing of identities, rules and policies
History of the trusted profile template.
Entity tag for this templateId-version combination
Cloud resource name
Timestamp of when the template was created
IAMid of the creator
Timestamp of when the template was last modified
IAMid of the identity that made the latest modification
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- Profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- Rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- Conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- Identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- PolicyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- ActionControls
- Identities
- Rules
- Policies
History of the trusted profile template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policyTemplateReferences
ID of Access Policy Template.
Version of Access Policy Template.
- actionControls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Response body format for Trusted Profile Template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
Input body parameters for the TemplateProfileComponent.
- profile
Name of the Profile.
Description of the Profile.
Rules for the Profile.
- rules
Name of the claim rule to be created or updated.
Type of the claim rule.
Possible values: [
Profile-SAML
]The realm name of the Idp this claim rule applies to. This field is required only if the type is specified as 'Profile-SAML'.
Session expiration in seconds, only required if type is 'Profile-SAML'.
Conditions of this claim rule.
- conditions
The claim to evaluate against. Learn more.
The operation to perform on the claim. valid values are EQUALS, NOT_EQUALS, EQUALS_IGNORE_CASE, NOT_EQUALS_IGNORE_CASE, CONTAINS, IN.
The stringified JSON value that the claim is compared to using the operator.
Identities for the Profile.
- identities
IAM ID of the identity.
Identifier of the identity that can assume the trusted profiles. This can be a user identifier (IAM id), serviceid or crn. Internally it uses account id of the service id for the identifier 'serviceid' and for the identifier 'crn' it uses account id contained in the CRN.
Type of the identity.
Possible values: [
user
,serviceid
,crn
]Only valid for the type user. Accounts from which a user can assume the trusted profile.
Description of the identity that can assume the trusted profile. This is optional field for all the types of identities. When this field is not set for the identity type 'serviceid' then the description of the service id is used. Description is recommended for the identity type 'crn' E.g. 'Instance 1234 of IBM Cloud Service project'.
Existing policy templates that you can reference to assign access in the trusted profile component.
- policy_template_references
ID of Access Policy Template.
Version of Access Policy Template.
- action_controls
- identities
- rules
- policies
History of the trusted profile template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Timestamp of when the template was created.
IAMid of the creator.
Timestamp of when the template was last modified.
IAMid of the identity that made the latest modification.
Status Code
Successful updated template
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template version not found.
Internal Server error
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "db admin template", "committed": false, "profile": { "name": "Profile for DB Admins", "description": "allows users to admin db instances", "rules": [ { "type": "Profile-SAML", "realm_name": "${IDP_REALM_NAME}", "expiration": 43200, "conditions": [ { "claim": "name", "operator": "EQUALS", "value": "\"My Name\"" } ] } ] }, "policy_template_references": [ { "id": "Policy Template-12345", "version": "1" } ], "action_controls": { "identities": { "add": false, "remove": true }, "rules": { "add": true, "remove": true }, "policies": { "add": false, "remove": true } }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:ProfileTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Delete version of trusted profile template
Delete a specific version of a trusted profile template in an enterprise account. If the version is assigned to child accounts, you must first delete the assignment.
Delete a specific version of a trusted profile template in an enterprise account. If the version is assigned to child accounts, you must first delete the assignment.
Delete a specific version of a trusted profile template in an enterprise account. If the version is assigned to child accounts, you must first delete the assignment.
Delete a specific version of a trusted profile template in an enterprise account. If the version is assigned to child accounts, you must first delete the assignment.
Delete a specific version of a trusted profile template in an enterprise account. If the version is assigned to child accounts, you must first delete the assignment.
DELETE /v1/profile_templates/{template_id}/versions/{version}
(iamIdentity *IamIdentityV1) DeleteProfileTemplateVersion(deleteProfileTemplateVersionOptions *DeleteProfileTemplateVersionOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteProfileTemplateVersionWithContext(ctx context.Context, deleteProfileTemplateVersionOptions *DeleteProfileTemplateVersionOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteProfileTemplateVersion(DeleteProfileTemplateVersionOptions deleteProfileTemplateVersionOptions)
deleteProfileTemplateVersion(params)
delete_profile_template_version(
self,
template_id: str,
version: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteProfileTemplateVersionOptions
struct and set the fields to provide parameter values for the DeleteProfileTemplateVersion
method.
Use the DeleteProfileTemplateVersionOptions.Builder
to create a DeleteProfileTemplateVersionOptions
object that contains the parameter values for the deleteProfileTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Version of the Profile Template
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteProfileTemplateVersion options.
ID of the trusted profile template.
Version of the Profile Template.
The deleteProfileTemplateVersion options.
ID of the trusted profile template.
Version of the Profile Template.
parameters
ID of the trusted profile template.
Version of the Profile Template.
parameters
ID of the trusted profile template.
Version of the Profile Template.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions/{version}" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
deleteOptions := &iamidentityv1.DeleteProfileTemplateVersionOptions{ TemplateID: &profileTemplateId, Version: core.StringPtr("1"), } response, err := iamIdentityService.DeleteProfileTemplateVersion(deleteOptions)
DeleteProfileTemplateVersionOptions deleteOptions = new DeleteProfileTemplateVersionOptions.Builder() .templateId(profileTemplateId) .version("1") .build(); Response<Void> deleteResponse = service.deleteProfileTemplateVersion(deleteOptions).execute();
const params = { templateId: profileTemplateId, version: 1, } try { const res = await iamIdentityService.deleteProfileTemplateVersion(params); } catch (err) { console.warn(err); }
delete_response = iam_identity_service.delete_profile_template_version( template_id=profile_template_id, version='1' )
Response
Status Code
Template Version delete successful
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
No Sample Response
Commit a template version
Commit a specific version of a trusted profile template in an enterprise account. You must commit a template before you can assign it to child accounts. Once a template is committed, you can no longer modify the template.
Commit a specific version of a trusted profile template in an enterprise account. You must commit a template before you can assign it to child accounts. Once a template is committed, you can no longer modify the template.
Commit a specific version of a trusted profile template in an enterprise account. You must commit a template before you can assign it to child accounts. Once a template is committed, you can no longer modify the template.
Commit a specific version of a trusted profile template in an enterprise account. You must commit a template before you can assign it to child accounts. Once a template is committed, you can no longer modify the template.
Commit a specific version of a trusted profile template in an enterprise account. You must commit a template before you can assign it to child accounts. Once a template is committed, you can no longer modify the template.
POST /v1/profile_templates/{template_id}/versions/{version}/commit
(iamIdentity *IamIdentityV1) CommitProfileTemplate(commitProfileTemplateOptions *CommitProfileTemplateOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CommitProfileTemplateWithContext(ctx context.Context, commitProfileTemplateOptions *CommitProfileTemplateOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> commitProfileTemplate(CommitProfileTemplateOptions commitProfileTemplateOptions)
commitProfileTemplate(params)
commit_profile_template(
self,
template_id: str,
version: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CommitProfileTemplateOptions
struct and set the fields to provide parameter values for the CommitProfileTemplate
method.
Use the CommitProfileTemplateOptions.Builder
to create a CommitProfileTemplateOptions
object that contains the parameter values for the commitProfileTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the trusted profile template
Version of the Profile Template
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CommitProfileTemplate options.
ID of the trusted profile template.
Version of the Profile Template.
The commitProfileTemplate options.
ID of the trusted profile template.
Version of the Profile Template.
parameters
ID of the trusted profile template.
Version of the Profile Template.
parameters
ID of the trusted profile template.
Version of the Profile Template.
curl -X POST "https://iam.cloud.ibm.com/v1/profile_templates/{template_id}/versions/{version}/commit" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
commitOptions := &iamidentityv1.CommitProfileTemplateOptions{ TemplateID: &profileTemplateId, Version: core.StringPtr(strconv.FormatInt(profileTemplateVersion, 10)), } response, err := iamIdentityService.CommitProfileTemplate(commitOptions)
CommitProfileTemplateOptions commitOptions = new CommitProfileTemplateOptions.Builder() .templateId(profileTemplateId) .version(Long.toString(profileTemplateVersion)) .build(); Response<Void> commitResponse = service.commitProfileTemplate(commitOptions).execute();
const commitParams = { templateId: profileTemplateId, version: profileTemplateVersion, } try { const res = await iamIdentityService.commitProfileTemplate(commitParams); } catch (err) { console.warn(err); }
commit_response = iam_identity_service.commit_profile_template( template_id=profile_template_id, version=str(profile_template_version) )
Response
Status Code
Template Version committed
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
No Sample Response
List account settings templates
List account settings templates in an enterprise account
List account settings templates in an enterprise account.
List account settings templates in an enterprise account.
List account settings templates in an enterprise account.
List account settings templates in an enterprise account.
GET /v1/account_settings_templates
(iamIdentity *IamIdentityV1) ListAccountSettingsTemplates(listAccountSettingsTemplatesOptions *ListAccountSettingsTemplatesOptions) (result *AccountSettingsTemplateList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListAccountSettingsTemplatesWithContext(ctx context.Context, listAccountSettingsTemplatesOptions *ListAccountSettingsTemplatesOptions) (result *AccountSettingsTemplateList, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateList> listAccountSettingsTemplates(ListAccountSettingsTemplatesOptions listAccountSettingsTemplatesOptions)
listAccountSettingsTemplates(params)
list_account_settings_templates(
self,
*,
account_id: Optional[str] = None,
limit: Optional[str] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListAccountSettingsTemplatesOptions
struct and set the fields to provide parameter values for the ListAccountSettingsTemplates
method.
Use the ListAccountSettingsTemplatesOptions.Builder
to create a ListAccountSettingsTemplatesOptions
object that contains the parameter values for the listAccountSettingsTemplates
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID of the account settings templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListAccountSettingsTemplates options.
Account ID of the account settings templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listAccountSettingsTemplates options.
Account ID of the account settings templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the account settings templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the account settings templates to query. This parameter is required unless using a pagetoken.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/account_settings_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
listOptions := &iamidentityv1.ListAccountSettingsTemplatesOptions{ AccountID: &enterpriseAccountID, } listResponse, response, err := iamIdentityService.ListAccountSettingsTemplates(listOptions) b, _ := json.MarshalIndent(listResponse, "", " ") fmt.Println(string(b))
ListAccountSettingsTemplatesOptions listOptions = new ListAccountSettingsTemplatesOptions.Builder() .accountId(enterpriseAccountId) .build(); Response<AccountSettingsTemplateList> response = service.listAccountSettingsTemplates(listOptions).execute(); AccountSettingsTemplateList result = response.getResult(); System.out.println(result);
const params = { accountId: enterpriseAccountId, } try { const res = await iamIdentityService.listAccountSettingsTemplates(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
list_response = iam_identity_service.list_account_settings_templates(account_id=enterprise_account_id) account_settings_template_list = list_response.get_result() print('\nlist_account_settings_templates response: ', json.dumps(account_settings_template_list, indent=2))
Response
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
Context for problem determination.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- AccountSettingsTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- accountSettingsTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- account_settings_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- account_settings_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/account_settings_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "account_settings_templates": [ { "id": "AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new account settings template", "committed": true, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/account_settings_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "account_settings_templates": [ { "id": "AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new account settings template", "committed": true, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
Create an account settings template
Create a new account settings template in an enterprise account.
Create a new account settings template in an enterprise account.
Create a new account settings template in an enterprise account.
Create a new account settings template in an enterprise account.
Create a new account settings template in an enterprise account.
POST /v1/account_settings_templates
(iamIdentity *IamIdentityV1) CreateAccountSettingsTemplate(createAccountSettingsTemplateOptions *CreateAccountSettingsTemplateOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateAccountSettingsTemplateWithContext(ctx context.Context, createAccountSettingsTemplateOptions *CreateAccountSettingsTemplateOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateResponse> createAccountSettingsTemplate(CreateAccountSettingsTemplateOptions createAccountSettingsTemplateOptions)
createAccountSettingsTemplate(params)
create_account_settings_template(
self,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
account_settings: Optional['AccountSettingsComponent'] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateAccountSettingsTemplateOptions
struct and set the fields to provide parameter values for the CreateAccountSettingsTemplate
method.
Use the CreateAccountSettingsTemplateOptions.Builder
to create a CreateAccountSettingsTemplateOptions
object that contains the parameter values for the createAccountSettingsTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Request to create an account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
IAM account settings to be assigned in child accounts.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateAccountSettingsTemplate options.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
The createAccountSettingsTemplate options.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
curl -X POST "https://iam.cloud.ibm.com/v1/account_settings_templates" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template", "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" } }'
settings := &iamidentityv1.AccountSettingsComponent{ Mfa: core.StringPtr("LEVEL1"), SystemAccessTokenExpirationInSeconds: core.StringPtr("3000"), } createOptions := &iamidentityv1.CreateAccountSettingsTemplateOptions{ Name: &accountSettingsTemplateName, Description: core.StringPtr("GoSDK test Account Settings Template"), AccountID: &enterpriseAccountID, AccountSettings: settings, } createResponse, response, err := iamIdentityService.CreateAccountSettingsTemplate(createOptions) b, _ := json.MarshalIndent(createResponse, "", " ") fmt.Println(string(b)) // Grab the ID and Etag value from the response for use in the update operation. accountSettingsTemplateId = *createResponse.ID accountSettingsTemplateVersion = *createResponse.Version accountSettingsTemplateEtag = response.GetHeaders().Get("Etag")
AccountSettingsComponent accountSettings = new AccountSettingsComponent.Builder() .mfa("LEVEL1") .systemAccessTokenExpirationInSeconds("3000") .build(); CreateAccountSettingsTemplateOptions createOptions = new CreateAccountSettingsTemplateOptions.Builder() .accountId(enterpriseAccountId) .name(accountSettingsTemplateName) .description("IAM enterprise account settings template example") .accountSettings(accountSettings) .build(); Response<AccountSettingsTemplateResponse> createResponse = service.createAccountSettingsTemplate(createOptions).execute(); AccountSettingsTemplateResponse createResult = createResponse.getResult(); // Save the id for use by other test methods. accountSettingsTemplateId = createResult.getId(); accountSettingsTemplateVersion = createResult.getVersion().longValue(); System.out.println(createResult);
const settings = { mfa: "LEVEL1", system_access_token_expiration_in_seconds: "3000", } const templateParams = { name: "Example-Account-Settings-Template", description: "IAM enterprise account settings template example", accountId: enterpriseAccountId, accountSettings: settings, } try { const res = await iamIdentityService.createAccountSettingsTemplate(templateParams); accountSettingsTemplateEtag = res.headers.etag; const { result } = res; accountSettingsTemplateId = result.id; accountSettingsTemplateVersion = result.version; console.log(JSON.stringify(result, null, 2)); } catch (err) { console.warn(err); }
account_settings = {} account_settings['mfa'] = 'LEVEL1' account_settings['system_access_token_expiration_in_seconds'] = 3000 create_response = iam_identity_service.create_account_settings_template( name='Example-Account-Settings-Template', description='IAM enterprise account settings template example', account_id=enterprise_account_id, account_settings=account_settings, ) account_settings_template = create_response.get_result() print('\ncreate_account_settings_template() response: ', json.dumps(account_settings_template, indent=2))
Response
Response body format for account settings template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
Committed flag determines if the template is ready for assignment
IAM account settings to be assigned in child accounts.
Entity tag for this templateId-version combination
Cloud resource name
The description of the trusted profile template. Describe the template for enterprise account users.
History of the Template.
Template Created At
IAMid of the creator
Template last modified at
IAMid of the identity that made the latest modification
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Template successfully created
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Get latest version of an account settings template
Get the latest version of a specific account settings template in an enterprise account.
Get the latest version of a specific account settings template in an enterprise account.
Get the latest version of a specific account settings template in an enterprise account.
Get the latest version of a specific account settings template in an enterprise account.
Get the latest version of a specific account settings template in an enterprise account.
GET /v1/account_settings_templates/{template_id}
(iamIdentity *IamIdentityV1) GetLatestAccountSettingsTemplateVersion(getLatestAccountSettingsTemplateVersionOptions *GetLatestAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetLatestAccountSettingsTemplateVersionWithContext(ctx context.Context, getLatestAccountSettingsTemplateVersionOptions *GetLatestAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateResponse> getLatestAccountSettingsTemplateVersion(GetLatestAccountSettingsTemplateVersionOptions getLatestAccountSettingsTemplateVersionOptions)
getLatestAccountSettingsTemplateVersion(params)
get_latest_account_settings_template_version(
self,
template_id: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetLatestAccountSettingsTemplateVersionOptions
struct and set the fields to provide parameter values for the GetLatestAccountSettingsTemplateVersion
method.
Use the GetLatestAccountSettingsTemplateVersionOptions.Builder
to create a GetLatestAccountSettingsTemplateVersionOptions
object that contains the parameter values for the getLatestAccountSettingsTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Query Parameters
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetLatestAccountSettingsTemplateVersion options.
ID of the account settings template.
Defines if the entity history is included in the response.
Default:
false
The getLatestAccountSettingsTemplateVersion options.
ID of the account settings template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the account settings template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the account settings template.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/account_settings_templates/AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
getOptions := &iamidentityv1.GetLatestAccountSettingsTemplateVersionOptions{ TemplateID: &accountSettingsTemplateId, } getResponse, response, err := iamIdentityService.GetLatestAccountSettingsTemplateVersion(getOptions) b, _ := json.MarshalIndent(getResponse, "", " ") fmt.Println(string(b))
GetLatestAccountSettingsTemplateVersionOptions getOptions = new GetLatestAccountSettingsTemplateVersionOptions.Builder() .templateId(accountSettingsTemplateId) .build(); Response<AccountSettingsTemplateResponse> getResponse = service.getLatestAccountSettingsTemplateVersion(getOptions).execute(); AccountSettingsTemplateResponse getResult = getResponse.getResult(); System.out.println(getResult);
const params = { templateId: accountSettingsTemplateId, } try { const res = await iamIdentityService.getLatestAccountSettingsTemplateVersion(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_response = iam_identity_service.get_latest_account_settings_template_version( template_id=account_settings_template_id ) account_settings_template = get_response.get_result() print( '\nget_latest_account_settings_template_version response: ', json.dumps(account_settings_template, indent=2), )
Response
Response body format for account settings template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
Committed flag determines if the template is ready for assignment
IAM account settings to be assigned in child accounts.
Entity tag for this templateId-version combination
Cloud resource name
The description of the trusted profile template. Describe the template for enterprise account users.
History of the Template.
Template Created At
IAMid of the creator
Template last modified at
IAMid of the identity that made the latest modification
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found.
Internal Server error
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Delete all versions of an account settings template
Delete all versions of an account settings template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of an account settings template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of an account settings template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of an account settings template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
Delete all versions of an account settings template in an enterprise account. If any version is assigned to child accounts, you must first delete the assignment.
DELETE /v1/account_settings_templates/{template_id}
(iamIdentity *IamIdentityV1) DeleteAllVersionsOfAccountSettingsTemplate(deleteAllVersionsOfAccountSettingsTemplateOptions *DeleteAllVersionsOfAccountSettingsTemplateOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteAllVersionsOfAccountSettingsTemplateWithContext(ctx context.Context, deleteAllVersionsOfAccountSettingsTemplateOptions *DeleteAllVersionsOfAccountSettingsTemplateOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteAllVersionsOfAccountSettingsTemplate(DeleteAllVersionsOfAccountSettingsTemplateOptions deleteAllVersionsOfAccountSettingsTemplateOptions)
deleteAllVersionsOfAccountSettingsTemplate(params)
delete_all_versions_of_account_settings_template(
self,
template_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteAllVersionsOfAccountSettingsTemplateOptions
struct and set the fields to provide parameter values for the DeleteAllVersionsOfAccountSettingsTemplate
method.
Use the DeleteAllVersionsOfAccountSettingsTemplateOptions.Builder
to create a DeleteAllVersionsOfAccountSettingsTemplateOptions
object that contains the parameter values for the deleteAllVersionsOfAccountSettingsTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteAllVersionsOfAccountSettingsTemplate options.
ID of the account settings template.
The deleteAllVersionsOfAccountSettingsTemplate options.
ID of the account settings template.
parameters
ID of the account settings template.
parameters
ID of the account settings template.
curl -X DELETE "https://iam.cloud.ibm.com/v1/account_settings_templates/AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
deleteOptions := &iamidentityv1.DeleteAllVersionsOfAccountSettingsTemplateOptions{ TemplateID: &accountSettingsTemplateId, } response, err := iamIdentityService.DeleteAllVersionsOfAccountSettingsTemplate(deleteOptions)
DeleteAllVersionsOfAccountSettingsTemplateOptions deleteTeplateOptions = new DeleteAllVersionsOfAccountSettingsTemplateOptions.Builder() .templateId(accountSettingsTemplateId) .build(); Response<Void> deleteResponse = service.deleteAllVersionsOfAccountSettingsTemplate(deleteTeplateOptions).execute();
const params = { templateId: accountSettingsTemplateId, } try { const res = await iamIdentityService.deleteAllVersionsOfAccountSettingsTemplate(params); } catch (err) { console.warn(err); }
delete_response = iam_identity_service.delete_all_versions_of_account_settings_template( template_id=account_settings_template_id )
Response
Status Code
Successful Template Deletion
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
No Sample Response
List account settings template versions
List the versions of a specific account settings template in an enterprise account.
List the versions of a specific account settings template in an enterprise account.
List the versions of a specific account settings template in an enterprise account.
List the versions of a specific account settings template in an enterprise account.
List the versions of a specific account settings template in an enterprise account.
GET /v1/account_settings_templates/{template_id}/versions
(iamIdentity *IamIdentityV1) ListVersionsOfAccountSettingsTemplate(listVersionsOfAccountSettingsTemplateOptions *ListVersionsOfAccountSettingsTemplateOptions) (result *AccountSettingsTemplateList, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListVersionsOfAccountSettingsTemplateWithContext(ctx context.Context, listVersionsOfAccountSettingsTemplateOptions *ListVersionsOfAccountSettingsTemplateOptions) (result *AccountSettingsTemplateList, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateList> listVersionsOfAccountSettingsTemplate(ListVersionsOfAccountSettingsTemplateOptions listVersionsOfAccountSettingsTemplateOptions)
listVersionsOfAccountSettingsTemplate(params)
list_versions_of_account_settings_template(
self,
template_id: str,
*,
limit: Optional[str] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[str] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListVersionsOfAccountSettingsTemplateOptions
struct and set the fields to provide parameter values for the ListVersionsOfAccountSettingsTemplate
method.
Use the ListVersionsOfAccountSettingsTemplateOptions.Builder
to create a ListVersionsOfAccountSettingsTemplateOptions
object that contains the parameter values for the listVersionsOfAccountSettingsTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Query Parameters
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListVersionsOfAccountSettingsTemplate options.
ID of the account settings template.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listVersionsOfAccountSettingsTemplate options.
ID of the account settings template.
Optional size of a single page.
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the account settings template.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the account settings template.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
Optional sort property. If specified, the returned templated are sorted according to this property.
Allowable values: [
created_at
,last_modified_at
,name
]Default:
created_at
Optional sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/account_settings_templates/AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9/versions/" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
listOptions := &iamidentityv1.ListVersionsOfAccountSettingsTemplateOptions{ TemplateID: &accountSettingsTemplateId, } listResponse, response, err := iamIdentityService.ListVersionsOfAccountSettingsTemplate(listOptions) b, _ := json.MarshalIndent(listResponse, "", " ") fmt.Println(string(b))
ListVersionsOfAccountSettingsTemplateOptions listOptions = new ListVersionsOfAccountSettingsTemplateOptions.Builder() .templateId(accountSettingsTemplateId) .build(); Response<AccountSettingsTemplateList> listResponse = service.listVersionsOfAccountSettingsTemplate(listOptions).execute(); AccountSettingsTemplateList listResult = listResponse.getResult(); System.out.println(listResult);
const params = { templateId: accountSettingsTemplateId, } try { const res = await iamIdentityService.listVersionsOfAccountSettingsTemplate(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
list_response = iam_identity_service.list_versions_of_account_settings_template( template_id=account_settings_template_id ) account_settings_template_list = list_response.get_result() print( '\nlist_account_settings_template_versions response: ', json.dumps(account_settings_template_list, indent=2), )
Response
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
Context for problem determination.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- AccountSettingsTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- accountSettingsTemplates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- account_settings_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page.
Possible values: 1 ≤ value ≤ 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of account settings templates based on the query paramters and the page size. The account_settings_templates array is always part of the response but might be empty depending on the query parameter values provided.
- account_settings_templates
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/account_settings_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "account_settings_templates": [ { "id": "AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new account settings template", "committed": true, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/account_settings_templates?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "account_settings_templates": [ { "id": "AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "My new account settings template", "committed": true, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-01-12T13:09:59:761+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-02-24T13:48:44:198+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "6-aa54ac91e59055f80b58da2c5a4c426f", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-2c434aba-38a4-402c-a8a1-c444570b7408" } ] }
Create a new version of an account settings template
Create a new version of an account settings template in an Enterprise Account
Create a new version of an account settings template in an Enterprise Account.
Create a new version of an account settings template in an Enterprise Account.
Create a new version of an account settings template in an Enterprise Account.
Create a new version of an account settings template in an Enterprise Account.
POST /v1/account_settings_templates/{template_id}/versions
(iamIdentity *IamIdentityV1) CreateAccountSettingsTemplateVersion(createAccountSettingsTemplateVersionOptions *CreateAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateAccountSettingsTemplateVersionWithContext(ctx context.Context, createAccountSettingsTemplateVersionOptions *CreateAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateResponse> createAccountSettingsTemplateVersion(CreateAccountSettingsTemplateVersionOptions createAccountSettingsTemplateVersionOptions)
createAccountSettingsTemplateVersion(params)
create_account_settings_template_version(
self,
template_id: str,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
account_settings: Optional['AccountSettingsComponent'] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateAccountSettingsTemplateVersionOptions
struct and set the fields to provide parameter values for the CreateAccountSettingsTemplateVersion
method.
Use the CreateAccountSettingsTemplateVersionOptions.Builder
to create a CreateAccountSettingsTemplateVersionOptions
object that contains the parameter values for the createAccountSettingsTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Request to create new version of an account settings template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
IAM account settings to be assigned in child accounts.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateAccountSettingsTemplateVersion options.
ID of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
The createAccountSettingsTemplateVersion options.
ID of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
ID of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
ID of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
curl -X POST "https://iam.cloud.ibm.com/v1/account_settings_templates/{template_id}/versions" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": 5, "mfa": "LEVEL3" } }'
settings := &iamidentityv1.AccountSettingsComponent{ Mfa: core.StringPtr("LEVEL1"), SystemAccessTokenExpirationInSeconds: core.StringPtr("2600"), RestrictCreatePlatformApikey: core.StringPtr("RESTRICTED"), RestrictCreateServiceID: core.StringPtr("RESTRICTED"), } createOptions := &iamidentityv1.CreateAccountSettingsTemplateVersionOptions{ Name: &accountSettingsTemplateName, Description: core.StringPtr("GoSDK test Account Settings Template - new version"), AccountID: &enterpriseAccountID, TemplateID: &accountSettingsTemplateId, AccountSettings: settings, } createResponse, response, err := iamIdentityService.CreateAccountSettingsTemplateVersion(createOptions) b, _ := json.MarshalIndent(createResponse, "", " ") fmt.Println(string(b)) // save the new version to be used in subsequent calls accountSettingsTemplateVersion = *createResponse.Version
AccountSettingsComponent accountSettings = new AccountSettingsComponent.Builder() .mfa("LEVEL1") .systemAccessTokenExpirationInSeconds("2600") .restrictCreatePlatformApikey("RESTRICTED") .restrictCreateServiceId("RESTRICTED") .build(); CreateAccountSettingsTemplateVersionOptions createOptions = new CreateAccountSettingsTemplateVersionOptions.Builder() .accountId(enterpriseAccountId) .templateId(accountSettingsTemplateId) .name(accountSettingsTemplateName) .description("IAM enterprise account settings template example - new version") .accountSettings(accountSettings) .build(); Response<AccountSettingsTemplateResponse> createResponse = service.createAccountSettingsTemplateVersion(createOptions).execute(); AccountSettingsTemplateResponse createResult = createResponse.getResult(); // Save the version for use by other test methods. accountSettingsTemplateVersion = createResult.getVersion().longValue(); System.out.println(createResult);
const settings = { mfa: "LEVEL1", system_access_token_expiration_in_seconds: "2600", restrict_create_platform_apikey: "RESTRICTED", restrict_create_service_id: "RESTRICTED", } const templateParams = { templateId: accountSettingsTemplateId, name: "Example-Account-Settings-Template", description: "IAM enterprise account settings template example - new version", accountId: enterpriseAccountId, accountSettings: settings, } try { const res = await iamIdentityService.createAccountSettingsTemplateVersion(templateParams); const { result } = res; accountSettingsTemplateVersion = result.version; console.log(JSON.stringify(result, null, 2)); } catch (err) { console.warn(err); }
account_settings = {} account_settings['mfa'] = 'LEVEL1' account_settings['system_access_token_expiration_in_seconds'] = 2600 account_settings['restrict_create_platform_apikey'] = 'RESTRICTED' account_settings['restrict_create_service_id'] = 'RESTRICTED' create_response = iam_identity_service.create_account_settings_template_version( template_id=account_settings_template_id, name='Example-Account-Settings-Template', description='IAM enterprise account settings template example - new version', account_id=enterprise_account_id, account_settings=account_settings, ) account_settings_template = create_response.get_result() print( '\ncreate_account_settings_template_version() response: ', json.dumps(account_settings_template, indent=2), )
Response
Response body format for account settings template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
Committed flag determines if the template is ready for assignment
IAM account settings to be assigned in child accounts.
Entity tag for this templateId-version combination
Cloud resource name
The description of the trusted profile template. Describe the template for enterprise account users.
History of the Template.
Template Created At
IAMid of the creator
Template last modified at
IAMid of the identity that made the latest modification
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Template version created successfully
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 2, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 2, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Get version of an account settings template
Get a specific version of an account settings template in an Enterprise Account
Get a specific version of an account settings template in an Enterprise Account.
Get a specific version of an account settings template in an Enterprise Account.
Get a specific version of an account settings template in an Enterprise Account.
Get a specific version of an account settings template in an Enterprise Account.
GET /v1/account_settings_templates/{template_id}/versions/{version}
(iamIdentity *IamIdentityV1) GetAccountSettingsTemplateVersion(getAccountSettingsTemplateVersionOptions *GetAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetAccountSettingsTemplateVersionWithContext(ctx context.Context, getAccountSettingsTemplateVersionOptions *GetAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateResponse> getAccountSettingsTemplateVersion(GetAccountSettingsTemplateVersionOptions getAccountSettingsTemplateVersionOptions)
getAccountSettingsTemplateVersion(params)
get_account_settings_template_version(
self,
template_id: str,
version: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetAccountSettingsTemplateVersionOptions
struct and set the fields to provide parameter values for the GetAccountSettingsTemplateVersion
method.
Use the GetAccountSettingsTemplateVersionOptions.Builder
to create a GetAccountSettingsTemplateVersionOptions
object that contains the parameter values for the getAccountSettingsTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Version of the account settings template
Query Parameters
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetAccountSettingsTemplateVersion options.
ID of the account settings template.
Version of the account settings template.
Defines if the entity history is included in the response.
Default:
false
The getAccountSettingsTemplateVersion options.
ID of the account settings template.
Version of the account settings template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the account settings template.
Version of the account settings template.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the account settings template.
Version of the account settings template.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/account_settings_templates/AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9/versions/1" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
getOptions := &iamidentityv1.GetAccountSettingsTemplateVersionOptions{ TemplateID: &accountSettingsTemplateId, Version: core.StringPtr(strconv.FormatInt(accountSettingsTemplateVersion, 10)), } getResponse, response, err := iamIdentityService.GetAccountSettingsTemplateVersion(getOptions) b, _ := json.MarshalIndent(getResponse, "", " ") fmt.Println(string(b)) // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateEtag = response.GetHeaders().Get("Etag")
GetAccountSettingsTemplateVersionOptions getOptions = new GetAccountSettingsTemplateVersionOptions.Builder() .templateId(accountSettingsTemplateId) .version(Long.toString(accountSettingsTemplateVersion)) .build(); Response<AccountSettingsTemplateResponse> response = service.getAccountSettingsTemplateVersion(getOptions).execute(); AccountSettingsTemplateResponse getResult = response.getResult(); // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateEtag = response.getHeaders().values("Etag").get(0); System.out.println(getResult);
const params = { templateId: accountSettingsTemplateId, version: accountSettingsTemplateVersion, } try { const res = await iamIdentityService.getAccountSettingsTemplateVersion(params); accountSettingsTemplateEtag = res.headers.etag; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
get_response = iam_identity_service.get_account_settings_template_version( template_id=account_settings_template_id, version=str(account_settings_template_version) ) account_settings_template = get_response.get_result() print('\nget_account_settings_template response: ', json.dumps(account_settings_template, indent=2))
Response
Response body format for account settings template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
Committed flag determines if the template is ready for assignment
IAM account settings to be assigned in child accounts.
Entity tag for this templateId-version combination
Cloud resource name
The description of the trusted profile template. Describe the template for enterprise account users.
History of the Template.
Template Created At
IAMid of the creator
Template last modified at
IAMid of the identity that made the latest modification
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template version not found.
Internal Server error
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Update version of an account settings template
Update a specific version of an account settings template in an Enterprise Account
Update a specific version of an account settings template in an Enterprise Account.
Update a specific version of an account settings template in an Enterprise Account.
Update a specific version of an account settings template in an Enterprise Account.
Update a specific version of an account settings template in an Enterprise Account.
PUT /v1/account_settings_templates/{template_id}/versions/{version}
(iamIdentity *IamIdentityV1) UpdateAccountSettingsTemplateVersion(updateAccountSettingsTemplateVersionOptions *UpdateAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateAccountSettingsTemplateVersionWithContext(ctx context.Context, updateAccountSettingsTemplateVersionOptions *UpdateAccountSettingsTemplateVersionOptions) (result *AccountSettingsTemplateResponse, response *core.DetailedResponse, err error)
ServiceCall<AccountSettingsTemplateResponse> updateAccountSettingsTemplateVersion(UpdateAccountSettingsTemplateVersionOptions updateAccountSettingsTemplateVersionOptions)
updateAccountSettingsTemplateVersion(params)
update_account_settings_template_version(
self,
if_match: str,
template_id: str,
version: str,
*,
account_id: Optional[str] = None,
name: Optional[str] = None,
description: Optional[str] = None,
account_settings: Optional['AccountSettingsComponent'] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateAccountSettingsTemplateVersionOptions
struct and set the fields to provide parameter values for the UpdateAccountSettingsTemplateVersion
method.
Use the UpdateAccountSettingsTemplateVersionOptions.Builder
to create a UpdateAccountSettingsTemplateVersionOptions
object that contains the parameter values for the updateAccountSettingsTemplateVersion
method.
Custom Headers
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the account settings template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Version of the account settings template
Request to create an account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
IAM account settings to be assigned in child accounts.
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateAccountSettingsTemplateVersion options.
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the account settings template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the account settings template.
Version of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
The updateAccountSettingsTemplateVersion options.
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the account settings template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the account settings template.
Version of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the account settings template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the account settings template.
Version of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
parameters
Entity tag of the Template to be updated. Specify the tag that you retrieved when reading the account settings template. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
ID of the account settings template.
Version of the account settings template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Allowable values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Default:
NOT_SET
Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Allowable values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Default:
86400
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Default:
7200
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Default:
3600
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
Default:
259200
curl -X POST "https://iam.cloud.ibm.com/v1/account_settings_templates/{template_id}/versions" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "account_settings": { "mfa": "NONE" } }'
settings := &iamidentityv1.AccountSettingsComponent{ Mfa: core.StringPtr("LEVEL1"), SystemAccessTokenExpirationInSeconds: core.StringPtr("3000"), } updateOptions := &iamidentityv1.UpdateAccountSettingsTemplateVersionOptions{ AccountID: &enterpriseAccountID, TemplateID: &accountSettingsTemplateId, Version: core.StringPtr(strconv.FormatInt(accountSettingsTemplateVersion, 10)), IfMatch: &accountSettingsTemplateEtag, Name: &accountSettingsTemplateName, Description: core.StringPtr("GoSDK test Account Settings Template - updated"), AccountSettings: settings, } updateResponse, response, err := iamIdentityService.UpdateAccountSettingsTemplateVersion(updateOptions) b, _ := json.MarshalIndent(updateResponse, "", " ") fmt.Println(string(b)) // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateEtag = response.GetHeaders().Get("Etag")
AccountSettingsComponent accountSettings = new AccountSettingsComponent.Builder() .mfa("LEVEL1") .systemAccessTokenExpirationInSeconds("3000") .build(); UpdateAccountSettingsTemplateVersionOptions updateOptions = new UpdateAccountSettingsTemplateVersionOptions.Builder() .accountId(enterpriseAccountId) .templateId(accountSettingsTemplateId) .version(Long.toString(accountSettingsTemplateVersion)) .ifMatch(accountSettingsTemplateEtag) .name(accountSettingsTemplateName) .description("IAM enterprise account settings template example - updated") .accountSettings(accountSettings) .build(); Response<AccountSettingsTemplateResponse> updateResponse = service.updateAccountSettingsTemplateVersion(updateOptions).execute(); AccountSettingsTemplateResponse updateResult = updateResponse.getResult(); // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateEtag = updateResponse.getHeaders().values("Etag").get(0); System.out.println(updateResult);
const settings = { mfa: "LEVEL1", system_access_token_expiration_in_seconds: "3000", } const params = { accountId: enterpriseAccountId, templateId: accountSettingsTemplateId, version: accountSettingsTemplateVersion, ifMatch: accountSettingsTemplateEtag, name: "Example-Account-Settings-Template", description: "IAM enterprise account settings template example - updated", accountSettings: settings, } try { const res = await iamIdentityService.updateAccountSettingsTemplateVersion(params); accountSettingsTemplateEtag = res.headers.etag; console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
account_settings = {} account_settings['mfa'] = 'LEVEL1' account_settings['system_access_token_expiration_in_seconds'] = 3000 update_response = iam_identity_service.update_account_settings_template_version( account_id=enterprise_account_id, template_id=account_settings_template_id, version=str(account_settings_template_version), if_match=account_settings_template_etag, name='Example-Account-Settings-Template', description='IAM enterprise account settings template example - updated', account_settings=account_settings, ) account_settings_template = update_response.get_result() print('\nupdate_account_settings_template() response: ', json.dumps(account_settings_template, indent=2))
Response
Response body format for account settings template REST requests
ID of the the template
Version of the the template
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
Committed flag determines if the template is ready for assignment
IAM account settings to be assigned in child accounts.
Entity tag for this templateId-version combination
Cloud resource name
The description of the trusted profile template. Describe the template for enterprise account users.
History of the Template.
Template Created At
IAMid of the creator
Template last modified at
IAMid of the identity that made the latest modification
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- AccountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- UserMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- accountSettings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- userMfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Response body format for account settings template REST requests.
ID of the the template.
Version of the the template.
ID of the account where the template resides.
The name of the trusted profile template. This is visible only in the enterprise account.
The description of the trusted profile template. Describe the template for enterprise account users.
Committed flag determines if the template is ready for assignment.
- account_settings
Defines whether or not creating a service ID is access controlled. Valid values:
- RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner
- NOT_RESTRICTED - all members of an account can create service IDs
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines whether or not creating platform API keys is access controlled. Valid values:
- RESTRICTED - to apply access control
- NOT_RESTRICTED - to remove access control
- NOT_SET - to 'unset' a previous set value.
Possible values: [
RESTRICTED
,NOT_RESTRICTED
,NOT_SET
]Defines the IP addresses and subnets from which IAM tokens can be created for the account.
Defines the MFA trait for the account. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]List of users that are exempted from the MFA requirement of the account.
- user_mfa
The iam_id of the user.
Defines the MFA requirement for the user. Valid values:
- NONE - No MFA trait set
- NONE_NO_ROPC- No MFA, disable CLI logins with only a password
- TOTP - For all non-federated IBMId users
- TOTP4ALL - For all users
- LEVEL1 - Email-based MFA for all users
- LEVEL2 - TOTP-based MFA for all users
- LEVEL3 - U2F MFA for all users.
Possible values: [
NONE
,NONE_NO_ROPC
,TOTP
,TOTP4ALL
,LEVEL1
,LEVEL2
,LEVEL3
]
Defines the session expiration in seconds for the account. Valid values:
- Any whole number between between '900' and '86400'
- NOT_SET - To unset account setting and use service default.
Defines the period of time in seconds in which a session will be invalidated due to inactivity. Valid values:
- Any whole number between '900' and '7200'
- NOT_SET - To unset account setting and use service default.
Defines the max allowed sessions per identity required by the account. Valid values:
- Any whole number greater than 0
- NOT_SET - To unset account setting and use service default.
Defines the access token expiration in seconds. Valid values:
- Any whole number between '900' and '3600'
- NOT_SET - To unset account setting and use service default.
Defines the refresh token expiration in seconds. Valid values:
- Any whole number between '900' and '259200'
- NOT_SET - To unset account setting and use service default.
History of the Template.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Entity tag for this templateId-version combination.
Cloud resource name.
Template Created At.
IAMid of the creator.
Template last modified at.
IAMid of the identity that made the latest modification.
Status Code
Successful updated template
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template version not found.
Internal Server error
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
{ "id": "AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9", "version": 1, "account_id": "5bbe28be34524sdbdaa34d37d1f2294a", "name": "my template name", "committed": false, "account_settings": { "restrict_create_platform_apikey": "RESTRICTED", "restrict_create_service_id": "NOT_RESTRICTED", "max_sessions_per_identity": "5", "mfa": "LEVEL3" }, "created_at": "2023-03-07T13:55:33:428+0000", "created_by_id": "IBMid-12345678901", "last_modified_at": "2023-03-07T13:55:33:428+0000", "last_modified_by_id": "IBMid-12345678901", "entity_tag": "1-2da85a8f1172fc3527378318d3182778", "crn": "crn:v1:bluemix:public:iam-identity::a/5bbe28be34524sdbdaa34d37d1f2294a::template:AccountSettingsTemplate-767fc1f6-c77c-4196-b3d6-a009a5a536e9" }
Delete version of an account settings template
Delete a specific version of an account settings template in an Enterprise Account
Delete a specific version of an account settings template in an Enterprise Account.
Delete a specific version of an account settings template in an Enterprise Account.
Delete a specific version of an account settings template in an Enterprise Account.
Delete a specific version of an account settings template in an Enterprise Account.
DELETE /v1/account_settings_templates/{template_id}/versions/{version}
(iamIdentity *IamIdentityV1) DeleteAccountSettingsTemplateVersion(deleteAccountSettingsTemplateVersionOptions *DeleteAccountSettingsTemplateVersionOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteAccountSettingsTemplateVersionWithContext(ctx context.Context, deleteAccountSettingsTemplateVersionOptions *DeleteAccountSettingsTemplateVersionOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> deleteAccountSettingsTemplateVersion(DeleteAccountSettingsTemplateVersionOptions deleteAccountSettingsTemplateVersionOptions)
deleteAccountSettingsTemplateVersion(params)
delete_account_settings_template_version(
self,
template_id: str,
version: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteAccountSettingsTemplateVersionOptions
struct and set the fields to provide parameter values for the DeleteAccountSettingsTemplateVersion
method.
Use the DeleteAccountSettingsTemplateVersionOptions.Builder
to create a DeleteAccountSettingsTemplateVersionOptions
object that contains the parameter values for the deleteAccountSettingsTemplateVersion
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Version of the account settings template
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteAccountSettingsTemplateVersion options.
ID of the account settings template.
Version of the account settings template.
The deleteAccountSettingsTemplateVersion options.
ID of the account settings template.
Version of the account settings template.
parameters
ID of the account settings template.
Version of the account settings template.
parameters
ID of the account settings template.
Version of the account settings template.
curl -X DELETE "https://iam.cloud.ibm.com/v1/account_settings_templates/{template_id}/versions/{version}" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
deleteOptions := &iamidentityv1.DeleteAccountSettingsTemplateVersionOptions{ TemplateID: &accountSettingsTemplateId, Version: core.StringPtr("1"), } response, err := iamIdentityService.DeleteAccountSettingsTemplateVersion(deleteOptions)
DeleteAccountSettingsTemplateVersionOptions deleteOptions = new DeleteAccountSettingsTemplateVersionOptions.Builder() .templateId(accountSettingsTemplateId) .version("1") .build(); Response<Void> deleteResponse = service.deleteAccountSettingsTemplateVersion(deleteOptions).execute();
const params = { templateId: accountSettingsTemplateId, version: 1, } try { const res = await iamIdentityService.deleteAccountSettingsTemplateVersion(params); } catch (err) { console.warn(err); }
delete_response = iam_identity_service.delete_account_settings_template_version( template_id=account_settings_template_id, version='1' )
Response
Status Code
Template Version delete successful
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
No Sample Response
Commit a template version
Commit a specific version of an account settings template in an Enterprise Account. A Template must be committed before being assigned, and once committed, can no longer be modified.
Commit a specific version of an account settings template in an Enterprise Account. A Template must be committed before being assigned, and once committed, can no longer be modified.
Commit a specific version of an account settings template in an Enterprise Account. A Template must be committed before being assigned, and once committed, can no longer be modified.
Commit a specific version of an account settings template in an Enterprise Account. A Template must be committed before being assigned, and once committed, can no longer be modified.
Commit a specific version of an account settings template in an Enterprise Account. A Template must be committed before being assigned, and once committed, can no longer be modified.
POST /v1/account_settings_templates/{template_id}/versions/{version}/commit
(iamIdentity *IamIdentityV1) CommitAccountSettingsTemplate(commitAccountSettingsTemplateOptions *CommitAccountSettingsTemplateOptions) (response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CommitAccountSettingsTemplateWithContext(ctx context.Context, commitAccountSettingsTemplateOptions *CommitAccountSettingsTemplateOptions) (response *core.DetailedResponse, err error)
ServiceCall<Void> commitAccountSettingsTemplate(CommitAccountSettingsTemplateOptions commitAccountSettingsTemplateOptions)
commitAccountSettingsTemplate(params)
commit_account_settings_template(
self,
template_id: str,
version: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CommitAccountSettingsTemplateOptions
struct and set the fields to provide parameter values for the CommitAccountSettingsTemplate
method.
Use the CommitAccountSettingsTemplateOptions.Builder
to create a CommitAccountSettingsTemplateOptions
object that contains the parameter values for the commitAccountSettingsTemplate
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the account settings template
Version of the account settings template
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CommitAccountSettingsTemplate options.
ID of the account settings template.
Version of the account settings template.
The commitAccountSettingsTemplate options.
ID of the account settings template.
Version of the account settings template.
parameters
ID of the account settings template.
Version of the account settings template.
parameters
ID of the account settings template.
Version of the account settings template.
curl -X POST "https://iam.cloud.ibm.com/v1/account_settings_templates/{template_id}/versions/{version}/commit" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
commitOptions := &iamidentityv1.CommitAccountSettingsTemplateOptions{ TemplateID: &accountSettingsTemplateId, Version: core.StringPtr(strconv.FormatInt(accountSettingsTemplateVersion, 10)), } response, err := iamIdentityService.CommitAccountSettingsTemplate(commitOptions)
CommitAccountSettingsTemplateOptions commitOptions = new CommitAccountSettingsTemplateOptions.Builder() .templateId(accountSettingsTemplateId) .version(Long.toString(accountSettingsTemplateVersion)) .build(); Response<Void> commitResponse = service.commitAccountSettingsTemplate(commitOptions).execute();
const commitParams = { templateId: accountSettingsTemplateId, version: accountSettingsTemplateVersion, } try { const res = await iamIdentityService.commitAccountSettingsTemplate(commitParams); } catch (err) { console.warn(err); }
commit_response = iam_identity_service.commit_account_settings_template( template_id=account_settings_template_id, version=str(account_settings_template_version) )
Response
Status Code
Template Version committed
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
No Sample Response
List assignments
List account settings assignments.
List account settings assignments.
List account settings assignments.
List account settings assignments.
List account settings assignments.
GET /v1/account_settings_assignments/
(iamIdentity *IamIdentityV1) ListAccountSettingsAssignments(listAccountSettingsAssignmentsOptions *ListAccountSettingsAssignmentsOptions) (result *TemplateAssignmentListResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListAccountSettingsAssignmentsWithContext(ctx context.Context, listAccountSettingsAssignmentsOptions *ListAccountSettingsAssignmentsOptions) (result *TemplateAssignmentListResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentListResponse> listAccountSettingsAssignments(ListAccountSettingsAssignmentsOptions listAccountSettingsAssignmentsOptions)
listAccountSettingsAssignments(params)
list_account_settings_assignments(
self,
*,
account_id: Optional[str] = None,
template_id: Optional[str] = None,
template_version: Optional[str] = None,
target: Optional[str] = None,
target_type: Optional[str] = None,
limit: Optional[int] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListAccountSettingsAssignmentsOptions
struct and set the fields to provide parameter values for the ListAccountSettingsAssignments
method.
Use the ListAccountSettingsAssignmentsOptions.Builder
to create a ListAccountSettingsAssignmentsOptions
object that contains the parameter values for the listAccountSettingsAssignments
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id
Filter results Template Version
Filter results by the assignment target
Filter results by the assignment's target type
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListAccountSettingsAssignments options.
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listAccountSettingsAssignments options.
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/account_settings_assignments?account_id=5bbe28be34524sdbdaa34d37d1f2294a" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
listOptions := &iamidentityv1.ListAccountSettingsAssignmentsOptions{ AccountID: &enterpriseAccountID, TemplateID: &accountSettingsTemplateId, } listResponse, response, err := iamIdentityService.ListAccountSettingsAssignments(listOptions) b, _ := json.MarshalIndent(listResponse, "", " ") fmt.Println(string(b))
ListAccountSettingsTemplatesOptions listOptions = new ListAccountSettingsTemplatesOptions.Builder() .accountId(enterpriseAccountId) .build(); Response<AccountSettingsTemplateList> listResponse = service.listAccountSettingsTemplates(listOptions).execute(); AccountSettingsTemplateList listResult = listResponse.getResult(); System.out.println(listResult);
const params = { accountId: enterpriseAccountId, templateId: accountSettingsTemplateId, } try { const res = await iamIdentityService.listAccountSettingsAssignments(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
list_response = iam_identity_service.list_account_settings_assignments( account_id=enterprise_account_id, template_id=account_settings_template_id ) assignment_list = list_response.get_result() print('\ncreate_account_settings_assignment() response: ', json.dumps(assignment_list, indent=2))
Response
List Response body format for Template Assignments Records
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
Context with key properties for problem determination.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- Assignments
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- assignments
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- assignments
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- assignments
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/account_settings_assignments?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "assignments": [ { "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/account_settings_assignments?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "assignments": [ { "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" } ] }
Create assignment
Create an assigment for an account settings template.
Create an assigment for an account settings template.
Create an assigment for an account settings template.
Create an assigment for an account settings template.
Create an assigment for an account settings template.
POST /v1/account_settings_assignments/
(iamIdentity *IamIdentityV1) CreateAccountSettingsAssignment(createAccountSettingsAssignmentOptions *CreateAccountSettingsAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateAccountSettingsAssignmentWithContext(ctx context.Context, createAccountSettingsAssignmentOptions *CreateAccountSettingsAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentResponse> createAccountSettingsAssignment(CreateAccountSettingsAssignmentOptions createAccountSettingsAssignmentOptions)
createAccountSettingsAssignment(params)
create_account_settings_assignment(
self,
template_id: str,
template_version: int,
target_type: str,
target: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateAccountSettingsAssignmentOptions
struct and set the fields to provide parameter values for the CreateAccountSettingsAssignment
method.
Use the CreateAccountSettingsAssignmentOptions.Builder
to create a CreateAccountSettingsAssignmentOptions
object that contains the parameter values for the createAccountSettingsAssignment
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Body parameters to create an account settings template Assignment
ID of the template to assign
Version of the template to assign
Possible values: value ≥ 1
Type of target to deploy to
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateAccountSettingsAssignment options.
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
The createAccountSettingsAssignment options.
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
parameters
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
parameters
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
curl -X POST "https://iam.cloud.ibm.com/v1/account_settings_assignments" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a" }'
assignOptions := &iamidentityv1.CreateAccountSettingsAssignmentOptions{ TemplateID: &accountSettingsTemplateId, TemplateVersion: &accountSettingsTemplateVersion, TargetType: core.StringPtr("Account"), Target: &enterpriseSubAccountID, } assignResponse, response, err := iamIdentityService.CreateAccountSettingsAssignment(assignOptions) b, _ := json.MarshalIndent(assignResponse, "", " ") fmt.Println(string(b)) // Grab the Etag and id for use by other test methods. accountSettingsTemplateAssignmentEtag = response.GetHeaders().Get("Etag") accountSettingsTemplateAssignmentId = *assignResponse.ID
CreateAccountSettingsAssignmentOptions assignOptions = new CreateAccountSettingsAssignmentOptions.Builder() .templateId(accountSettingsTemplateId) .templateVersion(accountSettingsTemplateVersion) .targetType("Account") .target(enterpriseSubAccountId) .build(); Response<TemplateAssignmentResponse> assignResponse = service.createAccountSettingsAssignment(assignOptions).execute(); TemplateAssignmentResponse assignmentResult = assignResponse.getResult(); // Save the id for use by other test methods. accountSettingsTemplateAssignmentId = assignmentResult.getId(); // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateAssignmentEtag = assignResponse.getHeaders().values("Etag").get(0); System.out.println(assignmentResult);
const assignParams = { templateId: accountSettingsTemplateId, templateVersion: accountSettingsTemplateVersion, targetType: "Account", target: enterpriseSubAccountId, } try { const assRes = await iamIdentityService.createAccountSettingsAssignment(assignParams); const { result } = assRes; accountSettingsTemplateAssignmentId = result.id; accountSettingsTemplateAssignmentEtag= assRes.headers.etag; console.log(JSON.stringify(result, null, 2)); } catch (err) { console.warn(err); }
assign_response = iam_identity_service.create_account_settings_assignment( template_id=account_settings_template_id, template_version=account_settings_template_version, target_type='Account', target=enterprise_subaccount_id, ) assignment = assign_response.get_result() print('\ncreate_account_settings_assignment() response: ', json.dumps(assignment, indent=2))
Response
Response body format for Template Assignment Record
Assignment record Id
Enterprise account Id
Template Id
Template version
Assignment target type
Assignment target
Assignment status
Assignment created at
IAMid of the identity that created the assignment
Assignment modified at
IAMid of the identity that last modified the assignment
Entity tag for this assignment record
Context with key properties for problem determination.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
Assignment history
Href
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
Successful Assignment Record creation
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "18-a0b520d828d9c0483aa2b623db8d09e6" }
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "18-a0b520d828d9c0483aa2b623db8d09e6" }
Get assignment
Get an assigment for an account settings template.
Get an assigment for an account settings template.
Get an assigment for an account settings template.
Get an assigment for an account settings template.
Get an assigment for an account settings template.
GET /v1/account_settings_assignments/{assignment_id}
(iamIdentity *IamIdentityV1) GetAccountSettingsAssignment(getAccountSettingsAssignmentOptions *GetAccountSettingsAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetAccountSettingsAssignmentWithContext(ctx context.Context, getAccountSettingsAssignmentOptions *GetAccountSettingsAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentResponse> getAccountSettingsAssignment(GetAccountSettingsAssignmentOptions getAccountSettingsAssignmentOptions)
getAccountSettingsAssignment(params)
get_account_settings_assignment(
self,
assignment_id: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetAccountSettingsAssignmentOptions
struct and set the fields to provide parameter values for the GetAccountSettingsAssignment
method.
Use the GetAccountSettingsAssignmentOptions.Builder
to create a GetAccountSettingsAssignmentOptions
object that contains the parameter values for the getAccountSettingsAssignment
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the Assignment Record
Query Parameters
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetAccountSettingsAssignment options.
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
The getAccountSettingsAssignment options.
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/account_settings_assignments/<assignment_id>" --header "Authorization: Bearer $TOKEN"
getAssignmentOptions := &iamidentityv1.GetAccountSettingsAssignmentOptions{ AssignmentID: &accountSettingsTemplateAssignmentId, } assignment, response, err := iamIdentityService.GetAccountSettingsAssignment(getAssignmentOptions) b, _ := json.MarshalIndent(assignment, "", " ") fmt.Println(string(b))
GetAccountSettingsAssignmentOptions getOptions = new GetAccountSettingsAssignmentOptions.Builder() .assignmentId(accountSettingsTemplateAssignmentId) .build(); Response<TemplateAssignmentResponse> getResponse = service.getAccountSettingsAssignment(getOptions).execute(); TemplateAssignmentResponse getResult = getResponse.getResult(); // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateAssignmentEtag = getResponse.getHeaders().values("Etag").get(0); System.out.println(getResult);
response = iam_identity_service.get_account_settings_assignment( assignment_id=account_settings_template_assignment_id ) assignment = response.get_result() print('\nget_latest_account_settings_template_version response: ', json.dumps(assignment, indent=2))
Response
Response body format for Template Assignment Record
Assignment record Id
Enterprise account Id
Template Id
Template version
Assignment target type
Assignment target
Assignment status
Assignment created at
IAMid of the identity that created the assignment
Assignment modified at
IAMid of the identity that last modified the assignment
Entity tag for this assignment record
Context with key properties for problem determination.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
Assignment history
Href
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
successful operation
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "resources": [ { "target": "5bbe28be34524e88a34d37d1f2294a8a", "account_settings": { "resource_created": { "id": "5bbe28be34524e88a34d37d1f2294a8a" }, "status": "succeeded" } } ], "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "resources": [ { "target": "5bbe28be34524e88a34d37d1f2294a8a", "account_settings": { "resource_created": { "id": "5bbe28be34524e88a34d37d1f2294a8a" }, "status": "succeeded" } } ], "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
Delete assignment
Delete an account settings template assignment. This removes any IAM resources created by this assignment in child accounts.
Delete an account settings template assignment. This removes any IAM resources created by this assignment in child accounts.
Delete an account settings template assignment. This removes any IAM resources created by this assignment in child accounts.
Delete an account settings template assignment. This removes any IAM resources created by this assignment in child accounts.
Delete an account settings template assignment. This removes any IAM resources created by this assignment in child accounts.
DELETE /v1/account_settings_assignments/{assignment_id}
(iamIdentity *IamIdentityV1) DeleteAccountSettingsAssignment(deleteAccountSettingsAssignmentOptions *DeleteAccountSettingsAssignmentOptions) (result *ExceptionResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteAccountSettingsAssignmentWithContext(ctx context.Context, deleteAccountSettingsAssignmentOptions *DeleteAccountSettingsAssignmentOptions) (result *ExceptionResponse, response *core.DetailedResponse, err error)
ServiceCall<ExceptionResponse> deleteAccountSettingsAssignment(DeleteAccountSettingsAssignmentOptions deleteAccountSettingsAssignmentOptions)
deleteAccountSettingsAssignment(params)
delete_account_settings_assignment(
self,
assignment_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteAccountSettingsAssignmentOptions
struct and set the fields to provide parameter values for the DeleteAccountSettingsAssignment
method.
Use the DeleteAccountSettingsAssignmentOptions.Builder
to create a DeleteAccountSettingsAssignmentOptions
object that contains the parameter values for the deleteAccountSettingsAssignment
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the Assignment Record
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteAccountSettingsAssignment options.
ID of the Assignment Record.
The deleteAccountSettingsAssignment options.
ID of the Assignment Record.
parameters
ID of the Assignment Record.
parameters
ID of the Assignment Record.
curl -X DELETE "https://iam.cloud.ibm.com/v1/account_settings_assignments/<assignment_id>" --header "Authorization: Bearer $TOKEN"
deleteOptions := &iamidentityv1.DeleteAccountSettingsAssignmentOptions{ AssignmentID: &accountSettingsTemplateAssignmentId, } excResponse, response, err := iamIdentityService.DeleteAccountSettingsAssignment(deleteOptions)
DeleteAccountSettingsAssignmentOptions deleteOptions = new DeleteAccountSettingsAssignmentOptions.Builder() .assignmentId(accountSettingsTemplateAssignmentId) .build(); Response<ExceptionResponse> deleteResponse = service.deleteAccountSettingsAssignment(deleteOptions).execute();
const params = { assignmentId: accountSettingsTemplateAssignmentId, } try { const res = await iamIdentityService.deleteAccountSettingsAssignment(params); } catch (err) { console.warn(err); }
delete_response = iam_identity_service.delete_account_settings_assignment( assignment_id=account_settings_template_assignment_id )
Response
Response body parameters in case of error situations.
Error message code of the REST Exception.
List of errors that occured.
Context with key properties for problem determination.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- Errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Status Code
Request to delete assignment is accepted
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Assignment not found
Internal Server error
No Sample Response
Update assignment
Update an account settings assignment. Call this method to retry failed assignments or migrate the settings in child accounts to a new version.
Update an account settings assignment. Call this method to retry failed assignments or migrate the settings in child accounts to a new version.
Update an account settings assignment. Call this method to retry failed assignments or migrate the settings in child accounts to a new version.
Update an account settings assignment. Call this method to retry failed assignments or migrate the settings in child accounts to a new version.
Update an account settings assignment. Call this method to retry failed assignments or migrate the settings in child accounts to a new version.
PATCH /v1/account_settings_assignments/{assignment_id}
(iamIdentity *IamIdentityV1) UpdateAccountSettingsAssignment(updateAccountSettingsAssignmentOptions *UpdateAccountSettingsAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateAccountSettingsAssignmentWithContext(ctx context.Context, updateAccountSettingsAssignmentOptions *UpdateAccountSettingsAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentResponse> updateAccountSettingsAssignment(UpdateAccountSettingsAssignmentOptions updateAccountSettingsAssignmentOptions)
updateAccountSettingsAssignment(params)
update_account_settings_assignment(
self,
assignment_id: str,
if_match: str,
template_version: int,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateAccountSettingsAssignmentOptions
struct and set the fields to provide parameter values for the UpdateAccountSettingsAssignment
method.
Use the UpdateAccountSettingsAssignmentOptions.Builder
to create a UpdateAccountSettingsAssignmentOptions
object that contains the parameter values for the updateAccountSettingsAssignment
method.
Custom Headers
Version of the assignment to be updated. Specify the version that you retrieved when reading the assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the Assignment Record
Request to update an assignment
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateAccountSettingsAssignment options.
ID of the Assignment Record.
Version of the assignment to be updated. Specify the version that you retrieved when reading the assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
The updateAccountSettingsAssignment options.
ID of the Assignment Record.
Version of the assignment to be updated. Specify the version that you retrieved when reading the assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
parameters
ID of the Assignment Record.
Version of the assignment to be updated. Specify the version that you retrieved when reading the assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
parameters
ID of the Assignment Record.
Version of the assignment to be updated. Specify the version that you retrieved when reading the assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
curl -X PATCH "https://iam.cloud.ibm.com/v1/account_settings_assignments/<assignment_id>" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "template_version": 2 }'
updateOptions := &iamidentityv1.UpdateAccountSettingsAssignmentOptions{ AssignmentID: &accountSettingsTemplateAssignmentId, TemplateVersion: &accountSettingsTemplateVersion, IfMatch: &accountSettingsTemplateAssignmentEtag, } updateResponse, response, err := iamIdentityService.UpdateAccountSettingsAssignment(updateOptions) b, _ := json.MarshalIndent(updateResponse, "", " ") fmt.Println(string(b))
UpdateAccountSettingsAssignmentOptions updateOptions = new UpdateAccountSettingsAssignmentOptions.Builder() .assignmentId(accountSettingsTemplateAssignmentId) .templateVersion(accountSettingsTemplateVersion) .ifMatch(accountSettingsTemplateAssignmentEtag) .build(); Response<TemplateAssignmentResponse> updateResponse = service.updateAccountSettingsAssignment(updateOptions).execute(); TemplateAssignmentResponse updateResult = updateResponse.getResult(); // Grab the Etag value from the response for use in the update operation. accountSettingsTemplateAssignmentEtag = updateResponse.getHeaders().values("Etag").get(0); System.out.println(updateResult);
const assignParams = { assignmentId: accountSettingsTemplateAssignmentId, templateVersion: accountSettingsTemplateVersion, ifMatch: accountSettingsTemplateAssignmentEtag, } try { const assRes = await iamIdentityService.updateAccountSettingsAssignment(assignParams); console.log(JSON.stringify(assRes.result, null, 2)); } catch (err) { console.warn(err); }
assign_response = iam_identity_service.update_account_settings_assignment( assignment_id=account_settings_template_assignment_id, template_version=account_settings_template_version, if_match=account_settings_template_assignment_etag, ) assignment = assign_response.get_result() print('\nupdate_account_settings_template_assignment response: ', json.dumps(assignment, indent=2))
Response
Response body format for Template Assignment Record
Assignment record Id
Enterprise account Id
Template Id
Template version
Assignment target type
Assignment target
Assignment status
Assignment created at
IAMid of the identity that created the assignment
Assignment modified at
IAMid of the identity that last modified the assignment
Entity tag for this assignment record
Context with key properties for problem determination.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
Assignment history
Href
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
successful operation
Successful Assignment Record update
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 2, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "AccountSettingsTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 2, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
List assignments
List trusted profile template assignments.
List trusted profile template assignments.
List trusted profile template assignments.
List trusted profile template assignments.
List trusted profile template assignments.
GET /v1/profile_assignments/
(iamIdentity *IamIdentityV1) ListTrustedProfileAssignments(listTrustedProfileAssignmentsOptions *ListTrustedProfileAssignmentsOptions) (result *TemplateAssignmentListResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) ListTrustedProfileAssignmentsWithContext(ctx context.Context, listTrustedProfileAssignmentsOptions *ListTrustedProfileAssignmentsOptions) (result *TemplateAssignmentListResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentListResponse> listTrustedProfileAssignments(ListTrustedProfileAssignmentsOptions listTrustedProfileAssignmentsOptions)
listTrustedProfileAssignments(params)
list_trusted_profile_assignments(
self,
*,
account_id: Optional[str] = None,
template_id: Optional[str] = None,
template_version: Optional[str] = None,
target: Optional[str] = None,
target_type: Optional[str] = None,
limit: Optional[int] = None,
pagetoken: Optional[str] = None,
sort: Optional[str] = None,
order: Optional[str] = None,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the ListTrustedProfileAssignmentsOptions
struct and set the fields to provide parameter values for the ListTrustedProfileAssignments
method.
Use the ListTrustedProfileAssignmentsOptions.Builder
to create a ListTrustedProfileAssignmentsOptions
object that contains the parameter values for the listTrustedProfileAssignments
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Query Parameters
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id
Filter results Template Version
Filter results by the assignment target
Filter results by the assignment's target type
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The ListTrustedProfileAssignments options.
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
The listTrustedProfileAssignments options.
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
parameters
Account ID of the Assignments to query. This parameter is required unless using a pagetoken.
Filter results by Template Id.
Filter results Template Version.
Filter results by the assignment target.
Filter results by the assignment's target type.
Allowable values: [
Account
,AccountGroup
]Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Possible values: 1 ≤ value ≤ 100
Default:
20
Optional Prev or Next page token returned from a previous query execution. Default is start with first page.
If specified, the items are sorted by the value of this property.
Allowable values: [
template_id
,created_at
,last_modified_at
]Default:
created_at
Sort order.
Allowable values: [
asc
,desc
]Default:
asc
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profile_assignments?account_id=5bbe28be34524sdbdaa34d37d1f2294a" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN"
listOptions := &iamidentityv1.ListTrustedProfileAssignmentsOptions{ AccountID: &enterpriseAccountID, TemplateID: &profileTemplateId, } listResponse, response, err := iamIdentityService.ListTrustedProfileAssignments(listOptions) b, _ := json.MarshalIndent(listResponse, "", " ") fmt.Println(string(b))
ListTrustedProfileAssignmentsOptions listOptions = new ListTrustedProfileAssignmentsOptions.Builder() .accountId(enterpriseAccountId) .templateId(profileTemplateId) .build(); Response<TemplateAssignmentListResponse> listResponse = service.listTrustedProfileAssignments(listOptions).execute(); TemplateAssignmentListResponse listResult = listResponse.getResult(); System.out.println(listResult);
const params = { accountId: enterpriseAccountId, templateId: profileTemplateId, } try { const res = await iamIdentityService.listTrustedProfileAssignments(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
list_response = iam_identity_service.list_trusted_profile_assignments( account_id=enterprise_account_id, template_id=profile_template_id ) assignment_list = list_response.get_result() print('\nlist_trusted_profile_assignments() response: ', json.dumps(assignment_list, indent=2))
Response
List Response body format for Template Assignments Records
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
Context with key properties for problem determination.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- Assignments
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- assignments
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- assignments
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
List Response body format for Template Assignments Records.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
The offset of the current page.
Optional size of a single page. Default is 20 items per page. Valid range is 1 to 100.
Link to the first page.
Link to the previous available page. If 'previous' property is not part of the response no previous page is available.
Link to the next available page. If 'next' property is not part of the response no next page is available.
List of Assignments based on the query paramters and the page size. The assignments array is always part of the response but might be empty depending on the query parameter values provided.
- assignments
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
Successful Template retrieval
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profile_assignments?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "assignments": [ { "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" } ] }
{ "offset": 0, "limit": 20, "first": "https://iam.cloud.ibm.com/v1/profile_assignments?account_id=5bbe28be34524sdbdaa34d37d1f2294a", "assignments": [ { "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" } ] }
Create assignment
Create an assigment for a trusted profile template.
Create an assigment for a trusted profile template.
Create an assigment for a trusted profile template.
Create an assigment for a trusted profile template.
Create an assigment for a trusted profile template.
POST /v1/profile_assignments/
(iamIdentity *IamIdentityV1) CreateTrustedProfileAssignment(createTrustedProfileAssignmentOptions *CreateTrustedProfileAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) CreateTrustedProfileAssignmentWithContext(ctx context.Context, createTrustedProfileAssignmentOptions *CreateTrustedProfileAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentResponse> createTrustedProfileAssignment(CreateTrustedProfileAssignmentOptions createTrustedProfileAssignmentOptions)
createTrustedProfileAssignment(params)
create_trusted_profile_assignment(
self,
template_id: str,
template_version: int,
target_type: str,
target: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the CreateTrustedProfileAssignmentOptions
struct and set the fields to provide parameter values for the CreateTrustedProfileAssignment
method.
Use the CreateTrustedProfileAssignmentOptions.Builder
to create a CreateTrustedProfileAssignmentOptions
object that contains the parameter values for the createTrustedProfileAssignment
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Body parameters to create an account settings template Assignment
ID of the template to assign
Version of the template to assign
Possible values: value ≥ 1
Type of target to deploy to
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The CreateTrustedProfileAssignment options.
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
The createTrustedProfileAssignment options.
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
parameters
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
parameters
ID of the template to assign.
Version of the template to assign.
Possible values: value ≥ 1
Type of target to deploy to.
Allowable values: [
Account
,AccountGroup
]Identifier of target to deploy to.
curl -X POST "https://iam.cloud.ibm.com/v1/profile_assignments" --header "Content-Type: application/json" --header "Authorization: Bearer $TOKEN" --data '{ "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a" }'
assignOptions := &iamidentityv1.CreateTrustedProfileAssignmentOptions{ TemplateID: &profileTemplateId, TemplateVersion: &profileTemplateVersion, TargetType: core.StringPtr("Account"), Target: &enterpriseSubAccountID, } assignResponse, response, err := iamIdentityService.CreateTrustedProfileAssignment(assignOptions) b, _ := json.MarshalIndent(assignResponse, "", " ") fmt.Println(string(b)) // Grab the Etag and id for use by other test methods. profileTemplateAssignmentEtag = response.GetHeaders().Get("Etag") profileTemplateAssignmentId = *assignResponse.ID
CreateTrustedProfileAssignmentOptions assignOptions = new CreateTrustedProfileAssignmentOptions.Builder() .templateId(profileTemplateId) .templateVersion(profileTemplateVersion) .targetType("Account") .target(enterpriseSubAccountId) .build(); Response<TemplateAssignmentResponse> assignResponse = service.createTrustedProfileAssignment(assignOptions).execute(); TemplateAssignmentResponse assignmentResponseResult = assignResponse.getResult(); // Save the id for use by other test methods. profileTemplateAssignmentId = assignmentResponseResult.getId(); // Grab the Etag value from the response for use in the update operation. profileTemplateAssignmentEtag = assignResponse.getHeaders().values("Etag").get(0); System.out.println(assignmentResponseResult);
const assignParams = { templateId: profileTemplateId, templateVersion: profileTemplateVersion, targetType: "Account", target: enterpriseSubAccountId, } try { const assRes = await iamIdentityService.createTrustedProfileAssignment(assignParams); const { result } = assRes; profileTemplateAssignmentId = result.id; profileTemplateAssignmentEtag= assRes.headers.etag; console.log(JSON.stringify(result, null, 2)); } catch (err) { console.warn(err); }
assign_response = iam_identity_service.create_trusted_profile_assignment( template_id=profile_template_id, template_version=profile_template_version, target_type='Account', target=enterprise_subaccount_id, ) assignment = assign_response.get_result() print('\ncreate_trusted_profile_assignment() response: ', json.dumps(assignment, indent=2))
Response
Response body format for Template Assignment Record
Assignment record Id
Enterprise account Id
Template Id
Template version
Assignment target type
Assignment target
Assignment status
Assignment created at
IAMid of the identity that created the assignment
Assignment modified at
IAMid of the identity that last modified the assignment
Entity tag for this assignment record
Context with key properties for problem determination.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
Assignment history
Href
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
Successful Assignment Record creation
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "18-a0b520d828d9c0483aa2b623db8d09e6" }
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "18-a0b520d828d9c0483aa2b623db8d09e6" }
Get assignment
Get an assigment for a trusted profile template.
Get an assigment for a trusted profile template.
Get an assigment for a trusted profile template.
Get an assigment for a trusted profile template.
Get an assigment for a trusted profile template.
GET /v1/profile_assignments/{assignment_id}
(iamIdentity *IamIdentityV1) GetTrustedProfileAssignment(getTrustedProfileAssignmentOptions *GetTrustedProfileAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) GetTrustedProfileAssignmentWithContext(ctx context.Context, getTrustedProfileAssignmentOptions *GetTrustedProfileAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentResponse> getTrustedProfileAssignment(GetTrustedProfileAssignmentOptions getTrustedProfileAssignmentOptions)
getTrustedProfileAssignment(params)
get_trusted_profile_assignment(
self,
assignment_id: str,
*,
include_history: Optional[bool] = None,
**kwargs,
) -> DetailedResponse
Request
Instantiate the GetTrustedProfileAssignmentOptions
struct and set the fields to provide parameter values for the GetTrustedProfileAssignment
method.
Use the GetTrustedProfileAssignmentOptions.Builder
to create a GetTrustedProfileAssignmentOptions
object that contains the parameter values for the getTrustedProfileAssignment
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the Assignment Record
Query Parameters
Defines if the entity history is included in the response
Default:
false
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The GetTrustedProfileAssignment options.
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
The getTrustedProfileAssignment options.
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
parameters
ID of the Assignment Record.
Defines if the entity history is included in the response.
Default:
false
curl -X GET "https://iam.cloud.ibm.com/v1/profile_assignments/<assignment_id>" --header "Authorization: Bearer $TOKEN"
getAssignmentOptions := &iamidentityv1.GetTrustedProfileAssignmentOptions{ AssignmentID: &profileTemplateAssignmentId, } assignment, response, err := iamIdentityService.GetTrustedProfileAssignment(getAssignmentOptions) b, _ := json.MarshalIndent(assignment, "", " ") fmt.Println(string(b))
GetTrustedProfileAssignmentOptions getOptions = new GetTrustedProfileAssignmentOptions.Builder() .assignmentId(profileTemplateAssignmentId) .build(); Response<TemplateAssignmentResponse> getResponse = service.getTrustedProfileAssignment(getOptions).execute(); TemplateAssignmentResponse getResult = getResponse.getResult(); System.out.println(getResult);
const params = { assignmentId: profileTemplateAssignmentId, } try { const res = await iamIdentityService.getTrustedProfileAssignment(params); console.log(JSON.stringify(res.result, null, 2)); } catch (err) { console.warn(err); }
response = iam_identity_service.get_trusted_profile_assignment(assignment_id=profile_template_assignment_id) assignment = response.get_result() print('\nget_trusted_profile_assignment() response: ', json.dumps(assignment, indent=2))
Response
Response body format for Template Assignment Record
Assignment record Id
Enterprise account Id
Template Id
Template version
Assignment target type
Assignment target
Assignment status
Assignment created at
IAMid of the identity that created the assignment
Assignment modified at
IAMid of the identity that last modified the assignment
Entity tag for this assignment record
Context with key properties for problem determination.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
Assignment history
Href
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
successful operation
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "resources": [ { "target": "5bbe28be34524e88a34d37d1f2294a8a", "profile": { "resource_created": { "id": "Profile-3bbfaa70-ec17-4c92-b81f-dfbda2a3" }, "status": "succeeded" } } ], "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 1, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "succeeded", "resources": [ { "target": "5bbe28be34524e88a34d37d1f2294a8a", "profile": { "resource_created": { "id": "Profile-3bbfaa70-ec17-4c92-b81f-dfbda2a3" }, "status": "succeeded" } } ], "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
Delete assignment
Delete a trusted profile assignment. This removes any IAM resources created by this assignment in child accounts.
Delete a trusted profile assignment. This removes any IAM resources created by this assignment in child accounts.
Delete a trusted profile assignment. This removes any IAM resources created by this assignment in child accounts.
Delete a trusted profile assignment. This removes any IAM resources created by this assignment in child accounts.
Delete a trusted profile assignment. This removes any IAM resources created by this assignment in child accounts.
DELETE /v1/profile_assignments/{assignment_id}
(iamIdentity *IamIdentityV1) DeleteTrustedProfileAssignment(deleteTrustedProfileAssignmentOptions *DeleteTrustedProfileAssignmentOptions) (result *ExceptionResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) DeleteTrustedProfileAssignmentWithContext(ctx context.Context, deleteTrustedProfileAssignmentOptions *DeleteTrustedProfileAssignmentOptions) (result *ExceptionResponse, response *core.DetailedResponse, err error)
ServiceCall<ExceptionResponse> deleteTrustedProfileAssignment(DeleteTrustedProfileAssignmentOptions deleteTrustedProfileAssignmentOptions)
deleteTrustedProfileAssignment(params)
delete_trusted_profile_assignment(
self,
assignment_id: str,
**kwargs,
) -> DetailedResponse
Request
Instantiate the DeleteTrustedProfileAssignmentOptions
struct and set the fields to provide parameter values for the DeleteTrustedProfileAssignment
method.
Use the DeleteTrustedProfileAssignmentOptions.Builder
to create a DeleteTrustedProfileAssignmentOptions
object that contains the parameter values for the deleteTrustedProfileAssignment
method.
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the Assignment Record
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The DeleteTrustedProfileAssignment options.
ID of the Assignment Record.
The deleteTrustedProfileAssignment options.
ID of the Assignment Record.
parameters
ID of the Assignment Record.
parameters
ID of the Assignment Record.
curl -X DELETE "https://iam.cloud.ibm.com/v1/profile_assignments/<assignment_id>" --header "Authorization: Bearer $TOKEN"
deleteOptions := &iamidentityv1.DeleteTrustedProfileAssignmentOptions{ AssignmentID: &profileTemplateAssignmentId, } excResponse, response, err := iamIdentityService.DeleteTrustedProfileAssignment(deleteOptions)
DeleteTrustedProfileAssignmentOptions deleteOptions = new DeleteTrustedProfileAssignmentOptions.Builder() .assignmentId(profileTemplateAssignmentId) .build(); Response<ExceptionResponse> deleteResponse = service.deleteTrustedProfileAssignment(deleteOptions).execute();
const params = { assignmentId: profileTemplateAssignmentId, } try { const res = await iamIdentityService.deleteTrustedProfileAssignment(params); } catch (err) { console.warn(err); }
delete_response = iam_identity_service.delete_trusted_profile_assignment( assignment_id=profile_template_assignment_id )
Response
Response body parameters in case of error situations.
Error message code of the REST Exception.
List of errors that occured.
Context with key properties for problem determination.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- Errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Response body parameters in case of error situations.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Error message code of the REST Exception.
List of errors that occured.
- errors
Error code of the REST Exception.
Error message code of the REST Exception.
Error message of the REST Exception. Error messages are derived base on the input locale of the REST request and the available Message catalogs. Dynamic fallback to 'us-english' is happening if no message catalog is available for the provided input locale.
Error details of the REST Exception.
Unique ID of the requst.
Status Code
Request to delete assignment is accepted
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Template not found
Internal Server error
No Sample Response
Update assignment
Update a trusted profile assignment. Call this method to retry failed assignments or migrate the trusted profile in child accounts to a new version.
Update a trusted profile assignment. Call this method to retry failed assignments or migrate the trusted profile in child accounts to a new version.
Update a trusted profile assignment. Call this method to retry failed assignments or migrate the trusted profile in child accounts to a new version.
Update a trusted profile assignment. Call this method to retry failed assignments or migrate the trusted profile in child accounts to a new version.
Update a trusted profile assignment. Call this method to retry failed assignments or migrate the trusted profile in child accounts to a new version.
PATCH /v1/profile_assignments/{assignment_id}
(iamIdentity *IamIdentityV1) UpdateTrustedProfileAssignment(updateTrustedProfileAssignmentOptions *UpdateTrustedProfileAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
(iamIdentity *IamIdentityV1) UpdateTrustedProfileAssignmentWithContext(ctx context.Context, updateTrustedProfileAssignmentOptions *UpdateTrustedProfileAssignmentOptions) (result *TemplateAssignmentResponse, response *core.DetailedResponse, err error)
ServiceCall<TemplateAssignmentResponse> updateTrustedProfileAssignment(UpdateTrustedProfileAssignmentOptions updateTrustedProfileAssignmentOptions)
updateTrustedProfileAssignment(params)
update_trusted_profile_assignment(
self,
assignment_id: str,
if_match: str,
template_version: int,
**kwargs,
) -> DetailedResponse
Request
Instantiate the UpdateTrustedProfileAssignmentOptions
struct and set the fields to provide parameter values for the UpdateTrustedProfileAssignment
method.
Use the UpdateTrustedProfileAssignmentOptions.Builder
to create a UpdateTrustedProfileAssignmentOptions
object that contains the parameter values for the updateTrustedProfileAssignment
method.
Custom Headers
Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
ID of the Assignment Record
Request to update an assignment
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
WithContext method only
A context.Context instance that you can use to specify a timeout for the operation or to cancel an in-flight request.
The UpdateTrustedProfileAssignment options.
ID of the Assignment Record.
Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
The updateTrustedProfileAssignment options.
ID of the Assignment Record.
Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
parameters
ID of the Assignment Record.
Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
parameters
ID of the Assignment Record.
Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. This might result in stale updates.
Template version to be applied to the assignment. To retry all failed assignments, provide the existing version. To migrate to a different version, provide the new version number.
Possible values: value ≥ 1
curl -X PATCH "https://iam.cloud.ibm.com/v1/profile_assignments/<assignment_id>" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json" --data '{ "template_version": 2 }'
updateOptions := &iamidentityv1.UpdateTrustedProfileAssignmentOptions{ AssignmentID: &profileTemplateAssignmentId, TemplateVersion: &profileTemplateVersion, IfMatch: &profileTemplateAssignmentEtag, } updateResponse, response, err := iamIdentityService.UpdateTrustedProfileAssignment(updateOptions) b, _ := json.MarshalIndent(updateResponse, "", " ") fmt.Println(string(b)) // Grab the Etag and id for use by other test methods. profileTemplateAssignmentEtag = response.GetHeaders().Get("Etag")
UpdateTrustedProfileAssignmentOptions updateOptions = new UpdateTrustedProfileAssignmentOptions.Builder() .assignmentId(profileTemplateAssignmentId) .templateVersion(profileTemplateVersion) .ifMatch(profileTemplateAssignmentEtag) .build(); Response<TemplateAssignmentResponse> updateResponse = service.updateTrustedProfileAssignment(updateOptions).execute(); TemplateAssignmentResponse updateResult = updateResponse.getResult(); // Grab the Etag value from the response for use in the update operation. profileTemplateAssignmentEtag = updateResponse.getHeaders().values("Etag").get(0); System.out.println(updateResult);
const assignParams = { assignmentId: profileTemplateAssignmentId, templateVersion: profileTemplateVersion, ifMatch: profileTemplateAssignmentEtag, } try { const assRes = await iamIdentityService.updateTrustedProfileAssignment(assignParams); console.log(JSON.stringify(assRes.result, null, 2)); } catch (err) { console.warn(err); }
assign_response = iam_identity_service.update_trusted_profile_assignment( assignment_id=profile_template_assignment_id, template_version=profile_template_version, if_match=profile_template_assignment_etag, ) assignment = assign_response.get_result() print('\nupdate_profile_template_assignment response: ', json.dumps(assignment, indent=2))
Response
Response body format for Template Assignment Record
Assignment record Id
Enterprise account Id
Template Id
Template version
Assignment target type
Assignment target
Assignment status
Assignment created at
IAMid of the identity that created the assignment
Assignment modified at
IAMid of the identity that last modified the assignment
Entity tag for this assignment record
Context with key properties for problem determination.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
Assignment history
Href
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- Context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- Resources
Target account where the IAM resource is created.
- Profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- AccountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- PolicyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- ResourceCreated
Id of the created resource.
Body parameters for assignment error.
- ErrorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- History
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- accountSettings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policyTemplateRefs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resourceCreated
Id of the created resource.
Body parameters for assignment error.
- errorMessage
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Response body format for Template Assignment Record.
Context with key properties for problem determination.
- context
The transaction ID of the inbound REST request.
The operation of the inbound REST request.
The user agent of the inbound REST request.
The URL of that cluster.
The instance ID of the server instance processing the request.
The thread ID of the server instance processing the request.
The host of the server instance processing the request.
The start time of the request.
The finish time of the request.
The elapsed time in msec.
The cluster name.
Assignment record Id.
Enterprise account Id.
Template Id.
Template version.
Assignment target type.
Assignment target.
Assignment status.
Status breakdown per target account of IAM resources created or errors encountered in attempting to create those IAM resources. IAM resources are only included in the response providing the assignment is not in progress. IAM resources are also only included when getting a single assignment, and excluded by list APIs.
- resources
Target account where the IAM resource is created.
- profile
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
- account_settings
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Policy resource(s) included only for trusted profile assignments with policy references.
- policy_template_refs
Policy Template Id, only returned for a profile assignment with policy references.
Policy version, only returned for a profile assignment with policy references.
Body parameters for created resource.
- resource_created
Id of the created resource.
Body parameters for assignment error.
- error_message
Name of the error.
Internal error code.
Error message detailing the nature of the error.
Internal status code for the error.
Status for the target account's assignment.
Assignment history.
- history
Timestamp when the action was triggered.
IAM ID of the identity which triggered the action.
Account of the identity which triggered the action.
Action of the history entry.
Params of the history entry.
Message which summarizes the executed action.
Href.
Assignment created at.
IAMid of the identity that created the assignment.
Assignment modified at.
IAMid of the identity that last modified the assignment.
Entity tag for this assignment record.
Status Code
successful operation
Successful Assignment Record update
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
Internal Server error
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 2, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
{ "id": "TemplateAssignment-3bbfaa70-ec17-4c92-b81f-acfd013695a0", "account_id": "5bbe28be34524e88a34d37d1f2294a8a", "template_id": "ProfileTemplate-cac1b203-5956-4981-bdec-0a4af4feab4d", "template_version": 2, "target_type": "Account", "target": "5bbe28be34524e88a34d37d1f2294a8a", "status": "accepted", "created_at": "2023-05-09T13:01:27:946+0000", "created_by_id": "IBMid-550005G0RQ", "last_modified_at": "2023-05-09T13:10:04:480+0000", "last_modified_by_id": "IBMid-550005G0RQ", "entity_tag": "1-a0b520d828d9c0483aa2b623db8d09e6" }
Update Identity Preference on scope account
Update one Identity Preference on scope 'account'.
PUT /v1/preferences/accounts/{account_id}/identities/{iam_id}/{service}/{preference_id}
Request
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Account id to update preference for
IAM id to update the preference for
Service of the preference to be updated
Identifier of preference to be updated
Request to create one identity preference on scope 'acount'.
contains a string value of the preference. only one value property is set, either 'value_string' or 'value_list_of_strings' is present.
contains a list of string values of the preference. only one value property is set, either 'value_string' or 'value_list_of_strings' is present.
curl -X PUT "https://iam.test.cloud.ibm.com/v1/preferences/accounts/ACCOUNT_ID/identities/IAM_ID/SERVICE/PREFERENCE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
Response
Service of the preference
Unique ID of the preference
Account ID of the preference, only present for scope 'account'
Scope of the preference, 'global' or 'account'
String value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present.
List of value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present.
Status Code
successful operation
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
preference not found
Internal Server error
{ "service": "sample service", "id": "unique_id_of_preference", "account_id": "18e3020749ce4744b0b472466d61fdb4", "scope": "account", "value_string": "preference_value" }
Delete Identity Preference on scope account
Delete one Identity Preference on scope 'account'.
DELETE /v1/preferences/accounts/{account_id}/identities/{iam_id}/{service}/{preference_id}
Request
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Account id to delete preference for
IAM id to delete the preference for
Service of the preference to be deleted
Identifier of preference to be deleted
curl -X DELETE "https://iam.test.cloud.ibm.com/v1/preferences/accounts/ACCOUNT_ID/identities/IAM_ID/SERVICE/PREFERENCE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
Response
Response body parameters in case of error situations.
Error message code of the REST Exception.
List of errors that occured.
Context with key properties for problem determination.
Unique ID of the requst.
Status Code
Deleted Successful - no further details.
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
preference not found
Internal Server error
No Sample Response
Get Identity Preference on scope account
Get one Identity Preference on scope 'account'.
GET /v1/preferences/accounts/{account_id}/identities/{iam_id}/{service}/{preference_id}
Request
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Account id to get preference for
IAM id to get the preference for
Service of the preference to be fetched
Identifier of preference to be fetched
curl -X GET "https://iam.test.cloud.ibm.com/v1/preferences/accounts/ACCOUNT_ID/identities/IAM_ID/SERVICE/PREFERENCE_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
Response
Service of the preference
Unique ID of the preference
Account ID of the preference, only present for scope 'account'
Scope of the preference, 'global' or 'account'
String value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present.
List of value of the preference, only one value property is set, either 'value_string' or 'value_list_of_strings' is present.
Status Code
successful operation
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
preference not found
Internal Server error
{ "service": "sample service", "id": "unique_id_of_preference", "scope": "global", "value_string": "preference_value" }
Get all Identity Preferences for one account
Get all Identity Preferences for one account / user combination.
GET /v1/preferences/accounts/{account_id}/identities/{iam_id}
Request
Custom Headers
Authorization Token used for the request. The supported token type is a Cloud IAM Access Token. If the token is omitted the request will fail with BXNIM0308E: 'No authorization header found'. Make sure that the provided token has the required authority for the request.
Path Parameters
Account id to get preferences for
IAM id to get the preferences for
curl -X GET "https://iam.test.cloud.ibm.com/v1/preferences/accounts/ACCOUNT_ID/identities/IAM_ID" --header "Authorization: Bearer $TOKEN" --header "Content-Type: application/json"
Response
List of Identity Preferences
Status Code
Successful - Get list of all Identity preferences for one account / user combination
Parameter validation failed. Response if required parameters are missing or if parameter values are invalid.
The incoming request did not contain a valid authentication information.
The incoming request is valid but the user is not allowed to perform the requested action.
User iam_id or account_id does not match Authorization token or not found.
Internal Server error
[ { "service": "sample service1", "id": "unique_id_of_preference", "account_id": "18e3020749ce4744b0b472466d61fdb4", "scope": "account", "value_string": "preference_value" }, { "service": "sample service2", "id": "unique_id_of_preference", "account_id": "18e3020749ce4744b0b472466d61fdb4", "scope": "account", "value_string": "preference_value" } ]