Skip to content

Commit

Permalink
fix(IAM Policy Management): add restore policy functionality (#98)
Browse files Browse the repository at this point in the history
Co-authored-by: Phil Adams <[email protected]>
Co-authored-by: Guillermo <[email protected]>
  • Loading branch information
3 people authored Apr 6, 2021
1 parent b35b767 commit 75529fc
Show file tree
Hide file tree
Showing 4 changed files with 484 additions and 78 deletions.
213 changes: 176 additions & 37 deletions iampolicymanagementv1/iam_policy_management_v1.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,8 @@
*/

/*
* IBM OpenAPI SDK Code Generator Version: 99-SNAPSHOT-9b90c5f5-20210129-120415
* IBM OpenAPI SDK Code Generator Version: 3.29.1-b338fb38-20210313-010605
*/


// Package iampolicymanagementv1 : Operations and models for the IamPolicyManagementV1 service
package iampolicymanagementv1
Expand Down Expand Up @@ -163,9 +162,9 @@ func (iamPolicyManagement *IamPolicyManagementV1) DisableRetries() {
// ListPolicies : Get policies by attributes
// Get policies and filter by attributes. While managing policies, you may want to retrieve policies in the account and
// filter by attribute values. This can be done through query parameters. Currently, only the following attributes are
// supported: account_id, iam_id, access_group_id, type, service_type, sort and format. account_id is a required query
// parameter. Only policies that have the specified attributes and that the caller has read access to are returned. If
// the caller does not have read access to any policies an empty array is returned.
// supported: account_id, iam_id, access_group_id, type, service_type, sort, format and state. account_id is a required
// query parameter. Only policies that have the specified attributes and that the caller has read access to are
// returned. If the caller does not have read access to any policies an empty array is returned.
func (iamPolicyManagement *IamPolicyManagementV1) ListPolicies(listPoliciesOptions *ListPoliciesOptions) (result *PolicyList, response *core.DetailedResponse, err error) {
return iamPolicyManagement.ListPoliciesWithContext(context.Background(), listPoliciesOptions)
}
Expand Down Expand Up @@ -227,6 +226,9 @@ func (iamPolicyManagement *IamPolicyManagementV1) ListPoliciesWithContext(ctx co
if listPoliciesOptions.Format != nil {
builder.AddQuery("format", fmt.Sprint(*listPoliciesOptions.Format))
}
if listPoliciesOptions.State != nil {
builder.AddQuery("state", fmt.Sprint(*listPoliciesOptions.State))
}

request, err := builder.Build()
if err != nil {
Expand All @@ -252,17 +254,23 @@ func (iamPolicyManagement *IamPolicyManagementV1) ListPoliciesWithContext(ctx co
// **authorization**. A policy administrator might want to create an access policy which grants access to a user,
// service-id, or an access group. They might also want to create an authorization policy and setup access between
// services.
// ### Access To create an access policy, use **`"type": "access"`** in the body. The possible subject attributes are
// **`iam_id`** and **`access_group_id`**. Use the **`iam_id`** subject attribute for assigning access for a user or
// service-id. Use the **`access_group_id`** subject attribute for assigning access for an access group. The roles must
// be a subset of a service's or the platform's supported roles. The resource attributes must be a subset of a service's
// or the platform's supported attributes. The policy resource must include either the **`serviceType`**,
// **`serviceName`**, or **`resourceGroupId`** attribute and the **`accountId`** attribute.` If the subject is a locked
// service-id, the request will fail.
// ### Authorization Authorization policies are supported by services on a case by case basis. Refer to service
// documentation to verify their support of authorization policies. To create an authorization policy, use **`"type":
// "authorization"`** in the body. The subject attributes must match the supported authorization subjects of the
// resource. Multiple subject attributes might be provided. The following attributes are supported:
//
// ### Access
//
// To create an access policy, use **`"type": "access"`** in the body. The possible subject attributes are **`iam_id`**
// and **`access_group_id`**. Use the **`iam_id`** subject attribute for assigning access for a user or service-id. Use
// the **`access_group_id`** subject attribute for assigning access for an access group. The roles must be a subset of a
// service's or the platform's supported roles. The resource attributes must be a subset of a service's or the
// platform's supported attributes. The policy resource must include either the **`serviceType`**, **`serviceName`**,
// or **`resourceGroupId`** attribute and the **`accountId`** attribute.` If the subject is a locked service-id, the
// request will fail.
//
// ### Authorization
//
// Authorization policies are supported by services on a case by case basis. Refer to service documentation to verify
// their support of authorization policies. To create an authorization policy, use **`"type": "authorization"`** in the
// body. The subject attributes must match the supported authorization subjects of the resource. Multiple subject
// attributes might be provided. The following attributes are supported:
// serviceName, serviceInstance, region, resourceType, resource, accountId The policy roles must be a subset of the
// supported authorization roles supported by the target service. The user must also have the same level of access or
// greater to the target resource in order to grant the role. The resource attributes must be a subset of a service's or
Expand Down Expand Up @@ -348,16 +356,22 @@ func (iamPolicyManagement *IamPolicyManagementV1) CreatePolicyWithContext(ctx co
// UpdatePolicy : Update a policy
// Update a policy to grant access between a subject and a resource. A policy administrator might want to update an
// existing policy. The policy type cannot be changed (You cannot change an access policy to an authorization policy).
// ### Access To update an access policy, use **`"type": "access"`** in the body. The possible subject attributes are
// **`iam_id`** and **`access_group_id`**. Use the **`iam_id`** subject attribute for assigning access for a user or
// service-id. Use the **`access_group_id`** subject attribute for assigning access for an access group. The roles must
// be a subset of a service's or the platform's supported roles. The resource attributes must be a subset of a service's
// or the platform's supported attributes. The policy resource must include either the **`serviceType`**,
// **`serviceName`**, or **`resourceGroupId`** attribute and the **`accountId`** attribute.` If the subject is a locked
// service-id, the request will fail.
// ### Authorization To update an authorization policy, use **`"type": "authorization"`** in the body. The subject
// attributes must match the supported authorization subjects of the resource. Multiple subject attributes might be
// provided. The following attributes are supported:
//
// ### Access
//
// To update an access policy, use **`"type": "access"`** in the body. The possible subject attributes are **`iam_id`**
// and **`access_group_id`**. Use the **`iam_id`** subject attribute for assigning access for a user or service-id. Use
// the **`access_group_id`** subject attribute for assigning access for an access group. The roles must be a subset of a
// service's or the platform's supported roles. The resource attributes must be a subset of a service's or the
// platform's supported attributes. The policy resource must include either the **`serviceType`**, **`serviceName`**,
// or **`resourceGroupId`** attribute and the **`accountId`** attribute.` If the subject is a locked service-id, the
// request will fail.
//
// ### Authorization
//
// To update an authorization policy, use **`"type": "authorization"`** in the body. The subject attributes must match
// the supported authorization subjects of the resource. Multiple subject attributes might be provided. The following
// attributes are supported:
// serviceName, serviceInstance, region, resourceType, resource, accountId The policy roles must be a subset of the
// supported authorization roles supported by the target service. The user must also have the same level of access or
// greater to the target resource in order to grant the role. The resource attributes must be a subset of a service's or
Expand Down Expand Up @@ -551,6 +565,78 @@ func (iamPolicyManagement *IamPolicyManagementV1) DeletePolicyWithContext(ctx co
return
}

// PatchPolicy : Restore a deleted policy by ID
// Restore a policy that has recently been deleted. A policy administrator might want to restore a deleted policy. To
// restore a policy, use **`"state": "active"`** in the body.
func (iamPolicyManagement *IamPolicyManagementV1) PatchPolicy(patchPolicyOptions *PatchPolicyOptions) (result *Policy, response *core.DetailedResponse, err error) {
return iamPolicyManagement.PatchPolicyWithContext(context.Background(), patchPolicyOptions)
}

// PatchPolicyWithContext is an alternate form of the PatchPolicy method which supports a Context parameter
func (iamPolicyManagement *IamPolicyManagementV1) PatchPolicyWithContext(ctx context.Context, patchPolicyOptions *PatchPolicyOptions) (result *Policy, response *core.DetailedResponse, err error) {
err = core.ValidateNotNil(patchPolicyOptions, "patchPolicyOptions cannot be nil")
if err != nil {
return
}
err = core.ValidateStruct(patchPolicyOptions, "patchPolicyOptions")
if err != nil {
return
}

pathParamsMap := map[string]string{
"policy_id": *patchPolicyOptions.PolicyID,
}

builder := core.NewRequestBuilder(core.PATCH)
builder = builder.WithContext(ctx)
builder.EnableGzipCompression = iamPolicyManagement.GetEnableGzipCompression()
_, err = builder.ResolveRequestURL(iamPolicyManagement.Service.Options.URL, `/v1/policies/{policy_id}`, pathParamsMap)
if err != nil {
return
}

for headerName, headerValue := range patchPolicyOptions.Headers {
builder.AddHeader(headerName, headerValue)
}

sdkHeaders := common.GetSdkHeaders("iam_policy_management", "V1", "PatchPolicy")
for headerName, headerValue := range sdkHeaders {
builder.AddHeader(headerName, headerValue)
}
builder.AddHeader("Accept", "application/json")
builder.AddHeader("Content-Type", "application/json")
if patchPolicyOptions.IfMatch != nil {
builder.AddHeader("If-Match", fmt.Sprint(*patchPolicyOptions.IfMatch))
}

body := make(map[string]interface{})
if patchPolicyOptions.State != nil {
body["state"] = patchPolicyOptions.State
}
_, err = builder.SetBodyContentJSON(body)
if err != nil {
return
}

request, err := builder.Build()
if err != nil {
return
}

var rawResponse map[string]json.RawMessage
response, err = iamPolicyManagement.Service.Request(request, &rawResponse)
if err != nil {
return
}
err = core.UnmarshalModel(rawResponse, "", &result, UnmarshalPolicy)
if err != nil {
return
}
response.Result = result

return
}

// ListRoles : Get roles by filters
// Get roles based on the filters. While managing roles, you may want to retrieve roles and filter by usages. This can
// be done through query parameters. Currently, we only support the following attributes: account_id, and service_name.
Expand Down Expand Up @@ -1189,6 +1275,9 @@ type ListPoliciesOptions struct {
// Include additional data per policy returned [include_last_permit, display].
Format *string

// The state of the policy, 'active' or 'deleted'.
State *string

// Allows users to set headers on API requests
Headers map[string]string
}
Expand Down Expand Up @@ -1260,6 +1349,12 @@ func (options *ListPoliciesOptions) SetFormat(format string) *ListPoliciesOption
return options
}

// SetState : Allow user to set State
func (options *ListPoliciesOptions) SetState(state string) *ListPoliciesOptions {
options.State = core.StringPtr(state)
return options
}

// SetHeaders : Allow user to set Headers
func (options *ListPoliciesOptions) SetHeaders(param map[string]string) *ListPoliciesOptions {
options.Headers = param
Expand Down Expand Up @@ -1310,6 +1405,54 @@ func (options *ListRolesOptions) SetHeaders(param map[string]string) *ListRolesO
return options
}

// PatchPolicyOptions : The PatchPolicy options.
type PatchPolicyOptions struct {
// The policy ID.
PolicyID *string `validate:"required,ne="`

// The revision number for updating a policy and must match the ETag value of the existing policy. The Etag can be
// retrieved using the GET /v1/policies/{policy_id} API and looking at the ETag response header.
IfMatch *string `validate:"required"`

// The policy state; either 'active' or 'deleted'.
State *string

// Allows users to set headers on API requests
Headers map[string]string
}

// NewPatchPolicyOptions : Instantiate PatchPolicyOptions
func (*IamPolicyManagementV1) NewPatchPolicyOptions(policyID string, ifMatch string) *PatchPolicyOptions {
return &PatchPolicyOptions{
PolicyID: core.StringPtr(policyID),
IfMatch: core.StringPtr(ifMatch),
}
}

// SetPolicyID : Allow user to set PolicyID
func (options *PatchPolicyOptions) SetPolicyID(policyID string) *PatchPolicyOptions {
options.PolicyID = core.StringPtr(policyID)
return options
}

// SetIfMatch : Allow user to set IfMatch
func (options *PatchPolicyOptions) SetIfMatch(ifMatch string) *PatchPolicyOptions {
options.IfMatch = core.StringPtr(ifMatch)
return options
}

// SetState : Allow user to set State
func (options *PatchPolicyOptions) SetState(state string) *PatchPolicyOptions {
options.State = core.StringPtr(state)
return options
}

// SetHeaders : Allow user to set Headers
func (options *PatchPolicyOptions) SetHeaders(param map[string]string) *PatchPolicyOptions {
options.Headers = param
return options
}

// UpdatePolicyOptions : The UpdatePolicy options.
type UpdatePolicyOptions struct {
// The policy ID.
Expand Down Expand Up @@ -1506,7 +1649,6 @@ type CustomRole struct {
Href *string `json:"href,omitempty"`
}


// UnmarshalCustomRole unmarshals an instance of CustomRole from the specified map of raw messages.
func UnmarshalCustomRole(m map[string]json.RawMessage, result interface{}) (err error) {
obj := new(CustomRole)
Expand Down Expand Up @@ -1600,8 +1742,10 @@ type Policy struct {

// The iam ID of the entity that last modified the policy.
LastModifiedByID *string `json:"last_modified_by_id,omitempty"`
}

// The policy state; either 'active' or 'deleted'.
State *string `json:"state,omitempty"`
}

// UnmarshalPolicy unmarshals an instance of Policy from the specified map of raw messages.
func UnmarshalPolicy(m map[string]json.RawMessage, result interface{}) (err error) {
Expand Down Expand Up @@ -1650,6 +1794,10 @@ func UnmarshalPolicy(m map[string]json.RawMessage, result interface{}) (err erro
if err != nil {
return
}
err = core.UnmarshalPrimitive(m, "state", &obj.State)
if err != nil {
return
}
reflect.ValueOf(result).Elem().Set(reflect.ValueOf(obj))
return
}
Expand All @@ -1660,7 +1808,6 @@ type PolicyList struct {
Policies []Policy `json:"policies,omitempty"`
}


// UnmarshalPolicyList unmarshals an instance of PolicyList from the specified map of raw messages.
func UnmarshalPolicyList(m map[string]json.RawMessage, result interface{}) (err error) {
obj := new(PolicyList)
Expand All @@ -1681,7 +1828,6 @@ type PolicyResource struct {
Tags []ResourceTag `json:"tags,omitempty"`
}


// UnmarshalPolicyResource unmarshals an instance of PolicyResource from the specified map of raw messages.
func UnmarshalPolicyResource(m map[string]json.RawMessage, result interface{}) (err error) {
obj := new(PolicyResource)
Expand Down Expand Up @@ -1709,7 +1855,6 @@ type PolicyRole struct {
Description *string `json:"description,omitempty"`
}


// NewPolicyRole : Instantiate PolicyRole (Generic Model Constructor)
func (*IamPolicyManagementV1) NewPolicyRole(roleID string) (model *PolicyRole, err error) {
model = &PolicyRole{
Expand Down Expand Up @@ -1744,7 +1889,6 @@ type PolicySubject struct {
Attributes []SubjectAttribute `json:"attributes,omitempty"`
}


// UnmarshalPolicySubject unmarshals an instance of PolicySubject from the specified map of raw messages.
func UnmarshalPolicySubject(m map[string]json.RawMessage, result interface{}) (err error) {
obj := new(PolicySubject)
Expand All @@ -1768,7 +1912,6 @@ type ResourceAttribute struct {
Operator *string `json:"operator,omitempty"`
}


// NewResourceAttribute : Instantiate ResourceAttribute (Generic Model Constructor)
func (*IamPolicyManagementV1) NewResourceAttribute(name string, value string) (model *ResourceAttribute, err error) {
model = &ResourceAttribute{
Expand Down Expand Up @@ -1810,7 +1953,6 @@ type ResourceTag struct {
Operator *string `json:"operator,omitempty"`
}


// NewResourceTag : Instantiate ResourceTag (Generic Model Constructor)
func (*IamPolicyManagementV1) NewResourceTag(name string, value string) (model *ResourceTag, err error) {
model = &ResourceTag{
Expand Down Expand Up @@ -1855,7 +1997,6 @@ type Role struct {
CRN *string `json:"crn,omitempty"`
}


// UnmarshalRole unmarshals an instance of Role from the specified map of raw messages.
func UnmarshalRole(m map[string]json.RawMessage, result interface{}) (err error) {
obj := new(Role)
Expand Down Expand Up @@ -1891,7 +2032,6 @@ type RoleList struct {
SystemRoles []Role `json:"system_roles,omitempty"`
}


// UnmarshalRoleList unmarshals an instance of RoleList from the specified map of raw messages.
func UnmarshalRoleList(m map[string]json.RawMessage, result interface{}) (err error) {
obj := new(RoleList)
Expand Down Expand Up @@ -1920,7 +2060,6 @@ type SubjectAttribute struct {
Value *string `json:"value" validate:"required"`
}


// NewSubjectAttribute : Instantiate SubjectAttribute (Generic Model Constructor)
func (*IamPolicyManagementV1) NewSubjectAttribute(name string, value string) (model *SubjectAttribute, err error) {
model = &SubjectAttribute{
Expand Down
25 changes: 25 additions & 0 deletions iampolicymanagementv1/iam_policy_management_v1_examples_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -249,6 +249,31 @@ var _ = Describe(`IamPolicyManagementV1 Examples Tests`, func() {
Expect(response.StatusCode).To(Equal(200))
Expect(policy).ToNot(BeNil())

examplePolicyETag = response.GetHeaders().Get("ETag")
})
It(`PatchPolicy request example`, func() {
// begin-patch_policy

options := iamPolicyManagementService.NewPatchPolicyOptions(
examplePolicyID,
examplePolicyETag,
)

options.SetState("active")

policy, response, err := iamPolicyManagementService.PatchPolicy(options)
if err != nil {
panic(err)
}
b, _ := json.MarshalIndent(policy, "", " ")
fmt.Println(string(b))

// end-patch_policy

Expect(err).To(BeNil())
Expect(response.StatusCode).To(Equal(200))
Expect(policy).ToNot(BeNil())

})
It(`ListPolicies request example`, func() {
// begin-list_policies
Expand Down
Loading

0 comments on commit 75529fc

Please sign in to comment.