fix(IAM Policy Management): add nested conditions to rule.conditions (#…

…218) Signed-off-by: Shaun Colley <[email protected]>
IBM · Oct 31, 2023 · 653fdfa · 653fdfa
1 parent 1e62d05
commit 653fdfa
Show file tree

Hide file tree

Showing 15 changed files with 823 additions and 56 deletions.
diff --git a/...com/ibm/cloud/platform_services/iam_policy_management/v1/IamPolicyManagementExamples.java b/...com/ibm/cloud/platform_services/iam_policy_management/v1/IamPolicyManagementExamples.java
@@ -43,7 +43,7 @@
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.V2PolicyTemplateMetaData;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.V2PolicyResourceAttribute;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.V2PolicyResourceTag;
-import com.ibm.cloud.platform_services.iam_policy_management.v1.model.RuleAttribute;
+import com.ibm.cloud.platform_services.iam_policy_management.v1.model.RuleAttributeWithConditions;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.Control;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.Grant;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.V2PolicyResource;
@@ -57,6 +57,7 @@
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyAssignmentResources;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplate;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateCollection;
+import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateLimitData;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateMetaData;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateVersionsCollection;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.TemplatePolicy;
@@ -393,27 +394,27 @@ public static void main(String[] args) throws Exception {
               .grant(policyGrant)
               .build();
 
-      RuleAttribute weeklyConditionAttribute = new RuleAttribute.Builder()
+      RuleAttributeWithConditions weeklyConditionAttribute = new RuleAttributeWithConditions.Builder()
               .key("{{environment.attributes.day_of_week}}")
               .value(new ArrayList<String>(Arrays.asList("1+00:00", "2+00:00", "3+00:00", "4+00:00", "5+00:00")))
               .operator("dayOfWeekAnyOf")
               .build();
 
-      RuleAttribute startConditionAttribute = new RuleAttribute.Builder()
+      RuleAttributeWithConditions startConditionAttribute = new RuleAttributeWithConditions.Builder()
               .key("{{environment.attributes.current_time}}")
               .value("09:00:00+00:00")
               .operator("timeGreaterThanOrEquals")
               .build();
 
-      RuleAttribute endConditionAttribute = new RuleAttribute.Builder()
+      RuleAttributeWithConditions endConditionAttribute = new RuleAttributeWithConditions.Builder()
               .key("{{environment.attributes.current_time}}")
               .value("17:00:00+00:00")
               .operator("timeLessThanOrEquals")
               .build();
 
       V2PolicyRuleRuleWithConditions policyRule = new V2PolicyRuleRuleWithConditions.Builder()
               .operator("and")
-              .conditions(new ArrayList<RuleAttribute>(Arrays.asList(weeklyConditionAttribute, startConditionAttribute, endConditionAttribute)))
+              .conditions(new ArrayList<RuleAttributeWithConditions>(Arrays.asList(weeklyConditionAttribute, startConditionAttribute, endConditionAttribute)))
               .build();
 
       CreateV2PolicyOptions options = new CreateV2PolicyOptions.Builder()
@@ -510,27 +511,27 @@ public static void main(String[] args) throws Exception {
               .grant(policyGrant)
               .build();
 
-      RuleAttribute weeklyConditionAttribute = new RuleAttribute.Builder()
+      RuleAttributeWithConditions weeklyConditionAttribute = new RuleAttributeWithConditions.Builder()
               .key("{{environment.attributes.day_of_week}}")
               .value(new ArrayList<String>(Arrays.asList("1+00:00", "2+00:00", "3+00:00", "4+00:00", "5+00:00")))
               .operator("dayOfWeekAnyOf")
               .build();
 
-      RuleAttribute startConditionAttribute = new RuleAttribute.Builder()
+      RuleAttributeWithConditions startConditionAttribute = new RuleAttributeWithConditions.Builder()
               .key("{{environment.attributes.current_time}}")
               .value("09:00:00+00:00")
               .operator("timeGreaterThanOrEquals")
               .build();
 
-      RuleAttribute endConditionAttribute = new RuleAttribute.Builder()
+      RuleAttributeWithConditions endConditionAttribute = new RuleAttributeWithConditions.Builder()
               .key("{{environment.attributes.current_time}}")
               .value("17:00:00+00:00")
               .operator("timeLessThanOrEquals")
               .build();
 
       V2PolicyRuleRuleWithConditions policyRule = new V2PolicyRuleRuleWithConditions.Builder()
               .operator("and")
-              .conditions(new ArrayList<RuleAttribute>(Arrays.asList(weeklyConditionAttribute, startConditionAttribute, endConditionAttribute)))
+              .conditions(new ArrayList<RuleAttributeWithConditions>(Arrays.asList(weeklyConditionAttribute, startConditionAttribute, endConditionAttribute)))
               .build();
 
       ReplaceV2PolicyOptions options = new ReplaceV2PolicyOptions.Builder()
@@ -738,8 +739,8 @@ public static void main(String[] args) throws Exception {
         .policy(templatePolicyModel)
         .build();
 
-      Response<PolicyTemplate> response = service.createPolicyTemplate(createPolicyTemplateOptions).execute();
-      PolicyTemplate policyTemplate = response.getResult();
+      Response<PolicyTemplateLimitData> response = service.createPolicyTemplate(createPolicyTemplateOptions).execute();
+      PolicyTemplateLimitData policyTemplate = response.getResult();
 
       System.out.println(policyTemplate);
       // end-create_policy_template
@@ -859,8 +860,8 @@ public static void main(String[] args) throws Exception {
         .policy(templatePolicyModel)
         .build();
 
-      Response<PolicyTemplate> response = service.createPolicyTemplateVersion(createPolicyTemplateVersionOptions).execute();
-      PolicyTemplate policyTemplate = response.getResult();
+      Response<PolicyTemplateLimitData> response = service.createPolicyTemplateVersion(createPolicyTemplateVersionOptions).execute();
+      PolicyTemplateLimitData policyTemplate = response.getResult();
 
       System.out.println(policyTemplate);
       // end-create_policy_template_version

diff --git a/...in/java/com/ibm/cloud/platform_services/iam_policy_management/v1/IamPolicyManagement.java b/...in/java/com/ibm/cloud/platform_services/iam_policy_management/v1/IamPolicyManagement.java
@@ -12,7 +12,7 @@
  */
 
 /*
- * IBM OpenAPI SDK Code Generator Version: 3.79.0-2eb6af3d-20230905-174838
+ * IBM OpenAPI SDK Code Generator Version: 3.81.0-c73a091c-20231026-215706
  */
 
 package com.ibm.cloud.platform_services.iam_policy_management.v1;
@@ -49,6 +49,7 @@
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplate;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateAssignmentCollection;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateCollection;
+import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateLimitData;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateMetaData;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.PolicyTemplateVersionsCollection;
 import com.ibm.cloud.platform_services.iam_policy_management.v1.model.ReplacePolicyOptions;
@@ -208,12 +209,13 @@ public ServiceCall<PolicyCollection> listPolicies(ListPoliciesOptions listPolici
    * their support of authorization policies. To create an authorization policy, use **`"type": "authorization"`** in
    * the body. The subject attributes must match the supported authorization subjects of the resource. Multiple subject
    * attributes might be provided. The following attributes are supported:
-   *   serviceName, serviceInstance, region, resourceType, resource, accountId Assign roles that are supported by the
-   * service or platform roles. For more information, see [IAM roles and
+   *   serviceName, serviceInstance, region, resourceType, resource, accountId, resourceGroupId Assign roles that are
+   * supported by the service or platform roles. For more information, see [IAM roles and
    * actions](/docs/account?topic=account-iam-service-roles-actions). The user must also have the same level of access
    * or greater to the target resource in order to grant the role. Use only the resource attributes supported by the
    * service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
-   * Both the policy subject and the policy resource must include the **`serviceName`** and **`accountId`** attributes.
+   * Both the policy subject and the policy resource must include the **`accountId`** attributes. The policy subject
+   * must include either **`serviceName`** or **`resourceGroupId`** (or both) attributes.
    *
    * ### Attribute Operators
    *
@@ -278,12 +280,13 @@ public ServiceCall<Policy> createPolicy(CreatePolicyOptions createPolicyOptions)
    * To update an authorization policy, use **`"type": "authorization"`** in the body. The subject attributes must match
    * the supported authorization subjects of the resource. Multiple subject attributes might be provided. The following
    * attributes are supported:
-   *   serviceName, serviceInstance, region, resourceType, resource, accountId Assign roles that are supported by the
-   * service or platform roles. For more information, see [IAM roles and
+   *   serviceName, serviceInstance, region, resourceType, resource, accountId, resourceGroupId Assign roles that are
+   * supported by the service or platform roles. For more information, see [IAM roles and
    * actions](/docs/account?topic=account-iam-service-roles-actions). The user must also have the same level of access
    * or greater to the target resource in order to grant the role. Use only the resource attributes supported by the
    * service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
-   * Both the policy subject and the policy resource must include the **`serviceName`** and **`accountId`** attributes.
+   * Both the policy subject and the policy resource must include the **`accountId`** attributes. The policy subject
+   * must include either **`serviceName`** or **`resourceGroupId`** (or both) attributes.
    *
    * ### Attribute Operators
    *
@@ -691,6 +694,20 @@ public ServiceCall<V2PolicyCollection> listV2Policies(ListV2PoliciesOptions list
    * conditions](https://cloud.ibm.com/docs/account?topic=account-iam-time-based&amp;interface=ui). If the subject is a
    * locked service-id, the request will fail.
    *
+   * ### Authorization
+   *
+   * Authorization policies are supported by services on a case by case basis. Refer to service documentation to verify
+   * their support of authorization policies. To create an authorization policy, use **`"type": "authorization"`** in
+   * the body. The subject attributes must match the supported authorization subjects of the resource. Multiple subject
+   * attributes might be provided. The following attributes are supported:
+   *   serviceName, serviceInstance, region, resourceType, resource, accountId, resourceGroupId Assign roles that are
+   * supported by the service or platform roles. For more information, see [IAM roles and
+   * actions](/docs/account?topic=account-iam-service-roles-actions). The user must also have the same level of access
+   * or greater to the target resource in order to grant the role. Use only the resource attributes supported by the
+   * service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
+   * Both the policy subject and the policy resource must include the **`accountId`** attributes. The policy subject
+   * must include either **`serviceName`** or **`resourceGroupId`** (or both) attributes.
+   *
    * ### Attribute Operators
    *
    * Currently, only the `stringEquals`, `stringMatch`, and `stringEquals` operators are available. For more
@@ -750,7 +767,7 @@ public ServiceCall<V2Policy> createV2Policy(CreateV2PolicyOptions createV2Policy
    *
    * ### Access
    *
-   * To create an access policy, use **`"type": "access"`** in the body. The supported subject attributes are
+   * To update an access policy, use **`"type": "access"`** in the body. The supported subject attributes are
    * **`iam_id`** and **`access_group_id`**. Use the **`iam_id`** subject attribute to assign access to a user or
    * service-id. Use the **`access_group_id`** subject attribute to assign access to an access group. Assign roles that
    * are supported by the service or platform roles. For more information, see [IAM roles and
@@ -790,6 +807,20 @@ public ServiceCall<V2Policy> createV2Policy(CreateV2PolicyOptions createV2Policy
    * and
    * [Limiting access with time-based
    * conditions](https://cloud.ibm.com/docs/account?topic=account-iam-time-based&amp;interface=ui).
+   *
+   * ### Authorization
+   *
+   * To update an authorization policy, use **`"type": "authorization"`** in the body. The subject attributes must match
+   * the supported authorization subjects of the resource. Multiple subject attributes might be provided. The following
+   * attributes are supported:
+   *   serviceName, serviceInstance, region, resourceType, resource, accountId, resourceGroupId Assign roles that are
+   * supported by the service or platform roles. For more information, see [IAM roles and
+   * actions](/docs/account?topic=account-iam-service-roles-actions). The user must also have the same level of access
+   * or greater to the target resource in order to grant the role. Use only the resource attributes supported by the
+   * service. To view a service's or the platform's supported attributes, check the [documentation](/docs?tab=all-docs).
+   * Both the policy subject and the policy resource must include the **`accountId`** attributes. The policy subject
+   * must include either **`serviceName`** or **`resourceGroupId`** (or both) attributes.
+   *
    * ### Attribute Operators
    *
    * Currently, only the `stringEquals`, `stringMatch`, and `stringEquals` operators are available. For more
@@ -928,9 +959,9 @@ public ServiceCall<PolicyTemplateCollection> listPolicyTemplates(ListPolicyTempl
    * grant access to multiple subjects.
    *
    * @param createPolicyTemplateOptions the {@link CreatePolicyTemplateOptions} containing the options for the call
-   * @return a {@link ServiceCall} with a result of type {@link PolicyTemplate}
+   * @return a {@link ServiceCall} with a result of type {@link PolicyTemplateLimitData}
    */
-  public ServiceCall<PolicyTemplate> createPolicyTemplate(CreatePolicyTemplateOptions createPolicyTemplateOptions) {
+  public ServiceCall<PolicyTemplateLimitData> createPolicyTemplate(CreatePolicyTemplateOptions createPolicyTemplateOptions) {
     com.ibm.cloud.sdk.core.util.Validator.notNull(createPolicyTemplateOptions,
       "createPolicyTemplateOptions cannot be null");
     RequestBuilder builder = RequestBuilder.post(RequestBuilder.resolveRequestUrl(getServiceUrl(), "/v1/policy_templates"));
@@ -953,8 +984,8 @@ public ServiceCall<PolicyTemplate> createPolicyTemplate(CreatePolicyTemplateOpti
       contentJson.addProperty("committed", createPolicyTemplateOptions.committed());
     }
     builder.bodyJson(contentJson);
-    ResponseConverter<PolicyTemplate> responseConverter =
-      ResponseConverterUtils.getValue(new com.google.gson.reflect.TypeToken<PolicyTemplate>() { }.getType());
+    ResponseConverter<PolicyTemplateLimitData> responseConverter =
+      ResponseConverterUtils.getValue(new com.google.gson.reflect.TypeToken<PolicyTemplateLimitData>() { }.getType());
     return createServiceCall(builder.build(), responseConverter);
   }
 
@@ -1013,9 +1044,9 @@ public ServiceCall<Void> deletePolicyTemplate(DeletePolicyTemplateOptions delete
    * committed.
    *
    * @param createPolicyTemplateVersionOptions the {@link CreatePolicyTemplateVersionOptions} containing the options for the call
-   * @return a {@link ServiceCall} with a result of type {@link PolicyTemplate}
+   * @return a {@link ServiceCall} with a result of type {@link PolicyTemplateLimitData}
    */
-  public ServiceCall<PolicyTemplate> createPolicyTemplateVersion(CreatePolicyTemplateVersionOptions createPolicyTemplateVersionOptions) {
+  public ServiceCall<PolicyTemplateLimitData> createPolicyTemplateVersion(CreatePolicyTemplateVersionOptions createPolicyTemplateVersionOptions) {
     com.ibm.cloud.sdk.core.util.Validator.notNull(createPolicyTemplateVersionOptions,
       "createPolicyTemplateVersionOptions cannot be null");
     Map<String, String> pathParamsMap = new HashMap<String, String>();
@@ -1038,8 +1069,8 @@ public ServiceCall<PolicyTemplate> createPolicyTemplateVersion(CreatePolicyTempl
       contentJson.addProperty("committed", createPolicyTemplateVersionOptions.committed());
     }
     builder.bodyJson(contentJson);
-    ResponseConverter<PolicyTemplate> responseConverter =
-      ResponseConverterUtils.getValue(new com.google.gson.reflect.TypeToken<PolicyTemplate>() { }.getType());
+    ResponseConverter<PolicyTemplateLimitData> responseConverter =
+      ResponseConverterUtils.getValue(new com.google.gson.reflect.TypeToken<PolicyTemplateLimitData>() { }.getType());
     return createServiceCall(builder.build(), responseConverter);
   }
 

diff --git a/...c/main/java/com/ibm/cloud/platform_services/iam_policy_management/v1/model/LimitData.java b/...c/main/java/com/ibm/cloud/platform_services/iam_policy_management/v1/model/LimitData.java
@@ -0,0 +1,49 @@
+/*
+ * (C) Copyright IBM Corp. 2023.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
+ * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+package com.ibm.cloud.platform_services.iam_policy_management.v1.model;
+
+import com.ibm.cloud.sdk.core.service.model.GenericModel;
+
+/**
+ * policy template current and limit details with in an account.
+ */
+public class LimitData extends GenericModel {
+
+  protected Long current;
+  protected Long limit;
+
+  protected LimitData() { }
+
+  /**
+   * Gets the current.
+   *
+   * policy template current count.
+   *
+   * @return the current
+   */
+  public Long getCurrent() {
+    return current;
+  }
+
+  /**
+   * Gets the limit.
+   *
+   * policy template limit count.
+   *
+   * @return the limit
+   */
+  public Long getLimit() {
+    return limit;
+  }
+}
+