diff --git a/examples/iam-access-groups.v2.test.js b/examples/iam-access-groups.v2.test.js index b0fcfd4c..75dcd102 100644 --- a/examples/iam-access-groups.v2.test.js +++ b/examples/iam-access-groups.v2.test.js @@ -2,7 +2,7 @@ * @jest-environment node */ /** - * (C) Copyright IBM Corp. 2020, 2022. + * (C) Copyright IBM Corp. 2023. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,14 +16,16 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -'use strict'; + +/* eslint-disable no-console */ +/* eslint-disable no-await-in-loop */ const IamAccessGroupsV2 = require('../dist/iam-access-groups/v2'); const { readExternalSources } = require('ibm-cloud-sdk-core'); const authHelper = require('../test/resources/auth-helper.js'); // -// This file provides an example of how to use the IAM Access Groups service. +// This file provides an example of how to use the iam-access-groups service. // // The following configuration properties are assumed to be defined: // @@ -66,6 +68,12 @@ describe('IamAccessGroupsV2', () => { let testGroupId; let testClaimRuleId; let testClaimRuleETag; + let testPolicyTemplateId = config.testPolicyTemplateId; + let testTemplateId; + let testTemplateEtag; + let testAccountGroupId = config.testAccountGroupId; + let testAssignmentId; + let testAssignmentEtag; test('createAccessGroup request example', async () => { @@ -96,6 +104,7 @@ describe('IamAccessGroupsV2', () => { // end-create_access_group }); + test('getAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -124,6 +133,7 @@ describe('IamAccessGroupsV2', () => { // end-get_access_group }); + test('updateAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -154,6 +164,7 @@ describe('IamAccessGroupsV2', () => { // end-update_access_group }); + test('listAccessGroups request example', async () => { consoleLogMock.mockImplementation((output) => { originalLog(output); @@ -186,6 +197,7 @@ describe('IamAccessGroupsV2', () => { // end-list_access_groups }); + test('addMembersToAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -227,6 +239,7 @@ describe('IamAccessGroupsV2', () => { // end-add_members_to_access_group }); + test('isMemberOfAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -253,6 +266,7 @@ describe('IamAccessGroupsV2', () => { // end-is_member_of_access_group }); + test('listAccessGroupMembers request example', async () => { consoleLogMock.mockImplementation((output) => { originalLog(output); @@ -285,6 +299,7 @@ describe('IamAccessGroupsV2', () => { // end-list_access_group_members }); + test('removeMemberFromAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -311,6 +326,7 @@ describe('IamAccessGroupsV2', () => { // end-remove_member_from_access_group }); + test('removeMembersFromAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -339,6 +355,7 @@ describe('IamAccessGroupsV2', () => { // end-remove_members_from_access_group }); + test('removeMembersFromAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -367,6 +384,7 @@ describe('IamAccessGroupsV2', () => { // end-remove_members_from_access_group }); + test('addMemberToMultipleAccessGroups request example', async () => { consoleLogMock.mockImplementation(output => { @@ -397,6 +415,7 @@ describe('IamAccessGroupsV2', () => { // end-add_member_to_multiple_access_groups }); + test('removeMemberFromAllAccessGroups request example', async () => { consoleLogMock.mockImplementation(output => { @@ -425,6 +444,7 @@ describe('IamAccessGroupsV2', () => { // end-remove_member_from_all_access_groups }); + test('addAccessGroupRule request example', async () => { consoleLogMock.mockImplementation(output => { @@ -463,6 +483,7 @@ describe('IamAccessGroupsV2', () => { // end-add_access_group_rule }); + test('getAccessGroupRule request example', async () => { consoleLogMock.mockImplementation(output => { @@ -492,6 +513,7 @@ describe('IamAccessGroupsV2', () => { // end-get_access_group_rule }); + test('replaceAccessGroupRule request example', async () => { consoleLogMock.mockImplementation(output => { @@ -531,6 +553,7 @@ describe('IamAccessGroupsV2', () => { // end-replace_access_group_rule }); + test('listAccessGroupRules request example', async () => { consoleLogMock.mockImplementation(output => { @@ -558,6 +581,7 @@ describe('IamAccessGroupsV2', () => { // end-list_access_group_rules }); + test('removeAccessGroupRule request example', async () => { consoleLogMock.mockImplementation(output => { @@ -584,6 +608,7 @@ describe('IamAccessGroupsV2', () => { // end-remove_access_group_rule }); + test('getAccountSettings request example', async () => { consoleLogMock.mockImplementation(output => { @@ -611,6 +636,7 @@ describe('IamAccessGroupsV2', () => { // end-get_account_settings }); + test('updateAccountSettings request example', async () => { consoleLogMock.mockImplementation(output => { @@ -639,6 +665,7 @@ describe('IamAccessGroupsV2', () => { // end-update_account_settings }); + test('deleteAccessGroup request example', async () => { consoleLogMock.mockImplementation(output => { @@ -664,4 +691,670 @@ describe('IamAccessGroupsV2', () => { // end-delete_access_group }); + + test('createTemplate request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('createTemplate() result:'); + // begin-create_template + + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // MembersInput + const membersInputModel = { + users: ['IBMid-50PJGPKYJJ', 'IBMid-665000T8WY'], + action_controls: membersActionControlsModel, + }; + + // ConditionInput + const conditionInputModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: '\"test-bluegroup-saml\"', + }; + + // RulesActionControls + const rulesActionControlsModel = { + remove: false, + update: false, + }; + + // RuleInput + const ruleInputModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionInputModel], + action_controls: rulesActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // AssertionsInput + const assertionsInputModel = { + rules: [ruleInputModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupInput + const accessGroupInputModel = { + name: 'IAM Admin Group', + description: 'This access group template allows admin access to all IAM platform services in the account.', + members: membersInputModel, + assertions: assertionsInputModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplatesInput + const policyTemplatesInputModel = { + id: testPolicyTemplateId, + version: '1', + }; + + const params = { + name: 'IAM Admin Group template', + accountId: testAccountId, + description: 'This access group template allows admin access to all IAM platform services in the account.', + group: accessGroupInputModel, + policyTemplateReferences: [policyTemplatesInputModel], + }; + + let res; + try { + res = await iamAccessGroupsService.createTemplate(params); + testTemplateId = res.result.id; + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-create_template + }); + + test('listTemplates request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('listTemplates() result:'); + // begin-list_templates + + const params = { + accountId: testAccountId, + transactionId: 'testString', + limit: 50, + }; + + const allResults = []; + try { + const pager = new IamAccessGroupsV2.TemplatesPager(iamAccessGroupsService, params); + while (pager.hasNext()) { + const nextPage = await pager.getNext(); + expect(nextPage).not.toBeNull(); + allResults.push(...nextPage); + } + console.log(JSON.stringify(allResults, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-list_templates + }); + + test('createTemplateVersion request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('createTemplateVersion() result:'); + // begin-create_template_version + + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // MembersInput + const membersInputModel = { + users: ['IBMid-50PJGPKYJJ', 'IBMid-665000T8WY'], + action_controls: membersActionControlsModel, + }; + + // ConditionInput + const conditionInputModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: '\"test-bluegroup-saml\"', + }; + + // RuleInput + const ruleInputModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionInputModel], + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + }; + + // AssertionsInput + const assertionsInputModel = { + rules: [ruleInputModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupInput + const accessGroupInputModel = { + name: 'IAM Admin Group 8', + description: 'This access group template allows admin access to all IAM platform services in the account.', + members: membersInputModel, + assertions: assertionsInputModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplatesInput + const policyTemplatesInputModel = { + id: testPolicyTemplateId, + version: '1', + }; + + const params = { + templateId: testTemplateId, + name: 'IAM Admin Group template 2', + description: 'This access group template allows admin access to all IAM platform services in the account.', + group: accessGroupInputModel, + policyTemplateReferences: [policyTemplatesInputModel], + }; + + let res; + try { + res = await iamAccessGroupsService.createTemplateVersion(params); + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-create_template_version + }); + + test('listTemplateVersions request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('listTemplateVersions() result:'); + // begin-list_template_versions + + const params = { + templateId: testTemplateId, + limit: 100, + }; + + const allResults = []; + try { + const pager = new IamAccessGroupsV2.TemplateVersionsPager(iamAccessGroupsService, params); + while (pager.hasNext()) { + const nextPage = await pager.getNext(); + expect(nextPage).not.toBeNull(); + allResults.push(...nextPage); + } + console.log(JSON.stringify(allResults, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-list_template_versions + }); + + test('getTemplateVersion request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('getTemplateVersion() result:'); + // begin-get_template_version + + const params = { + templateId: testTemplateId, + versionNum: '1', + }; + + let res; + try { + res = await iamAccessGroupsService.getTemplateVersion(params); + testTemplateEtag = res.headers['etag']; + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-get_template_version + }); + + test('updateTemplateVersion request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('updateTemplateVersion() result:'); + // begin-update_template_version + + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // MembersInput + const membersInputModel = { + users: ['IBMid-665000T8WY'], + action_controls: membersActionControlsModel, + }; + + // ConditionInput + const conditionInputModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: '\"test-bluegroup-saml\"', + }; + + // RulesActionControls + const rulesActionControlsModel = { + remove: false, + update: false, + }; + + // RuleInput + const ruleInputModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionInputModel], + action_controls: rulesActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + }; + + // AssertionsInput + const assertionsInputModel = { + rules: [ruleInputModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupInput + const accessGroupInputModel = { + name: 'IAM Admin Group 8', + description: 'This access group template allows admin access to all IAM platform services in the account.', + members: membersInputModel, + assertions: assertionsInputModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplatesInput + const policyTemplatesInputModel = { + id: testPolicyTemplateId, + version: '1', + }; + + const params = { + templateId: testTemplateId, + versionNum: '1', + ifMatch: testTemplateEtag, + name: 'IAM Admin Group template 2', + description: 'This access group template allows admin access to all IAM platform services in the account.', + group: accessGroupInputModel, + policyTemplateReferences: [policyTemplatesInputModel], + transactionId: '83adf5bd-de790caa3', + }; + + let res; + try { + res = await iamAccessGroupsService.updateTemplateVersion(params); + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-update_template_version + }); + + test('getLatestTemplateVersion request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('getLatestTemplateVersion() result:'); + // begin-get_latest_template_version + + const params = { + templateId: testTemplateId, + }; + + let res; + try { + res = await iamAccessGroupsService.getLatestTemplateVersion(params); + testTemplateEtag = res.headers['etag']; + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-get_latest_template_version + }); + + test('commitTemplate request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + // begin-commit_template + + const params = { + templateId: testTemplateId, + versionNum: '2', + ifMatch: testTemplateEtag, + }; + + try { + await iamAccessGroupsService.commitTemplate(params); + } catch (err) { + console.warn(err); + } + + // end-commit_template + }); + + test('createAssignment request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('createAssignment() result:'); + // begin-create_assignment + + const params = { + templateId: testTemplateId, + templateVersion: '2', + targetType: 'AccountGroup', + target: testAccountGroupId, + }; + + let res; + try { + res = await iamAccessGroupsService.createAssignment(params); + testAssignmentId = res.result.id; + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-create_assignment + await new Promise((r) => setTimeout(r, 60000)); + }, 70000); + + + test('listAssignments request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('listAssignments() result:'); + // begin-list_assignments + + const params = { + accountId: testAccountId, + }; + + let res; + try { + res = await iamAccessGroupsService.listAssignments(params); + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-list_assignments + }); + + test('getAssignment request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('getAssignment() result:'); + // begin-get_assignment + + const params = { + assignmentId: testAssignmentId, + }; + + let res; + try { + res = await iamAccessGroupsService.getAssignment(params); + testAssignmentEtag = res.headers['etag']; + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-get_assignment + }); + + test('updateAssignment request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + originalLog('updateAssignment() result:'); + await new Promise((r) => setTimeout(r, 60000)); + // begin-update_assignment + + const params = { + assignmentId: testAssignmentId, + ifMatch: testAssignmentEtag, + templateVersion: "2", + }; + + let res; + try { + res = await iamAccessGroupsService.updateAssignment(params); + console.log(JSON.stringify(res.result, null, 2)); + } catch (err) { + console.warn(err); + } + + // end-update_assignment + }, 70000); + + test('deleteAssignment request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + await new Promise((r) => setTimeout(r, 60000)); + // begin-delete_assignment + + const params = { + assignmentId: testAssignmentId, + }; + + try { + await iamAccessGroupsService.deleteAssignment(params); + } catch (err) { + console.warn(err); + } + + // end-delete_assignment + }, 70000); + + test('deleteTemplateVersion request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + + // begin-delete_template_version + + const params = { + templateId: testTemplateId, + versionNum: '1', + }; + + try { + await iamAccessGroupsService.deleteTemplateVersion(params); + } catch (err) { + console.warn(err); + } + + // end-delete_template_version + await new Promise((r) => setTimeout(r, 60000)); + }, 70000); + + test('deleteTemplate request example', async () => { + consoleLogMock.mockImplementation((output) => { + originalLog(output); + }); + consoleWarnMock.mockImplementation((output) => { + // if an error occurs, display the message and then fail the test + originalWarn(output); + expect(true).toBeFalsy(); + }); + await new Promise((r) => setTimeout(r, 60000)); + + // begin-delete_template + + const params = { + templateId: testTemplateId, + }; + + try { + await iamAccessGroupsService.deleteTemplate(params); + } catch (err) { + console.warn(err); + } + + // end-delete_template + }, 70000); }); diff --git a/iam-access-groups/v2.ts b/iam-access-groups/v2.ts index 0838c575..5abde900 100644 --- a/iam-access-groups/v2.ts +++ b/iam-access-groups/v2.ts @@ -1,5 +1,5 @@ /** - * (C) Copyright IBM Corp. 2022. + * (C) Copyright IBM Corp. 2023. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ */ /** - * IBM OpenAPI SDK Code Generator Version: 3.60.0-13f6e1ba-20221019-164457 + * IBM OpenAPI SDK Code Generator Version: 3.74.0-89f1dbab-20230630-160213 */ /* eslint-disable max-classes-per-file */ @@ -113,8 +113,8 @@ class IamAccessGroupsV2 extends BaseService { * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then * account_id must match the account of the Authorization token. - * @param {string} params.name - Assign the specified name to the access group. This field is case-insensitive and has - * a limit of 100 characters. The group name has to be unique within an account. + * @param {string} params.name - Give the access group a unique name that doesn't conflict with an existing access + * group in the account. This field is case-insensitive and has a limit of 100 characters. * @param {string} [params.description] - Assign an optional description for the access group. This field has a limit * of 250 characters. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be @@ -191,6 +191,10 @@ class IamAccessGroupsV2 extends BaseService { * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. * @param {string} [params.iamId] - Return groups for member ID (IBMid, service ID or trusted profile ID). + * @param {string} [params.search] - Use search to filter access groups list by id, name or description. + * * `search=id:` - To list access groups by id + * * `search=name:` - To list access groups by name + * * `search=description:` - To list access groups by description. * @param {string} [params.membershipType] - Membership type need to be specified along with iam_id and must be either * `static`, `dynamic` or `all`. If membership type is `static`, members explicitly added to the group will be shown. * If membership type is `dynamic`, members accessing the access group at the moment via dynamic rules will be shown. @@ -214,6 +218,7 @@ class IamAccessGroupsV2 extends BaseService { 'accountId', 'transactionId', 'iamId', + 'search', 'membershipType', 'limit', 'offset', @@ -230,6 +235,7 @@ class IamAccessGroupsV2 extends BaseService { const query = { 'account_id': _params.accountId, 'iam_id': _params.iamId, + 'search': _params.search, 'membership_type': _params.membershipType, 'limit': _params.limit, 'offset': _params.offset, @@ -342,8 +348,8 @@ class IamAccessGroupsV2 extends BaseService { * @param {string} params.accessGroupId - The access group identifier. * @param {string} params.ifMatch - The current revision number of the group being updated. This can be found in the * Create/Get access group response ETag header. - * @param {string} [params.name] - Assign the specified name to the access group. This field is case-insensitive and - * has a limit of 100 characters. The group name has to be unique within an account. + * @param {string} [params.name] - Give the access group a unique name that doesn't conflict with an existing access + * group in the account. This field is case-insensitive and has a limit of 100 characters. * @param {string} [params.description] - Assign an optional description for the access group. This field has a limit * of 250 characters. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be @@ -621,9 +627,9 @@ class IamAccessGroupsV2 extends BaseService { * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is * generated. - * @param {string} [params.membershipType] - Filters members by membership type. Membership type can be either - * `static`, `dynamic` or `all`. `static` lists those members explicitly added to the access group, `dynamic` lists - * those members part of access group via dynamic rules at the moment. `all` lists both static and dynamic members. + * @param {string} [params.membershipType] - Filters members by membership type. Filter by `static`, `dynamic` or + * `all`. `static` lists the members explicitly added to the access group, and `dynamic` lists the members that are + * part of the access group at that time via dynamic rules. `all` lists both static and dynamic members. * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. * @param {number} [params.offset] - The offset of the first result item to be returned. * @param {string} [params.type] - Filter the results by member type. @@ -981,10 +987,12 @@ class IamAccessGroupsV2 extends BaseService { * * @param {Object} params - The parameters to send to the service. * @param {string} params.accessGroupId - The access group identifier. - * @param {number} params.expiration - The number of hours that the rule lives for. - * @param {string} params.realmName - The url of the identity provider. - * @param {RuleConditions[]} params.conditions - A list of conditions the rule must satisfy. - * @param {string} [params.name] - The name of the rule. + * @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time + * period expires. Users must log back in to refresh their access group membership. + * @param {string} params.realmName - The URL of the identity provider (IdP). + * @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access + * group membership. + * @param {string} [params.name] - The name of the dynaimic rule. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is @@ -1181,10 +1189,12 @@ class IamAccessGroupsV2 extends BaseService { * @param {string} params.ruleId - The rule to get. * @param {string} params.ifMatch - The current revision number of the rule being updated. This can be found in the * Get Rule response ETag header. - * @param {number} params.expiration - The number of hours that the rule lives for. - * @param {string} params.realmName - The url of the identity provider. - * @param {RuleConditions[]} params.conditions - A list of conditions the rule must satisfy. - * @param {string} [params.name] - The name of the rule. + * @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time + * period expires. Users must log back in to refresh their access group membership. + * @param {string} params.realmName - The URL of the identity provider (IdP). + * @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access + * group membership. + * @param {string} [params.name] - The name of the dynaimic rule. * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be * useful for tracking calls through multiple services by using one identifier. The header key must be set to * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is @@ -1451,6 +1461,976 @@ class IamAccessGroupsV2 extends BaseService { }), }; + return this.createRequest(parameters); + } + /************************* + * templateOperations + ************************/ + + /** + * Create template. + * + * Create an access group template. Make sure that the template is generic enough to apply to multiple different child + * accounts. Before you can assign an access group template to child accounts, you must commit it so that no further + * changes can be made to the version. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.name - Give the access group template a unique name that doesn't conflict with an existing + * access group templates in the account. + * @param {string} params.accountId - Enterprise account id in which the template will be created. + * @param {string} [params.description] - Assign an optional description for the access group template. + * @param {AccessGroupRequest} [params.group] - Access Group Component. + * @param {PolicyTemplates[]} [params.policyTemplateReferences] - Existing policy templates that you can reference to + * assign access in the Access group input component. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public createTemplate( + params: IamAccessGroupsV2.CreateTemplateParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['name', 'accountId']; + const _validParams = [ + 'name', + 'accountId', + 'description', + 'group', + 'policyTemplateReferences', + 'transactionId', + 'headers', + ]; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const body = { + 'name': _params.name, + 'account_id': _params.accountId, + 'description': _params.description, + 'group': _params.group, + 'policy_template_references': _params.policyTemplateReferences, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'createTemplate' + ); + + const parameters = { + options: { + url: '/v1/group_templates', + method: 'POST', + body, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * List templates. + * + * List the access group templates in an enterprise account. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.accountId - Enterprise account ID. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. + * @param {number} [params.offset] - The offset of the first result item to be returned. + * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a + * concern, leave the `verbose` parameter off so that details are not retrieved. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public listTemplates( + params: IamAccessGroupsV2.ListTemplatesParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['accountId']; + const _validParams = ['accountId', 'transactionId', 'limit', 'offset', 'verbose', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const query = { + 'account_id': _params.accountId, + 'limit': _params.limit, + 'offset': _params.offset, + 'verbose': _params.verbose, + }; + + const sdkHeaders = getSdkHeaders(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'listTemplates'); + + const parameters = { + options: { + url: '/v1/group_templates', + method: 'GET', + qs: query, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Create template version. + * + * Create a new version of an access group template. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template that you want to create a new version of. + * @param {string} [params.name] - This is an optional field. If the field is included it will change the name value + * for all existing versions of the template.. + * @param {string} [params.description] - Assign an optional description for the access group template version. + * @param {AccessGroupRequest} [params.group] - Access Group Component. + * @param {PolicyTemplates[]} [params.policyTemplateReferences] - The policy templates associated with the template + * version. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public createTemplateVersion( + params: IamAccessGroupsV2.CreateTemplateVersionParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId']; + const _validParams = [ + 'templateId', + 'name', + 'description', + 'group', + 'policyTemplateReferences', + 'transactionId', + 'headers', + ]; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const body = { + 'name': _params.name, + 'description': _params.description, + 'group': _params.group, + 'policy_template_references': _params.policyTemplateReferences, + }; + + const path = { + 'template_id': _params.templateId, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'createTemplateVersion' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}/versions', + method: 'POST', + body, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * List template versions. + * + * List all the versions of an access group template. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template that you want to list all versions of. + * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. + * @param {number} [params.offset] - The offset of the first result item to be returned. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public listTemplateVersions( + params: IamAccessGroupsV2.ListTemplateVersionsParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId']; + const _validParams = ['templateId', 'limit', 'offset', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const query = { + 'limit': _params.limit, + 'offset': _params.offset, + }; + + const path = { + 'template_id': _params.templateId, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'listTemplateVersions' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}/versions', + method: 'GET', + qs: query, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Get template version. + * + * Get a specific version of a template. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template to get a specific version of. + * @param {string} params.versionNum - Version number. + * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a + * concern, leave the `verbose` parameter off so that details are not retrieved. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public getTemplateVersion( + params: IamAccessGroupsV2.GetTemplateVersionParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId', 'versionNum']; + const _validParams = ['templateId', 'versionNum', 'verbose', 'transactionId', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const query = { + 'verbose': _params.verbose, + }; + + const path = { + 'template_id': _params.templateId, + 'version_num': _params.versionNum, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'getTemplateVersion' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}/versions/{version_num}', + method: 'GET', + qs: query, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Update template version. + * + * Update a template version. You can only update a version that isn't committed. Create a new version if you need to + * update a committed version. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template. + * @param {string} params.versionNum - Version number of the template. + * @param {string} params.ifMatch - ETag value of the template version document. + * @param {string} [params.name] - This is an optional field. If the field is included it will change the name value + * for all existing versions of the template.. + * @param {string} [params.description] - Assign an optional description for the access group template version. + * @param {AccessGroupRequest} [params.group] - Access Group Component. + * @param {PolicyTemplates[]} [params.policyTemplateReferences] - The policy templates associated with the template + * version. + * @param {string} [params.transactionId] - transaction id in header. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public updateTemplateVersion( + params: IamAccessGroupsV2.UpdateTemplateVersionParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId', 'versionNum', 'ifMatch']; + const _validParams = [ + 'templateId', + 'versionNum', + 'ifMatch', + 'name', + 'description', + 'group', + 'policyTemplateReferences', + 'transactionId', + 'headers', + ]; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const body = { + 'name': _params.name, + 'description': _params.description, + 'group': _params.group, + 'policy_template_references': _params.policyTemplateReferences, + }; + + const path = { + 'template_id': _params.templateId, + 'version_num': _params.versionNum, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'updateTemplateVersion' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}/versions/{version_num}', + method: 'PUT', + body, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'If-Match': _params.ifMatch, + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Delete template version. + * + * Delete a template version. You must remove all assignments for a template version before you can delete it. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template to delete. + * @param {string} params.versionNum - version number in path. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public deleteTemplateVersion( + params: IamAccessGroupsV2.DeleteTemplateVersionParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId', 'versionNum']; + const _validParams = ['templateId', 'versionNum', 'transactionId', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const path = { + 'template_id': _params.templateId, + 'version_num': _params.versionNum, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'deleteTemplateVersion' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}/versions/{version_num}', + method: 'DELETE', + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Commit a template. + * + * Commit a template version. You must do this before you can assign a template version to child accounts. After you + * commit the template version, you can't make any further changes. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template to commit. + * @param {string} params.versionNum - version number in path. + * @param {string} params.ifMatch - ETag value of the template version document. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public commitTemplate( + params: IamAccessGroupsV2.CommitTemplateParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId', 'versionNum', 'ifMatch']; + const _validParams = ['templateId', 'versionNum', 'ifMatch', 'transactionId', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const path = { + 'template_id': _params.templateId, + 'version_num': _params.versionNum, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'commitTemplate' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}/versions/{version_num}/commit', + method: 'POST', + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'If-Match': _params.ifMatch, + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Get latest template version. + * + * Get the latest version of a template. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - ID of the template to get a specific version of. + * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a + * concern, leave the `verbose` parameter off so that details are not retrieved. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public getLatestTemplateVersion( + params: IamAccessGroupsV2.GetLatestTemplateVersionParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId']; + const _validParams = ['templateId', 'verbose', 'transactionId', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const query = { + 'verbose': _params.verbose, + }; + + const path = { + 'template_id': _params.templateId, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'getLatestTemplateVersion' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}', + method: 'GET', + qs: query, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Delete template. + * + * Endpoint to delete a template. All access assigned by that template is deleted from all of the accounts where the + * template was assigned. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - template id parameter. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public deleteTemplate( + params: IamAccessGroupsV2.DeleteTemplateParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId']; + const _validParams = ['templateId', 'transactionId', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const path = { + 'template_id': _params.templateId, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'deleteTemplate' + ); + + const parameters = { + options: { + url: '/v1/group_templates/{template_id}', + method: 'DELETE', + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + /************************* + * templateAssignmentOperations + ************************/ + + /** + * Create assignment. + * + * Assign a template version to accounts that have enabled enterprise-managed IAM. You can specify individual + * accounts, or an entire account group to assign the template to all current and future child accounts of that + * account group. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.templateId - The unique identifier of the template to be assigned. + * @param {string} params.templateVersion - The version number of the template to be assigned. + * @param {string} params.targetType - The type of the entity to which the template should be assigned, e.g. + * 'Account', 'AccountGroup', etc. + * @param {string} params.target - The unique identifier of the entity to which the template should be assigned. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public createAssignment( + params: IamAccessGroupsV2.CreateAssignmentParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['templateId', 'templateVersion', 'targetType', 'target']; + const _validParams = [ + 'templateId', + 'templateVersion', + 'targetType', + 'target', + 'transactionId', + 'headers', + ]; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const body = { + 'template_id': _params.templateId, + 'template_version': _params.templateVersion, + 'target_type': _params.targetType, + 'target': _params.target, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'createAssignment' + ); + + const parameters = { + options: { + url: '/v1/group_assignments', + method: 'POST', + body, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * List assignments. + * + * List template assignments from an enterprise account. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.accountId - Enterprise account ID. + * @param {string} [params.templateId] - Filter results by Template Id. + * @param {string} [params.templateVersion] - Filter results by Template Version. + * @param {string} [params.target] - Filter results by the assignment target. + * @param {string} [params.status] - Filter results by the assignment status. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100. + * @param {number} [params.offset] - The offset of the first result item to be returned. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public listAssignments( + params: IamAccessGroupsV2.ListAssignmentsParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['accountId']; + const _validParams = [ + 'accountId', + 'templateId', + 'templateVersion', + 'target', + 'status', + 'transactionId', + 'limit', + 'offset', + 'headers', + ]; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const query = { + 'account_id': _params.accountId, + 'template_id': _params.templateId, + 'template_version': _params.templateVersion, + 'target': _params.target, + 'status': _params.status, + 'limit': _params.limit, + 'offset': _params.offset, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'listAssignments' + ); + + const parameters = { + options: { + url: '/v1/group_assignments', + method: 'GET', + qs: query, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Get assignment. + * + * Get a specific template assignment. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.assignmentId - Assignment ID. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {boolean} [params.verbose] - Returns resources access group template assigned, possible values `true` or + * `false`. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public getAssignment( + params: IamAccessGroupsV2.GetAssignmentParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['assignmentId']; + const _validParams = ['assignmentId', 'transactionId', 'verbose', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const query = { + 'verbose': _params.verbose, + }; + + const path = { + 'assignment_id': _params.assignmentId, + }; + + const sdkHeaders = getSdkHeaders(IamAccessGroupsV2.DEFAULT_SERVICE_NAME, 'v2', 'getAssignment'); + + const parameters = { + options: { + url: '/v1/group_assignments/{assignment_id}', + method: 'GET', + qs: query, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Update Assignment. + * + * Endpoint to update template assignment. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.assignmentId - ID of the Assignment Record. + * @param {string} params.ifMatch - Version of the Assignment to be updated. Specify the version that you retrieved + * when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update + * any version available. This might result in stale updates. + * @param {string} params.templateVersion - Template version which shall be applied to the assignment. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public updateAssignment( + params: IamAccessGroupsV2.UpdateAssignmentParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['assignmentId', 'ifMatch', 'templateVersion']; + const _validParams = ['assignmentId', 'ifMatch', 'templateVersion', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const body = { + 'template_version': _params.templateVersion, + }; + + const path = { + 'assignment_id': _params.assignmentId, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'updateAssignment' + ); + + const parameters = { + options: { + url: '/v1/group_assignments/{assignment_id}', + method: 'PATCH', + body, + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Accept': 'application/json', + 'Content-Type': 'application/json', + 'If-Match': _params.ifMatch, + }, + _params.headers + ), + }), + }; + + return this.createRequest(parameters); + } + + /** + * Delete assignment. + * + * Delete an access group template assignment. + * + * @param {Object} params - The parameters to send to the service. + * @param {string} params.assignmentId - assignment id path parameter. + * @param {string} [params.transactionId] - An optional transaction id for the request. + * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers + * @returns {Promise>} + */ + public deleteAssignment( + params: IamAccessGroupsV2.DeleteAssignmentParams + ): Promise> { + const _params = { ...params }; + const _requiredParams = ['assignmentId']; + const _validParams = ['assignmentId', 'transactionId', 'headers']; + const _validationErrors = validateParams(_params, _requiredParams, _validParams); + if (_validationErrors) { + return Promise.reject(_validationErrors); + } + + const path = { + 'assignment_id': _params.assignmentId, + }; + + const sdkHeaders = getSdkHeaders( + IamAccessGroupsV2.DEFAULT_SERVICE_NAME, + 'v2', + 'deleteAssignment' + ); + + const parameters = { + options: { + url: '/v1/group_assignments/{assignment_id}', + method: 'DELETE', + path, + }, + defaultOptions: extend(true, {}, this.baseOptions, { + headers: extend( + true, + sdkHeaders, + { + 'Transaction-Id': _params.transactionId, + }, + _params.headers + ), + }), + }; + return this.createRequest(parameters); } } @@ -1490,8 +2470,8 @@ namespace IamAccessGroupsV2 { * account of the Authorization token. */ accountId: string; - /** Assign the specified name to the access group. This field is case-insensitive and has a limit of 100 - * characters. The group name has to be unique within an account. + /** Give the access group a unique name that doesn't conflict with an existing access group in the account. This + * field is case-insensitive and has a limit of 100 characters. */ name: string; /** Assign an optional description for the access group. This field has a limit of 250 characters. */ @@ -1518,6 +2498,12 @@ namespace IamAccessGroupsV2 { transactionId?: string; /** Return groups for member ID (IBMid, service ID or trusted profile ID). */ iamId?: string; + /** Use search to filter access groups list by id, name or description. + * * `search=id:` - To list access groups by id + * * `search=name:` - To list access groups by name + * * `search=description:` - To list access groups by description. + */ + search?: string; /** Membership type need to be specified along with iam_id and must be either `static`, `dynamic` or `all`. If * membership type is `static`, members explicitly added to the group will be shown. If membership type is * `dynamic`, members accessing the access group at the moment via dynamic rules will be shown. If membership type @@ -1563,8 +2549,8 @@ namespace IamAccessGroupsV2 { * response ETag header. */ ifMatch: string; - /** Assign the specified name to the access group. This field is case-insensitive and has a limit of 100 - * characters. The group name has to be unique within an account. + /** Give the access group a unique name that doesn't conflict with an existing access group in the account. This + * field is case-insensitive and has a limit of 100 characters. */ name?: string; /** Assign an optional description for the access group. This field has a limit of 250 characters. */ @@ -1628,9 +2614,9 @@ namespace IamAccessGroupsV2 { * anything that you choose. If no transaction ID is passed in, then a random ID is generated. */ transactionId?: string; - /** Filters members by membership type. Membership type can be either `static`, `dynamic` or `all`. `static` - * lists those members explicitly added to the access group, `dynamic` lists those members part of access group via - * dynamic rules at the moment. `all` lists both static and dynamic members. + /** Filters members by membership type. Filter by `static`, `dynamic` or `all`. `static` lists the members + * explicitly added to the access group, and `dynamic` lists the members that are part of the access group at that + * time via dynamic rules. `all` lists both static and dynamic members. */ membershipType?: string; /** Return up to this limit of results where limit is between 0 and 100. */ @@ -1716,13 +2702,15 @@ namespace IamAccessGroupsV2 { export interface AddAccessGroupRuleParams { /** The access group identifier. */ accessGroupId: string; - /** The number of hours that the rule lives for. */ + /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log + * back in to refresh their access group membership. + */ expiration: number; - /** The url of the identity provider. */ + /** The URL of the identity provider (IdP). */ realmName: string; - /** A list of conditions the rule must satisfy. */ + /** A list of conditions that identities must satisfy to gain access group membership. */ conditions: RuleConditions[]; - /** The name of the rule. */ + /** The name of the dynaimic rule. */ name?: string; /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through * multiple services by using one identifier. The header key must be set to Transaction-Id and the value is @@ -1768,13 +2756,15 @@ namespace IamAccessGroupsV2 { * header. */ ifMatch: string; - /** The number of hours that the rule lives for. */ + /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log + * back in to refresh their access group membership. + */ expiration: number; - /** The url of the identity provider. */ + /** The URL of the identity provider (IdP). */ realmName: string; - /** A list of conditions the rule must satisfy. */ + /** A list of conditions that identities must satisfy to gain access group membership. */ conditions: RuleConditions[]; - /** The name of the rule. */ + /** The name of the dynaimic rule. */ name?: string; /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through * multiple services by using one identifier. The header key must be set to Transaction-Id and the value is @@ -1813,21 +2803,261 @@ namespace IamAccessGroupsV2 { headers?: OutgoingHttpHeaders; } - /** Parameters for the `updateAccountSettings` operation. */ - export interface UpdateAccountSettingsParams { - /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must - * match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the - * account of the Authorization token. - */ - accountId: string; - /** This flag controls the public access feature within the account. It is set to true by default. Note: When - * this flag is set to false, all policies within the account attached to the Public Access group will be deleted. - */ - publicAccessEnabled?: boolean; - /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through - * multiple services by using one identifier. The header key must be set to Transaction-Id and the value is - * anything that you choose. If no transaction ID is passed in, then a random ID is generated. + /** Parameters for the `updateAccountSettings` operation. */ + export interface UpdateAccountSettingsParams { + /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must + * match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the + * account of the Authorization token. + */ + accountId: string; + /** This flag controls the public access feature within the account. It is set to true by default. Note: When + * this flag is set to false, all policies within the account attached to the Public Access group will be deleted. + */ + publicAccessEnabled?: boolean; + /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through + * multiple services by using one identifier. The header key must be set to Transaction-Id and the value is + * anything that you choose. If no transaction ID is passed in, then a random ID is generated. + */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `createTemplate` operation. */ + export interface CreateTemplateParams { + /** Give the access group template a unique name that doesn't conflict with an existing access group templates + * in the account. + */ + name: string; + /** Enterprise account id in which the template will be created. */ + accountId: string; + /** Assign an optional description for the access group template. */ + description?: string; + /** Access Group Component. */ + group?: AccessGroupRequest; + /** Existing policy templates that you can reference to assign access in the Access group input component. */ + policyTemplateReferences?: PolicyTemplates[]; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `listTemplates` operation. */ + export interface ListTemplatesParams { + /** Enterprise account ID. */ + accountId: string; + /** An optional transaction id for the request. */ + transactionId?: string; + /** Return up to this limit of results where limit is between 0 and 100. */ + limit?: number; + /** The offset of the first result item to be returned. */ + offset?: number; + /** If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose` + * parameter off so that details are not retrieved. + */ + verbose?: boolean; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `createTemplateVersion` operation. */ + export interface CreateTemplateVersionParams { + /** ID of the template that you want to create a new version of. */ + templateId: string; + /** This is an optional field. If the field is included it will change the name value for all existing versions + * of the template.. + */ + name?: string; + /** Assign an optional description for the access group template version. */ + description?: string; + /** Access Group Component. */ + group?: AccessGroupRequest; + /** The policy templates associated with the template version. */ + policyTemplateReferences?: PolicyTemplates[]; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `listTemplateVersions` operation. */ + export interface ListTemplateVersionsParams { + /** ID of the template that you want to list all versions of. */ + templateId: string; + /** Return up to this limit of results where limit is between 0 and 100. */ + limit?: number; + /** The offset of the first result item to be returned. */ + offset?: number; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `getTemplateVersion` operation. */ + export interface GetTemplateVersionParams { + /** ID of the template to get a specific version of. */ + templateId: string; + /** Version number. */ + versionNum: string; + /** If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose` + * parameter off so that details are not retrieved. + */ + verbose?: boolean; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `updateTemplateVersion` operation. */ + export interface UpdateTemplateVersionParams { + /** ID of the template. */ + templateId: string; + /** Version number of the template. */ + versionNum: string; + /** ETag value of the template version document. */ + ifMatch: string; + /** This is an optional field. If the field is included it will change the name value for all existing versions + * of the template.. + */ + name?: string; + /** Assign an optional description for the access group template version. */ + description?: string; + /** Access Group Component. */ + group?: AccessGroupRequest; + /** The policy templates associated with the template version. */ + policyTemplateReferences?: PolicyTemplates[]; + /** transaction id in header. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `deleteTemplateVersion` operation. */ + export interface DeleteTemplateVersionParams { + /** ID of the template to delete. */ + templateId: string; + /** version number in path. */ + versionNum: string; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `commitTemplate` operation. */ + export interface CommitTemplateParams { + /** ID of the template to commit. */ + templateId: string; + /** version number in path. */ + versionNum: string; + /** ETag value of the template version document. */ + ifMatch: string; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `getLatestTemplateVersion` operation. */ + export interface GetLatestTemplateVersionParams { + /** ID of the template to get a specific version of. */ + templateId: string; + /** If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose` + * parameter off so that details are not retrieved. + */ + verbose?: boolean; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `deleteTemplate` operation. */ + export interface DeleteTemplateParams { + /** template id parameter. */ + templateId: string; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `createAssignment` operation. */ + export interface CreateAssignmentParams { + /** The unique identifier of the template to be assigned. */ + templateId: string; + /** The version number of the template to be assigned. */ + templateVersion: string; + /** The type of the entity to which the template should be assigned, e.g. 'Account', 'AccountGroup', etc. */ + targetType: CreateAssignmentConstants.TargetType | string; + /** The unique identifier of the entity to which the template should be assigned. */ + target: string; + /** An optional transaction id for the request. */ + transactionId?: string; + headers?: OutgoingHttpHeaders; + } + + /** Constants for the `createAssignment` operation. */ + export namespace CreateAssignmentConstants { + /** The type of the entity to which the template should be assigned, e.g. 'Account', 'AccountGroup', etc. */ + export enum TargetType { + ACCOUNT = 'Account', + ACCOUNTGROUP = 'AccountGroup', + } + } + + /** Parameters for the `listAssignments` operation. */ + export interface ListAssignmentsParams { + /** Enterprise account ID. */ + accountId: string; + /** Filter results by Template Id. */ + templateId?: string; + /** Filter results by Template Version. */ + templateVersion?: string; + /** Filter results by the assignment target. */ + target?: string; + /** Filter results by the assignment status. */ + status?: ListAssignmentsConstants.Status | string; + /** An optional transaction id for the request. */ + transactionId?: string; + /** Return up to this limit of results where limit is between 0 and 100. */ + limit?: number; + /** The offset of the first result item to be returned. */ + offset?: number; + headers?: OutgoingHttpHeaders; + } + + /** Constants for the `listAssignments` operation. */ + export namespace ListAssignmentsConstants { + /** Filter results by the assignment status. */ + export enum Status { + ACCEPTED = 'accepted', + IN_PROGRESS = 'in_progress', + SUCCEEDED = 'succeeded', + FAILED = 'failed', + } + } + + /** Parameters for the `getAssignment` operation. */ + export interface GetAssignmentParams { + /** Assignment ID. */ + assignmentId: string; + /** An optional transaction id for the request. */ + transactionId?: string; + /** Returns resources access group template assigned, possible values `true` or `false`. */ + verbose?: boolean; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `updateAssignment` operation. */ + export interface UpdateAssignmentParams { + /** ID of the Assignment Record. */ + assignmentId: string; + /** Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment. + * This value helps identifying parallel usage of this API. Pass * to indicate to update any version available. + * This might result in stale updates. */ + ifMatch: string; + /** Template version which shall be applied to the assignment. */ + templateVersion: string; + headers?: OutgoingHttpHeaders; + } + + /** Parameters for the `deleteAssignment` operation. */ + export interface DeleteAssignmentParams { + /** assignment id path parameter. */ + assignmentId: string; + /** An optional transaction id for the request. */ transactionId?: string; headers?: OutgoingHttpHeaders; } @@ -1836,6 +3066,50 @@ namespace IamAccessGroupsV2 { * model interfaces ************************/ + /** Control whether or not access group administrators in child accounts can add access policies to the enterprise-managed access group in their account. */ + export interface AccessActionControls { + /** Action control for adding access policies to an enterprise-managed access group in a child account. If an + * access group administrator in a child account adds a policy, they can always update or remove it. + */ + add?: boolean; + } + + /** Access Group Component. */ + export interface AccessGroupRequest { + /** Give the access group a unique name that doesn't conflict with other templates access group name in the + * given account. This is shown in child accounts. + */ + name: string; + /** Access group description. This is shown in child accounts. */ + description?: string; + /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be + * invited to the child accounts where the template is assigned. + */ + members?: Members; + /** Assertions Input Component. */ + assertions?: Assertions; + /** Access group action controls component. */ + action_controls?: GroupActionControls; + } + + /** Access Group Component. */ + export interface AccessGroupResponse { + /** Give the access group a unique name that doesn't conflict with other templates access group name in the + * given account. This is shown in child accounts. + */ + name: string; + /** Access group description. This is shown in child accounts. */ + description?: string; + /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be + * invited to the child accounts where the template is assigned. + */ + members?: Members; + /** Assertions Input Component. */ + assertions?: Assertions; + /** Access group action controls component. */ + action_controls?: GroupActionControls; + } + /** The access groups settings for a specific account. */ export interface AccountSettings { /** The account id of the settings being shown. */ @@ -1870,7 +3144,7 @@ namespace IamAccessGroupsV2 { iam_id?: string; /** The member type - either `user`, `service` or `profile`. */ type?: string; - /** The timestamp the membership was created at. */ + /** The timestamp of when the membership was created. */ created_at?: string; /** The `iam_id` of the entity that created the membership. */ created_by_id?: string; @@ -1902,6 +3176,85 @@ namespace IamAccessGroupsV2 { errors?: Error[]; } + /** Assertions Input Component. */ + export interface Assertions { + /** Dynamic rules to automatically add federated users to access groups based on specific identity attributes. */ + rules?: AssertionsRule[]; + /** Control whether or not access group administrators in child accounts can add, remove, and update dynamic + * rules for the enterprise-managed access group in their account. The inner level RuleActionControls override + * these `remove` and `update` action controls. + */ + action_controls?: AssertionsActionControls; + } + + /** Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove` and `update` action controls. */ + export interface AssertionsActionControls { + /** Action control for adding dynamic rules to an enterprise-managed access group. If an access group + * administrator in a child account adds a dynamic rule, they can always update or remove it. + */ + add?: boolean; + /** Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. */ + remove?: boolean; + /** Action control for updating enterprise-managed dynamic rules in an enterprise-managed access group. */ + update?: boolean; + } + + /** Rule Input component. */ + export interface AssertionsRule { + /** Dynamic rule name. */ + name?: string; + /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log + * back in to refresh their access group membership. + */ + expiration?: number; + /** The identity provider (IdP) URL. */ + realm_name?: string; + /** Conditions of membership. You can think of this as a key:value pair. */ + conditions?: Conditions[]; + /** Control whether or not access group administrators in child accounts can update and remove this dynamic rule + * in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. + */ + action_controls?: RuleActionControls; + } + + /** Assignment Resource Access Group. */ + export interface AssignmentResourceAccessGroup { + /** Assignment resource entry. */ + group: AssignmentResourceEntry; + /** List of member resources of the group. */ + members: AssignmentResourceEntry[]; + /** List of rules associated with the group. */ + rules: AssignmentResourceEntry[]; + } + + /** Assignment resource entry. */ + export interface AssignmentResourceEntry { + /** Assignment Resource Entry Id. */ + id: string; + /** Optional name of the resource. */ + name?: string; + /** Optional version of the resource. */ + version?: string; + /** Resource in assignment resource entry. */ + resource: string; + /** Error in assignment resource entry. */ + error: string; + /** Optional operation on the resource. */ + operation?: string; + /** Status of assignment resource entry. */ + status: string; + } + + /** Condition Input component. */ + export interface Conditions { + /** The key in the key:value pair. */ + claim?: string; + /** Compares the claim and the value. */ + operator?: string; + /** The value in the key:value pair. */ + value?: string; + } + /** The response from the delete member from access groups request. */ export interface DeleteFromAllGroupsResponse { /** The `iam_id` of the member to removed from groups. */ @@ -1960,11 +3313,11 @@ namespace IamAccessGroupsV2 { description?: string; /** The account id where the group was created. */ account_id?: string; - /** The timestamp the group was created at. */ + /** The timestamp of when the group was created. */ created_at?: string; /** The `iam_id` of the entity that created the group. */ created_by_id?: string; - /** The timestamp the group was last edited at. */ + /** The timestamp of when the group was last edited. */ last_modified_at?: string; /** The `iam_id` of the entity that last modified the group name or description. */ last_modified_by_id?: string; @@ -1974,6 +3327,14 @@ namespace IamAccessGroupsV2 { is_federated?: boolean; } + /** Access group action controls component. */ + export interface GroupActionControls { + /** Control whether or not access group administrators in child accounts can add access policies to the + * enterprise-managed access group in their account. + */ + access?: AccessActionControls; + } + /** The members of a group. */ export interface GroupMembersList { /** Limit on how many items can be returned. */ @@ -1994,6 +3355,36 @@ namespace IamAccessGroupsV2 { members?: ListGroupMembersResponseMember[]; } + /** Response output for template. */ + export interface GroupTemplate { + /** The ID of the access group template. */ + id: string; + /** The name of the access group template. */ + name: string; + /** The description of the access group template. */ + description: string; + /** The version of the access group template. */ + version: string; + /** A boolean indicating whether the access group template is committed. You must commit a template before you + * can assign it to child accounts. + */ + committed: boolean; + /** Access Group Component. */ + group: AccessGroupResponse; + /** References to policy templates assigned to the access group template. */ + policy_template_references: PolicyTemplates[]; + /** The URL of the access group template resource. */ + href: string; + /** The date and time when the access group template was created. */ + created_at: string; + /** The ID of the user who created the access group template. */ + created_by_id: string; + /** The date and time when the access group template was last modified. */ + last_modified_at: string; + /** The ID of the user who last modified the access group template. */ + last_modified_by_id: string; + } + /** The list of access groups returned as part of a response. */ export interface GroupsList { /** Limit on how many items can be returned. */ @@ -2042,33 +3433,169 @@ namespace IamAccessGroupsV2 { created_by_id?: string; } - /** A rule of an access group. */ + /** Response object containing a list of template assignments. */ + export interface ListTemplateAssignmentResponse { + /** Maximum number of items returned in the response. */ + limit: number; + /** Index of the first item returned in the response. */ + offset: number; + /** Total number of items matching the query. */ + total_count: number; + /** A link object. */ + first: HrefStruct; + /** A link object. */ + last: HrefStruct; + /** List of template assignments. */ + assignments: TemplateAssignmentResponse[]; + } + + /** Response object for a single access group template version. */ + export interface ListTemplateVersionResponse { + /** The name of the template. */ + name: string; + /** The description of the template. */ + description: string; + /** The ID of the account associated with the template. */ + account_id: string; + /** The version number of the template. */ + version: string; + /** A boolean indicating whether the template is committed or not. */ + committed: boolean; + /** Access Group Component. */ + group: AccessGroupResponse; + /** A list of policy templates associated with the template. */ + policy_template_references: PolicyTemplates[]; + /** The URL to the template resource. */ + href: string; + /** The date and time the template was created. */ + created_at: string; + /** The ID of the user who created the template. */ + created_by_id: string; + /** The date and time the template was last modified. */ + last_modified_at: string; + /** The ID of the user who last modified the template. */ + last_modified_by_id: string; + } + + /** Response object for listing template versions. */ + export interface ListTemplateVersionsResponse { + /** The maximum number of IAM resources to return. */ + limit: number; + /** The offset of the first IAM resource in the list. */ + offset: number; + /** The total number of IAM resources in the list. */ + total_count: number; + /** A link object. */ + first: HrefStruct; + /** A link object. */ + previous?: HrefStruct; + /** A link object. */ + next?: HrefStruct; + /** A link object. */ + last: HrefStruct; + /** A list of access group template versions. */ + group_template_versions: ListTemplateVersionResponse[]; + } + + /** Response object for listing templates. */ + export interface ListTemplatesResponse { + /** The maximum number of IAM resources to return. */ + limit: number; + /** The offset of the first IAM resource in the list. */ + offset: number; + /** The total number of IAM resources in the list. */ + total_count: number; + /** A link object. */ + first: HrefStruct; + /** A link object. */ + previous?: HrefStruct; + /** A link object. */ + next?: HrefStruct; + /** A link object. */ + last: HrefStruct; + /** A list of access group templates. */ + group_templates: GroupTemplate[]; + } + + /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited to the child accounts where the template is assigned. */ + export interface Members { + /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be + * invited to the child accounts where the template is assigned. + */ + users?: string[]; + /** Array of service IDs to add to the template. */ + services?: string[]; + /** Control whether or not access group administrators in child accounts can add and remove members from the + * enterprise-managed access group in their account. + */ + action_controls?: MembersActionControls; + } + + /** Control whether or not access group administrators in child accounts can add and remove members from the enterprise-managed access group in their account. */ + export interface MembersActionControls { + /** Action control for adding child account members to an enterprise-managed access group. If an access group + * administrator in a child account adds a member, they can always remove them. + */ + add?: boolean; + /** Action control for removing enterprise-managed members from an enterprise-managed access group. */ + remove?: boolean; + } + + /** Policy Templates Input component. */ + export interface PolicyTemplates { + /** Policy template ID. */ + id?: string; + /** Policy template version. */ + version?: string; + } + + /** Object containing details of a resource list with target account ID. */ + export interface ResourceListWithTargetAccountID { + /** The ID of the entity that the resource list applies to. */ + target?: string; + /** Assignment Resource Access Group. */ + group?: AssignmentResourceAccessGroup; + /** List of policy template references for the resource list. */ + policy_template_references?: AssignmentResourceEntry[]; + } + + /** A dynamic rule of an access group. */ export interface Rule { /** The rule id. */ id?: string; /** The name of the rule. */ name?: string; - /** The number of hours that the rule lives for (Must be between 1 and 24). */ + /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log + * back in to refresh their access group membership. Must be between 1 and 24. + */ expiration?: number; - /** The url of the identity provider. */ + /** The URL of the identity provider. */ realm_name?: string; - /** The group id that the rule is assigned to. */ + /** The group id that the dynamic rule is assigned to. */ access_group_id?: string; /** The account id that the group is in. */ account_id?: string; - /** A list of conditions the rule must satisfy. */ + /** A list of conditions that identities must satisfy to gain access group membership. */ conditions?: RuleConditions[]; - /** The timestamp the rule was created at. */ + /** The timestamp for when the rule was created. */ created_at?: string; - /** The `iam_id` of the entity that created the rule. */ + /** The `iam_id` of the entity that created the dynamic rule. */ created_by_id?: string; - /** The timestamp the rule was last edited at. */ + /** The timestamp for when the dynamic rule was last edited. */ last_modified_at?: string; /** The IAM id that last modified the rule. */ last_modified_by_id?: string; } - /** The conditions of a rule. */ + /** Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls. */ + export interface RuleActionControls { + /** Action control for removing this enterprise-managed dynamic rule. */ + remove?: boolean; + /** Action control for updating this enterprise-managed dynamic rule. */ + update?: boolean; + } + + /** The conditions of a dynamic rule. */ export interface RuleConditions { /** The claim to evaluate against. This will be found in the `ext` claims of a user's login request. */ claim: string; @@ -2078,12 +3605,138 @@ namespace IamAccessGroupsV2 { value: string; } - /** A list of rules attached to the access group. */ + /** A list of dynamic rules attached to the access group. */ export interface RulesList { - /** A list of rules. */ + /** A list of dynamic rules. */ rules?: Rule[]; } + /** Response object containing the details of a template assignment. */ + export interface TemplateAssignmentResponse { + /** The ID of the assignment. */ + id: string; + /** The ID of the account that the assignment belongs to. */ + account_id: string; + /** The ID of the template that the assignment is based on. */ + template_id: string; + /** The version of the template that the assignment is based on. */ + template_version: string; + /** The type of the entity that the assignment applies to. */ + target_type: string; + /** The ID of the entity that the assignment applies to. */ + target: string; + /** The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). */ + operation: string; + /** The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). */ + status: string; + /** The URL of the assignment resource. */ + href: string; + /** The date and time when the assignment was created. */ + created_at: string; + /** The user or system that created the assignment. */ + created_by_id: string; + /** The date and time when the assignment was last updated. */ + last_modified_at: string; + /** The user or system that last updated the assignment. */ + last_modified_by_id: string; + } + + /** Response object containing the details of a template assignment. */ + export interface TemplateAssignmentVerboseResponse { + /** The ID of the assignment. */ + id: string; + /** The ID of the account that the assignment belongs to. */ + account_id: string; + /** The ID of the template that the assignment is based on. */ + template_id: string; + /** The version of the template that the assignment is based on. */ + template_version: string; + /** The type of the entity that the assignment applies to. */ + target_type: string; + /** The ID of the entity that the assignment applies to. */ + target: string; + /** The operation that the assignment applies to (e.g. 'create', 'update', 'delete'). */ + operation: string; + /** The status of the assignment (e.g. 'pending', 'success', 'failure'). */ + status: string; + /** List of resources for the assignment. */ + resources?: ResourceListWithTargetAccountID[]; + /** The URL of the assignment resource. */ + href: string; + /** The date and time when the assignment was created. */ + created_at: string; + /** The user or system that created the assignment. */ + created_by_id: string; + /** The date and time when the assignment was last updated. */ + last_modified_at: string; + /** The user or system that last updated the assignment. */ + last_modified_by_id: string; + } + + /** Response output for template. */ + export interface TemplateResponse { + /** The ID of the access group template. */ + id: string; + /** The name of the access group template. */ + name: string; + /** The description of the access group template. */ + description: string; + /** The ID of the account to which the access group template is assigned. */ + account_id: string; + /** The version of the access group template. */ + version: string; + /** A boolean indicating whether the access group template is committed. You must commit a template before you + * can assign it to child accounts. + */ + committed: boolean; + /** Access Group Component. */ + group: AccessGroupResponse; + /** References to policy templates assigned to the access group template. */ + policy_template_references: PolicyTemplates[]; + /** The URL of the access group template resource. */ + href: string; + /** The date and time when the access group template was created. */ + created_at: string; + /** The ID of the user who created the access group template. */ + created_by_id: string; + /** The date and time when the access group template was last modified. */ + last_modified_at: string; + /** The ID of the user who last modified the access group template. */ + last_modified_by_id: string; + } + + /** Response output for template. */ + export interface TemplateVersionResponse { + /** The ID of the access group template. */ + id: string; + /** The name of the access group template. */ + name: string; + /** The description of the access group template. */ + description: string; + /** The ID of the account to which the access group template is assigned. */ + account_id: string; + /** The version of the access group template. */ + version: string; + /** A boolean indicating whether the access group template is committed. You must commit a template before you + * can assign it to child accounts. + */ + committed: boolean; + /** Access Group Component. */ + group: AccessGroupResponse; + /** References to policy templates assigned to the access group template. */ + policy_template_references: PolicyTemplates[]; + /** The URL of the access group template resource. */ + href: string; + /** The date and time when the access group template was created. */ + created_at: string; + /** The ID of the user who created the access group template. */ + created_by_id: string; + /** The date and time when the access group template was last modified. */ + last_modified_at: string; + /** The ID of the user who last modified the access group template. */ + last_modified_by_id: string; + } + /************************* * pager classes ************************/ @@ -2249,6 +3902,168 @@ namespace IamAccessGroupsV2 { return results; } } + + /** + * TemplatesPager can be used to simplify the use of listTemplates(). + */ + export class TemplatesPager { + protected _hasNext: boolean; + + protected pageContext: any; + + protected client: IamAccessGroupsV2; + + protected params: IamAccessGroupsV2.ListTemplatesParams; + + /** + * Construct a TemplatesPager object. + * + * @param {IamAccessGroupsV2} client - The service client instance used to invoke listTemplates() + * @param {Object} params - The parameters to be passed to listTemplates() + * @constructor + * @returns {TemplatesPager} + */ + constructor(client: IamAccessGroupsV2, params: IamAccessGroupsV2.ListTemplatesParams) { + if (params && params.offset) { + throw new Error(`the params.offset field should not be set`); + } + + this._hasNext = true; + this.pageContext = { next: undefined }; + this.client = client; + this.params = JSON.parse(JSON.stringify(params || {})); + } + + /** + * Returns true if there are potentially more results to be retrieved by invoking getNext(). + * @returns {boolean} + */ + public hasNext(): boolean { + return this._hasNext; + } + + /** + * Returns the next page of results by invoking listTemplates(). + * @returns {Promise} + */ + public async getNext(): Promise { + if (!this.hasNext()) { + throw new Error('No more results available'); + } + + if (this.pageContext.next) { + this.params.offset = this.pageContext.next; + } + const response = await this.client.listTemplates(this.params); + const { result } = response; + + let next = null; + if (result && result.next) { + if (result.next.href) { + next = getQueryParam(result.next.href, 'offset'); + } + } + this.pageContext.next = next; + if (!this.pageContext.next) { + this._hasNext = false; + } + return result.group_templates; + } + + /** + * Returns all results by invoking listTemplates() repeatedly until all pages of results have been retrieved. + * @returns {Promise} + */ + public async getAll(): Promise { + const results: GroupTemplate[] = []; + while (this.hasNext()) { + const nextPage = await this.getNext(); + results.push(...nextPage); + } + return results; + } + } + + /** + * TemplateVersionsPager can be used to simplify the use of listTemplateVersions(). + */ + export class TemplateVersionsPager { + protected _hasNext: boolean; + + protected pageContext: any; + + protected client: IamAccessGroupsV2; + + protected params: IamAccessGroupsV2.ListTemplateVersionsParams; + + /** + * Construct a TemplateVersionsPager object. + * + * @param {IamAccessGroupsV2} client - The service client instance used to invoke listTemplateVersions() + * @param {Object} params - The parameters to be passed to listTemplateVersions() + * @constructor + * @returns {TemplateVersionsPager} + */ + constructor(client: IamAccessGroupsV2, params: IamAccessGroupsV2.ListTemplateVersionsParams) { + if (params && params.offset) { + throw new Error(`the params.offset field should not be set`); + } + + this._hasNext = true; + this.pageContext = { next: undefined }; + this.client = client; + this.params = JSON.parse(JSON.stringify(params || {})); + } + + /** + * Returns true if there are potentially more results to be retrieved by invoking getNext(). + * @returns {boolean} + */ + public hasNext(): boolean { + return this._hasNext; + } + + /** + * Returns the next page of results by invoking listTemplateVersions(). + * @returns {Promise} + */ + public async getNext(): Promise { + if (!this.hasNext()) { + throw new Error('No more results available'); + } + + if (this.pageContext.next) { + this.params.offset = this.pageContext.next; + } + const response = await this.client.listTemplateVersions(this.params); + const { result } = response; + + let next = null; + if (result && result.next) { + if (result.next.href) { + next = getQueryParam(result.next.href, 'offset'); + } + } + this.pageContext.next = next; + if (!this.pageContext.next) { + this._hasNext = false; + } + return result.group_template_versions; + } + + /** + * Returns all results by invoking listTemplateVersions() repeatedly until all pages of results have been retrieved. + * @returns {Promise} + */ + public async getAll(): Promise { + const results: ListTemplateVersionResponse[] = []; + while (this.hasNext()) { + const nextPage = await this.getNext(); + results.push(...nextPage); + } + return results; + } + } } export = IamAccessGroupsV2; diff --git a/test/integration/iam-access-groups.v2.test.js b/test/integration/iam-access-groups.v2.test.js index 555e05b9..373508b5 100644 --- a/test/integration/iam-access-groups.v2.test.js +++ b/test/integration/iam-access-groups.v2.test.js @@ -1,32 +1,32 @@ /** - * (C) Copyright IBM Corp. 2020, 2022. + * (C) Copyright IBM Corp. 2023. * - * Licensed under the Apache License, Version 2.0 (the "License"); you may not - * use this file except in compliance with the License. You may obtain a copy of - * the License at + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations under - * the License. + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. */ /* eslint-disable no-console */ +/* eslint-disable no-await-in-loop */ const { readExternalSources } = require('ibm-cloud-sdk-core'); const IamAccessGroupsV2 = require('../../dist/iam-access-groups/v2'); const authHelper = require('../resources/auth-helper.js'); -// testcase timeout value (25s). -const timeout = 25000; +// testcase timeout value (200s). +const timeout = 200000; // Location of our config file. const configFile = 'iam_access_groups_v2.env'; -// Use authHelper to skip tests if our configFile is not available. const describe = authHelper.prepareTests(configFile); describe('IamAccessGroupsV2_integration', () => { @@ -45,6 +45,13 @@ describe('IamAccessGroupsV2_integration', () => { let testClaimRuleId; let testClaimRuleETag; let testAccountSettings; + let testPolicyTemplateId; + let testAccountGroupId; + let testTemplateId; + let testTemplateETag; + let testTemplateLatestEtag; + let testAssignmentId; + let testAssignmentEtag; test('should successfully complete initialization', (done) => { // Initialize the service client. @@ -56,9 +63,10 @@ describe('IamAccessGroupsV2_integration', () => { expect(iamAccessGroupsService).not.toBeNull(); expect(config).not.toBeNull(); expect(config).toHaveProperty('testAccountId'); - // Retrieve the test account id to be used with the tests. testAccountId = config.testAccountId; + testPolicyTemplateId = config.testPolicyTemplateId; + testAccountGroupId = config.testAccountGroupId; expect(testAccountId).not.toBeNull(); done(); @@ -611,4 +619,498 @@ describe('IamAccessGroupsV2_integration', () => { } } }); + + test('createTemplate()', async () => { + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // MembersInput + const membersInputModel = { + users: ['IBMid-50PJGPKYJJ', 'IBMid-665000T8WY'], + action_controls: membersActionControlsModel, + }; + + // ConditionInput + const conditionInputModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: '"test-bluegroup-saml"', + }; + + // RulesActionControls + const rulesActionControlsModel = { + remove: false, + update: false, + }; + + // RuleInput + const ruleInputModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionInputModel], + action_controls: rulesActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // AssertionsInput + const assertionsInputModel = { + rules: [ruleInputModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupInput + const accessGroupInputModel = { + name: 'IAM Admin Group', + description: + 'This access group template allows admin access to all IAM platform services in the account.', + members: membersInputModel, + assertions: assertionsInputModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplatesInput + const policyTemplatesInputModel = { + id: testPolicyTemplateId, + version: '1', + }; + + const params = { + name: 'IAM Admin Group template', + accountId: testAccountId, + description: + 'This access group template allows admin access to all IAM platform services in the account.', + group: accessGroupInputModel, + policyTemplateReferences: [policyTemplatesInputModel], + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.createTemplate(params); + expect(res).toBeDefined(); + expect(res.status).toBe(201); + expect(res.result).toBeDefined(); + testTemplateId = res.result.id; + }); + + test('listTemplates()', async () => { + const params = { + accountId: testAccountId, + transactionId: 'testString', + limit: 50, + offset: 0, + verbose: true, + }; + + const res = await iamAccessGroupsService.listTemplates(params); + expect(res).toBeDefined(); + expect(res.status).toBe(200); + expect(res.result).toBeDefined(); + }); + + test('listTemplates() via TemplatesPager', async () => { + const params = { + accountId: testAccountId, + transactionId: 'testString', + limit: 50, + verbose: true, + }; + + const allResults = []; + + // Test getNext(). + let pager = new IamAccessGroupsV2.TemplatesPager(iamAccessGroupsService, params); + while (pager.hasNext()) { + const nextPage = await pager.getNext(); + expect(nextPage).not.toBeNull(); + allResults.push(...nextPage); + } + + // Test getAll(). + pager = new IamAccessGroupsV2.TemplatesPager(iamAccessGroupsService, params); + const allItems = await pager.getAll(); + expect(allItems).not.toBeNull(); + expect(allItems).toHaveLength(allResults.length); + console.log(`Retrieved a total of ${allResults.length} items(s) with pagination.`); + }); + + test('createTemplateVersion()', async () => { + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // MembersInput + const membersInputModel = { + users: ['IBMid-50PJGPKYJJ', 'IBMid-665000T8WY'], + action_controls: membersActionControlsModel, + }; + + // ConditionInput + const conditionInputModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: '"test-bluegroup-saml"', + }; + + // RulesActionControls + const rulesActionControlsModel = { + remove: true, + update: true, + }; + + // RuleInput + const ruleInputModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionInputModel], + action_controls: rulesActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // AssertionsInput + const assertionsInputModel = { + rules: [ruleInputModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupInput + const accessGroupInputModel = { + name: 'IAM Admin Group 8', + description: + 'This access group template allows admin access to all IAM platform services in the account.', + members: membersInputModel, + assertions: assertionsInputModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplatesInput + const policyTemplatesInputModel = { + id: testPolicyTemplateId, + version: '1', + }; + + const params = { + templateId: testTemplateId, + name: 'IAM Admin Group template 2', + description: + 'This access group template allows admin access to all IAM platform services in the account.', + group: accessGroupInputModel, + policyTemplateReferences: [policyTemplatesInputModel], + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.createTemplateVersion(params); + expect(res).toBeDefined(); + expect(res.status).toBe(201); + expect(res.result).toBeDefined(); + }); + + test('listTemplateVersions()', async () => { + const params = { + templateId: testTemplateId, + limit: 100, + offset: 0, + }; + + const res = await iamAccessGroupsService.listTemplateVersions(params); + expect(res).toBeDefined(); + expect(res.status).toBe(200); + expect(res.result).toBeDefined(); + }); + + test('listTemplateVersions() via TemplateVersionsPager', async () => { + const params = { + templateId: testTemplateId, + limit: 100, + }; + + const allResults = []; + + // Test getNext(). + let pager = new IamAccessGroupsV2.TemplateVersionsPager(iamAccessGroupsService, params); + while (pager.hasNext()) { + const nextPage = await pager.getNext(); + expect(nextPage).not.toBeNull(); + allResults.push(...nextPage); + } + + // Test getAll(). + pager = new IamAccessGroupsV2.TemplateVersionsPager(iamAccessGroupsService, params); + const allItems = await pager.getAll(); + expect(allItems).not.toBeNull(); + expect(allItems).toHaveLength(allResults.length); + console.log(`Retrieved a total of ${allResults.length} items(s) with pagination.`); + }); + + test('getTemplateVersion()', async () => { + const params = { + templateId: testTemplateId, + versionNum: '1', + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.getTemplateVersion(params); + expect(res).toBeDefined(); + expect(res.status).toBe(200); + expect(res.result).toBeDefined(); + + testTemplateETag = res.headers.etag; + }); + + test('updateTemplateVersion()', async () => { + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // MembersInput + const membersInputModel = { + users: ['IBMid-665000T8WY'], + action_controls: membersActionControlsModel, + }; + + // ConditionInput + const conditionInputModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: '"test-bluegroup-saml"', + }; + + // RulesActionControls + const rulesActionControlsModel = { + remove: false, + update: false, + }; + + // RuleInput + const ruleInputModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionInputModel], + action_controls: rulesActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // AssertionsInput + const assertionsInputModel = { + rules: [ruleInputModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupInput + const accessGroupInputModel = { + name: 'IAM Admin Group 8', + description: + 'This access group template allows admin access to all IAM platform services in the account.', + members: membersInputModel, + assertions: assertionsInputModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplatesInput + const policyTemplatesInputModel = { + id: testPolicyTemplateId, + version: '1', + }; + + const params = { + templateId: testTemplateId, + versionNum: '1', + ifMatch: testTemplateETag, + name: 'IAM Admin Group template 2', + description: + 'This access group template allows admin access to all IAM platform services in the account.', + group: accessGroupInputModel, + policyTemplateReferences: [policyTemplatesInputModel], + }; + + const res = await iamAccessGroupsService.updateTemplateVersion(params); + expect(res).toBeDefined(); + expect(res.status).toBe(201); + expect(res.result).toBeDefined(); + }); + + test('getLatestTemplateVersion()', async () => { + const params = { + templateId: testTemplateId, + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.getLatestTemplateVersion(params); + expect(res).toBeDefined(); + expect(res.status).toBe(200); + expect(res.result).toBeDefined(); + + testTemplateLatestEtag = res.headers.etag; + }); + + test('commitTemplate()', async () => { + const params = { + templateId: testTemplateId, + versionNum: '2', + ifMatch: testTemplateLatestEtag, + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.commitTemplate(params); + expect(res).toBeDefined(); + expect(res.status).toBe(204); + expect(res.result).toBeDefined(); + }); + + test('createAssignment()', async () => { + const params = { + templateId: testTemplateId, + templateVersion: '2', + targetType: 'AccountGroup', + target: testAccountGroupId, + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.createAssignment(params); + expect(res).toBeDefined(); + expect(res.status).toBe(202); + expect(res.result).toBeDefined(); + + testAssignmentId = res.result.id; + await new Promise((r) => setTimeout(r, 60000)); + }, 70000); + + test('listAssignments()', async () => { + const params = { + accountId: testAccountId, + }; + + const res = await iamAccessGroupsService.listAssignments(params); + expect(res).toBeDefined(); + expect(res.status).toBe(200); + expect(res.result).toBeDefined(); + }); + + test('getAssignment()', async () => { + const params = { + assignmentId: testAssignmentId, + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.getAssignment(params); + expect(res).toBeDefined(); + expect(res.status).toBe(200); + expect(res.result).toBeDefined(); + testAssignmentEtag = res.headers.etag; + }); + + test('updateAssignment()', async () => { + const params = { + assignmentId: testAssignmentId, + ifMatch: testAssignmentEtag, + templateVersion: '2', + }; + + const res = await iamAccessGroupsService.updateAssignment(params); + expect(res).toBeDefined(); + expect(res.status).toBe(202); + expect(res.result).toBeDefined(); + await new Promise((r) => setTimeout(r, 80000)); + }, 90000); + + test('deleteAssignment()', async () => { + const params = { + assignmentId: testAssignmentId, + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.deleteAssignment(params); + expect(res).toBeDefined(); + expect(res.status).toBe(202); + expect(res.result).toBeDefined(); + + await new Promise((r) => setTimeout(r, 80000)); + }, 90000); + + test('deleteTemplateVersion()', async () => { + const params = { + templateId: testTemplateId, + versionNum: '2', + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.deleteTemplateVersion(params); + expect(res).toBeDefined(); + expect(res.status).toBe(204); + expect(res.result).toBeDefined(); + }); + + test('deleteTemplate()', async () => { + const params = { + templateId: testTemplateId, + transactionId: 'testString', + }; + + const res = await iamAccessGroupsService.deleteTemplate(params); + expect(res).toBeDefined(); + expect(res.status).toBe(204); + expect(res.result).toBeDefined(); + }); }); diff --git a/test/unit/iam-access-groups.v2.test.js b/test/unit/iam-access-groups.v2.test.js index 97eb186d..7ed61a04 100644 --- a/test/unit/iam-access-groups.v2.test.js +++ b/test/unit/iam-access-groups.v2.test.js @@ -1,5 +1,5 @@ /** - * (C) Copyright IBM Corp. 2022. + * (C) Copyright IBM Corp. 2023. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,9 +15,9 @@ */ // need to import the whole package to mock getAuthenticatorFromEnvironment -const core = require('ibm-cloud-sdk-core'); +const sdkCorePackage = require('ibm-cloud-sdk-core'); -const { NoAuthAuthenticator, unitTestUtils } = core; +const { NoAuthAuthenticator, unitTestUtils } = sdkCorePackage; const IamAccessGroupsV2 = require('../../dist/iam-access-groups/v2'); const nock = require('nock'); @@ -54,7 +54,7 @@ function unmock_createRequest() { } // dont actually construct an authenticator -const getAuthenticatorMock = jest.spyOn(core, 'getAuthenticatorFromEnvironment'); +const getAuthenticatorMock = jest.spyOn(sdkCorePackage, 'getAuthenticatorFromEnvironment'); getAuthenticatorMock.mockImplementation(() => new NoAuthAuthenticator()); describe('IamAccessGroupsV2', () => { @@ -223,9 +223,10 @@ describe('IamAccessGroupsV2', () => { const accountId = 'testString'; const transactionId = 'testString'; const iamId = 'testString'; + const search = 'testString'; const membershipType = 'static'; - const limit = 100; - const offset = 38; + const limit = 50; + const offset = 0; const sort = 'name'; const showFederated = false; const hidePublicAccess = false; @@ -233,6 +234,7 @@ describe('IamAccessGroupsV2', () => { accountId, transactionId, iamId, + search, membershipType, limit, offset, @@ -258,6 +260,7 @@ describe('IamAccessGroupsV2', () => { checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); expect(mockRequestOptions.qs.account_id).toEqual(accountId); expect(mockRequestOptions.qs.iam_id).toEqual(iamId); + expect(mockRequestOptions.qs.search).toEqual(search); expect(mockRequestOptions.qs.membership_type).toEqual(membershipType); expect(mockRequestOptions.qs.limit).toEqual(limit); expect(mockRequestOptions.qs.offset).toEqual(offset); @@ -350,6 +353,7 @@ describe('IamAccessGroupsV2', () => { accountId: 'testString', transactionId: 'testString', iamId: 'testString', + search: 'testString', membershipType: 'static', limit: 10, sort: 'name', @@ -372,6 +376,7 @@ describe('IamAccessGroupsV2', () => { accountId: 'testString', transactionId: 'testString', iamId: 'testString', + search: 'testString', membershipType: 'static', limit: 10, sort: 'name', @@ -861,8 +866,8 @@ describe('IamAccessGroupsV2', () => { const accessGroupId = 'testString'; const transactionId = 'testString'; const membershipType = 'static'; - const limit = 100; - const offset = 38; + const limit = 50; + const offset = 0; const type = 'testString'; const verbose = false; const sort = 'testString'; @@ -1300,7 +1305,7 @@ describe('IamAccessGroupsV2', () => { const accountId = 'testString'; const iamId = 'testString'; const type = 'user'; - const groups = ['access-group-id-1']; + const groups = ['AccessGroupId-b0d32f56-f85c-4bf1-af37-7bbd92b1b2b3']; const transactionId = 'testString'; const addMemberToMultipleAccessGroupsParams = { accountId, @@ -2076,4 +2081,1767 @@ describe('IamAccessGroupsV2', () => { }); }); }); + + describe('createTemplate', () => { + describe('positive tests', () => { + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // Members + const membersModel = { + users: ['IBMid-50PJGPKYJJ', 'IBMid-665000T8WY'], + services: ['iam-ServiceId-345', 'iam-ServiceId-456'], + action_controls: membersActionControlsModel, + }; + + // Conditions + const conditionsModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: 'test-bluegroup-saml', + }; + + // RuleActionControls + const ruleActionControlsModel = { + remove: false, + update: false, + }; + + // AssertionsRule + const assertionsRuleModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionsModel], + action_controls: ruleActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // Assertions + const assertionsModel = { + rules: [assertionsRuleModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupRequest + const accessGroupRequestModel = { + name: 'IAM Admin Group', + description: 'This access group template allows admin access to all IAM platform services in the account.', + members: membersModel, + assertions: assertionsModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplates + const policyTemplatesModel = { + id: 'policyTemplateId-123', + version: '1', + }; + + function __createTemplateTest() { + // Construct the params object for operation createTemplate + const name = 'IAM Admin Group template'; + const accountId = 'accountID-123'; + const description = 'This access group template allows admin access to all IAM platform services in the account.'; + const group = accessGroupRequestModel; + const policyTemplateReferences = [policyTemplatesModel]; + const transactionId = 'testString'; + const createTemplateParams = { + name, + accountId, + description, + group, + policyTemplateReferences, + transactionId, + }; + + const createTemplateResult = iamAccessGroupsService.createTemplate(createTemplateParams); + + // all methods should return a Promise + expectToBePromise(createTemplateResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates', 'POST'); + const expectedAccept = 'application/json'; + const expectedContentType = 'application/json'; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.body.name).toEqual(name); + expect(mockRequestOptions.body.account_id).toEqual(accountId); + expect(mockRequestOptions.body.description).toEqual(description); + expect(mockRequestOptions.body.group).toEqual(group); + expect(mockRequestOptions.body.policy_template_references).toEqual(policyTemplateReferences); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __createTemplateTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __createTemplateTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __createTemplateTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const name = 'IAM Admin Group template'; + const accountId = 'accountID-123'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const createTemplateParams = { + name, + accountId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.createTemplate(createTemplateParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.createTemplate({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.createTemplate(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('listTemplates', () => { + describe('positive tests', () => { + function __listTemplatesTest() { + // Construct the params object for operation listTemplates + const accountId = 'accountID-123'; + const transactionId = 'testString'; + const limit = 50; + const offset = 0; + const verbose = true; + const listTemplatesParams = { + accountId, + transactionId, + limit, + offset, + verbose, + }; + + const listTemplatesResult = iamAccessGroupsService.listTemplates(listTemplatesParams); + + // all methods should return a Promise + expectToBePromise(listTemplatesResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates', 'GET'); + const expectedAccept = 'application/json'; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.qs.account_id).toEqual(accountId); + expect(mockRequestOptions.qs.limit).toEqual(limit); + expect(mockRequestOptions.qs.offset).toEqual(offset); + expect(mockRequestOptions.qs.verbose).toEqual(verbose); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __listTemplatesTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __listTemplatesTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __listTemplatesTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const accountId = 'accountID-123'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const listTemplatesParams = { + accountId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.listTemplates(listTemplatesParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.listTemplates({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.listTemplates(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + + describe('TemplatesPager tests', () => { + const serviceUrl = iamAccessGroupsServiceOptions.url; + const path = '/v1/group_templates'; + const mockPagerResponse1 = + '{"group_templates":[{"id":"id","name":"name","description":"description","version":"version","committed":false,"group":{"name":"name","description":"description","members":{"users":["users"],"services":["services"],"action_controls":{"add":false,"remove":true}},"assertions":{"rules":[{"name":"name","expiration":10,"realm_name":"realm_name","conditions":[{"claim":"claim","operator":"operator","value":"value"}],"action_controls":{"remove":true,"update":true}}],"action_controls":{"add":false,"remove":true,"update":true}},"action_controls":{"access":{"add":false}}},"policy_template_references":[{"id":"id","version":"version"}],"href":"href","created_at":"2019-01-01T12:00:00.000Z","created_by_id":"created_by_id","last_modified_at":"2019-01-01T12:00:00.000Z","last_modified_by_id":"last_modified_by_id"}],"next":{"href":"https://myhost.com/somePath?offset=1"},"total_count":2,"limit":1}'; + const mockPagerResponse2 = + '{"group_templates":[{"id":"id","name":"name","description":"description","version":"version","committed":false,"group":{"name":"name","description":"description","members":{"users":["users"],"services":["services"],"action_controls":{"add":false,"remove":true}},"assertions":{"rules":[{"name":"name","expiration":10,"realm_name":"realm_name","conditions":[{"claim":"claim","operator":"operator","value":"value"}],"action_controls":{"remove":true,"update":true}}],"action_controls":{"add":false,"remove":true,"update":true}},"action_controls":{"access":{"add":false}}},"policy_template_references":[{"id":"id","version":"version"}],"href":"href","created_at":"2019-01-01T12:00:00.000Z","created_by_id":"created_by_id","last_modified_at":"2019-01-01T12:00:00.000Z","last_modified_by_id":"last_modified_by_id"}],"total_count":2,"limit":1}'; + + beforeEach(() => { + unmock_createRequest(); + const scope = nock(serviceUrl) + .get(uri => uri.includes(path)) + .reply(200, mockPagerResponse1) + .get(uri => uri.includes(path)) + .reply(200, mockPagerResponse2); + }); + + afterEach(() => { + nock.cleanAll(); + mock_createRequest(); + }); + + test('getNext()', async () => { + const params = { + accountId: 'accountID-123', + transactionId: 'testString', + limit: 50, + verbose: true, + }; + const allResults = []; + const pager = new IamAccessGroupsV2.TemplatesPager(iamAccessGroupsService, params); + while (pager.hasNext()) { + const nextPage = await pager.getNext(); + expect(nextPage).not.toBeNull(); + allResults.push(...nextPage); + } + expect(allResults).not.toBeNull(); + expect(allResults).toHaveLength(2); + }); + + test('getAll()', async () => { + const params = { + accountId: 'accountID-123', + transactionId: 'testString', + limit: 50, + verbose: true, + }; + const pager = new IamAccessGroupsV2.TemplatesPager(iamAccessGroupsService, params); + const allResults = await pager.getAll(); + expect(allResults).not.toBeNull(); + expect(allResults).toHaveLength(2); + }); + }); + }); + + describe('createTemplateVersion', () => { + describe('positive tests', () => { + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // Members + const membersModel = { + users: ['IBMid-50PJGPKYJJ', 'IBMid-665000T8WY'], + services: ['iam-ServiceId-345'], + action_controls: membersActionControlsModel, + }; + + // Conditions + const conditionsModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: 'test-bluegroup-saml', + }; + + // RuleActionControls + const ruleActionControlsModel = { + remove: true, + update: true, + }; + + // AssertionsRule + const assertionsRuleModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionsModel], + action_controls: ruleActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // Assertions + const assertionsModel = { + rules: [assertionsRuleModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupRequest + const accessGroupRequestModel = { + name: 'IAM Admin Group 8', + description: 'This access group template allows admin access to all IAM platform services in the account.', + members: membersModel, + assertions: assertionsModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplates + const policyTemplatesModel = { + id: 'policyTemplateId-123', + version: '1', + }; + + function __createTemplateVersionTest() { + // Construct the params object for operation createTemplateVersion + const templateId = 'testString'; + const name = 'IAM Admin Group template 2'; + const description = 'This access group template allows admin access to all IAM platform services in the account.'; + const group = accessGroupRequestModel; + const policyTemplateReferences = [policyTemplatesModel]; + const transactionId = 'testString'; + const createTemplateVersionParams = { + templateId, + name, + description, + group, + policyTemplateReferences, + transactionId, + }; + + const createTemplateVersionResult = iamAccessGroupsService.createTemplateVersion(createTemplateVersionParams); + + // all methods should return a Promise + expectToBePromise(createTemplateVersionResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}/versions', 'POST'); + const expectedAccept = 'application/json'; + const expectedContentType = 'application/json'; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.body.name).toEqual(name); + expect(mockRequestOptions.body.description).toEqual(description); + expect(mockRequestOptions.body.group).toEqual(group); + expect(mockRequestOptions.body.policy_template_references).toEqual(policyTemplateReferences); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __createTemplateVersionTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __createTemplateVersionTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __createTemplateVersionTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const createTemplateVersionParams = { + templateId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.createTemplateVersion(createTemplateVersionParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.createTemplateVersion({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.createTemplateVersion(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('listTemplateVersions', () => { + describe('positive tests', () => { + function __listTemplateVersionsTest() { + // Construct the params object for operation listTemplateVersions + const templateId = 'testString'; + const limit = 100; + const offset = 0; + const listTemplateVersionsParams = { + templateId, + limit, + offset, + }; + + const listTemplateVersionsResult = iamAccessGroupsService.listTemplateVersions(listTemplateVersionsParams); + + // all methods should return a Promise + expectToBePromise(listTemplateVersionsResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}/versions', 'GET'); + const expectedAccept = 'application/json'; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + expect(mockRequestOptions.qs.limit).toEqual(limit); + expect(mockRequestOptions.qs.offset).toEqual(offset); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __listTemplateVersionsTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __listTemplateVersionsTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __listTemplateVersionsTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const listTemplateVersionsParams = { + templateId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.listTemplateVersions(listTemplateVersionsParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.listTemplateVersions({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.listTemplateVersions(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + + describe('TemplateVersionsPager tests', () => { + const serviceUrl = iamAccessGroupsServiceOptions.url; + const path = '/v1/group_templates/testString/versions'; + const mockPagerResponse1 = + '{"next":{"href":"https://myhost.com/somePath?offset=1"},"total_count":2,"group_template_versions":[{"name":"name","description":"description","account_id":"account_id","version":"version","committed":false,"group":{"name":"name","description":"description","members":{"users":["users"],"services":["services"],"action_controls":{"add":false,"remove":true}},"assertions":{"rules":[{"name":"name","expiration":10,"realm_name":"realm_name","conditions":[{"claim":"claim","operator":"operator","value":"value"}],"action_controls":{"remove":true,"update":true}}],"action_controls":{"add":false,"remove":true,"update":true}},"action_controls":{"access":{"add":false}}},"policy_template_references":[{"id":"id","version":"version"}],"href":"href","created_at":"created_at","created_by_id":"created_by_id","last_modified_at":"last_modified_at","last_modified_by_id":"last_modified_by_id"}],"limit":1}'; + const mockPagerResponse2 = + '{"total_count":2,"group_template_versions":[{"name":"name","description":"description","account_id":"account_id","version":"version","committed":false,"group":{"name":"name","description":"description","members":{"users":["users"],"services":["services"],"action_controls":{"add":false,"remove":true}},"assertions":{"rules":[{"name":"name","expiration":10,"realm_name":"realm_name","conditions":[{"claim":"claim","operator":"operator","value":"value"}],"action_controls":{"remove":true,"update":true}}],"action_controls":{"add":false,"remove":true,"update":true}},"action_controls":{"access":{"add":false}}},"policy_template_references":[{"id":"id","version":"version"}],"href":"href","created_at":"created_at","created_by_id":"created_by_id","last_modified_at":"last_modified_at","last_modified_by_id":"last_modified_by_id"}],"limit":1}'; + + beforeEach(() => { + unmock_createRequest(); + const scope = nock(serviceUrl) + .get(uri => uri.includes(path)) + .reply(200, mockPagerResponse1) + .get(uri => uri.includes(path)) + .reply(200, mockPagerResponse2); + }); + + afterEach(() => { + nock.cleanAll(); + mock_createRequest(); + }); + + test('getNext()', async () => { + const params = { + templateId: 'testString', + limit: 100, + }; + const allResults = []; + const pager = new IamAccessGroupsV2.TemplateVersionsPager(iamAccessGroupsService, params); + while (pager.hasNext()) { + const nextPage = await pager.getNext(); + expect(nextPage).not.toBeNull(); + allResults.push(...nextPage); + } + expect(allResults).not.toBeNull(); + expect(allResults).toHaveLength(2); + }); + + test('getAll()', async () => { + const params = { + templateId: 'testString', + limit: 100, + }; + const pager = new IamAccessGroupsV2.TemplateVersionsPager(iamAccessGroupsService, params); + const allResults = await pager.getAll(); + expect(allResults).not.toBeNull(); + expect(allResults).toHaveLength(2); + }); + }); + }); + + describe('getTemplateVersion', () => { + describe('positive tests', () => { + function __getTemplateVersionTest() { + // Construct the params object for operation getTemplateVersion + const templateId = 'testString'; + const versionNum = 'testString'; + const verbose = true; + const transactionId = 'testString'; + const getTemplateVersionParams = { + templateId, + versionNum, + verbose, + transactionId, + }; + + const getTemplateVersionResult = iamAccessGroupsService.getTemplateVersion(getTemplateVersionParams); + + // all methods should return a Promise + expectToBePromise(getTemplateVersionResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}/versions/{version_num}', 'GET'); + const expectedAccept = 'application/json'; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.qs.verbose).toEqual(verbose); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + expect(mockRequestOptions.path.version_num).toEqual(versionNum); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __getTemplateVersionTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __getTemplateVersionTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __getTemplateVersionTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const versionNum = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const getTemplateVersionParams = { + templateId, + versionNum, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.getTemplateVersion(getTemplateVersionParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.getTemplateVersion({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.getTemplateVersion(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('updateTemplateVersion', () => { + describe('positive tests', () => { + // Request models needed by this operation. + + // MembersActionControls + const membersActionControlsModel = { + add: true, + remove: false, + }; + + // Members + const membersModel = { + users: ['IBMid-665000T8WY'], + services: ['iam-ServiceId-e371b0e5-1c80-48e3-bf12-c6a8ef2b1a11'], + action_controls: membersActionControlsModel, + }; + + // Conditions + const conditionsModel = { + claim: 'blueGroup', + operator: 'CONTAINS', + value: 'test-bluegroup-saml', + }; + + // RuleActionControls + const ruleActionControlsModel = { + remove: false, + update: false, + }; + + // AssertionsRule + const assertionsRuleModel = { + name: 'Manager group rule', + expiration: 12, + realm_name: 'https://idp.example.org/SAML2', + conditions: [conditionsModel], + action_controls: ruleActionControlsModel, + }; + + // AssertionsActionControls + const assertionsActionControlsModel = { + add: false, + remove: true, + update: true, + }; + + // Assertions + const assertionsModel = { + rules: [assertionsRuleModel], + action_controls: assertionsActionControlsModel, + }; + + // AccessActionControls + const accessActionControlsModel = { + add: false, + }; + + // GroupActionControls + const groupActionControlsModel = { + access: accessActionControlsModel, + }; + + // AccessGroupRequest + const accessGroupRequestModel = { + name: 'IAM Admin Group 8', + description: 'This access group template allows admin access to all IAM platform services in the account.', + members: membersModel, + assertions: assertionsModel, + action_controls: groupActionControlsModel, + }; + + // PolicyTemplates + const policyTemplatesModel = { + id: 'policyTemplateId-123', + version: '1', + }; + + function __updateTemplateVersionTest() { + // Construct the params object for operation updateTemplateVersion + const templateId = 'testString'; + const versionNum = 'testString'; + const ifMatch = 'testString'; + const name = 'IAM Admin Group template 2'; + const description = 'This access group template allows admin access to all IAM platform services in the account.'; + const group = accessGroupRequestModel; + const policyTemplateReferences = [policyTemplatesModel]; + const transactionId = '83adf5bd-de790caa3'; + const updateTemplateVersionParams = { + templateId, + versionNum, + ifMatch, + name, + description, + group, + policyTemplateReferences, + transactionId, + }; + + const updateTemplateVersionResult = iamAccessGroupsService.updateTemplateVersion(updateTemplateVersionParams); + + // all methods should return a Promise + expectToBePromise(updateTemplateVersionResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}/versions/{version_num}', 'PUT'); + const expectedAccept = 'application/json'; + const expectedContentType = 'application/json'; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'If-Match', ifMatch); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.body.name).toEqual(name); + expect(mockRequestOptions.body.description).toEqual(description); + expect(mockRequestOptions.body.group).toEqual(group); + expect(mockRequestOptions.body.policy_template_references).toEqual(policyTemplateReferences); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + expect(mockRequestOptions.path.version_num).toEqual(versionNum); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __updateTemplateVersionTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __updateTemplateVersionTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __updateTemplateVersionTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const versionNum = 'testString'; + const ifMatch = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const updateTemplateVersionParams = { + templateId, + versionNum, + ifMatch, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.updateTemplateVersion(updateTemplateVersionParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.updateTemplateVersion({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.updateTemplateVersion(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('deleteTemplateVersion', () => { + describe('positive tests', () => { + function __deleteTemplateVersionTest() { + // Construct the params object for operation deleteTemplateVersion + const templateId = 'testString'; + const versionNum = 'testString'; + const transactionId = 'testString'; + const deleteTemplateVersionParams = { + templateId, + versionNum, + transactionId, + }; + + const deleteTemplateVersionResult = iamAccessGroupsService.deleteTemplateVersion(deleteTemplateVersionParams); + + // all methods should return a Promise + expectToBePromise(deleteTemplateVersionResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}/versions/{version_num}', 'DELETE'); + const expectedAccept = undefined; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + expect(mockRequestOptions.path.version_num).toEqual(versionNum); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __deleteTemplateVersionTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __deleteTemplateVersionTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __deleteTemplateVersionTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const versionNum = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const deleteTemplateVersionParams = { + templateId, + versionNum, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.deleteTemplateVersion(deleteTemplateVersionParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.deleteTemplateVersion({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.deleteTemplateVersion(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('commitTemplate', () => { + describe('positive tests', () => { + function __commitTemplateTest() { + // Construct the params object for operation commitTemplate + const templateId = 'testString'; + const versionNum = 'testString'; + const ifMatch = 'testString'; + const transactionId = 'testString'; + const commitTemplateParams = { + templateId, + versionNum, + ifMatch, + transactionId, + }; + + const commitTemplateResult = iamAccessGroupsService.commitTemplate(commitTemplateParams); + + // all methods should return a Promise + expectToBePromise(commitTemplateResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}/versions/{version_num}/commit', 'POST'); + const expectedAccept = undefined; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'If-Match', ifMatch); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + expect(mockRequestOptions.path.version_num).toEqual(versionNum); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __commitTemplateTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __commitTemplateTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __commitTemplateTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const versionNum = 'testString'; + const ifMatch = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const commitTemplateParams = { + templateId, + versionNum, + ifMatch, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.commitTemplate(commitTemplateParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.commitTemplate({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.commitTemplate(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('getLatestTemplateVersion', () => { + describe('positive tests', () => { + function __getLatestTemplateVersionTest() { + // Construct the params object for operation getLatestTemplateVersion + const templateId = 'testString'; + const verbose = true; + const transactionId = 'testString'; + const getLatestTemplateVersionParams = { + templateId, + verbose, + transactionId, + }; + + const getLatestTemplateVersionResult = iamAccessGroupsService.getLatestTemplateVersion(getLatestTemplateVersionParams); + + // all methods should return a Promise + expectToBePromise(getLatestTemplateVersionResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}', 'GET'); + const expectedAccept = 'application/json'; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.qs.verbose).toEqual(verbose); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __getLatestTemplateVersionTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __getLatestTemplateVersionTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __getLatestTemplateVersionTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const getLatestTemplateVersionParams = { + templateId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.getLatestTemplateVersion(getLatestTemplateVersionParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.getLatestTemplateVersion({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.getLatestTemplateVersion(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('deleteTemplate', () => { + describe('positive tests', () => { + function __deleteTemplateTest() { + // Construct the params object for operation deleteTemplate + const templateId = 'testString'; + const transactionId = 'testString'; + const deleteTemplateParams = { + templateId, + transactionId, + }; + + const deleteTemplateResult = iamAccessGroupsService.deleteTemplate(deleteTemplateParams); + + // all methods should return a Promise + expectToBePromise(deleteTemplateResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_templates/{template_id}', 'DELETE'); + const expectedAccept = undefined; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.path.template_id).toEqual(templateId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __deleteTemplateTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __deleteTemplateTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __deleteTemplateTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const deleteTemplateParams = { + templateId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.deleteTemplate(deleteTemplateParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.deleteTemplate({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.deleteTemplate(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('createAssignment', () => { + describe('positive tests', () => { + function __createAssignmentTest() { + // Construct the params object for operation createAssignment + const templateId = 'AccessGroupTemplateId-4be4'; + const templateVersion = '1'; + const targetType = 'AccountGroup'; + const target = '0a45594d0f-123'; + const transactionId = 'testString'; + const createAssignmentParams = { + templateId, + templateVersion, + targetType, + target, + transactionId, + }; + + const createAssignmentResult = iamAccessGroupsService.createAssignment(createAssignmentParams); + + // all methods should return a Promise + expectToBePromise(createAssignmentResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_assignments', 'POST'); + const expectedAccept = 'application/json'; + const expectedContentType = 'application/json'; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.body.template_id).toEqual(templateId); + expect(mockRequestOptions.body.template_version).toEqual(templateVersion); + expect(mockRequestOptions.body.target_type).toEqual(targetType); + expect(mockRequestOptions.body.target).toEqual(target); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __createAssignmentTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __createAssignmentTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __createAssignmentTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const templateId = 'AccessGroupTemplateId-4be4'; + const templateVersion = '1'; + const targetType = 'AccountGroup'; + const target = '0a45594d0f-123'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const createAssignmentParams = { + templateId, + templateVersion, + targetType, + target, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.createAssignment(createAssignmentParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.createAssignment({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.createAssignment(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('listAssignments', () => { + describe('positive tests', () => { + function __listAssignmentsTest() { + // Construct the params object for operation listAssignments + const accountId = 'accountID-123'; + const templateId = 'testString'; + const templateVersion = 'testString'; + const target = 'testString'; + const status = 'accepted'; + const transactionId = 'testString'; + const limit = 50; + const offset = 0; + const listAssignmentsParams = { + accountId, + templateId, + templateVersion, + target, + status, + transactionId, + limit, + offset, + }; + + const listAssignmentsResult = iamAccessGroupsService.listAssignments(listAssignmentsParams); + + // all methods should return a Promise + expectToBePromise(listAssignmentsResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_assignments', 'GET'); + const expectedAccept = 'application/json'; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.qs.account_id).toEqual(accountId); + expect(mockRequestOptions.qs.template_id).toEqual(templateId); + expect(mockRequestOptions.qs.template_version).toEqual(templateVersion); + expect(mockRequestOptions.qs.target).toEqual(target); + expect(mockRequestOptions.qs.status).toEqual(status); + expect(mockRequestOptions.qs.limit).toEqual(limit); + expect(mockRequestOptions.qs.offset).toEqual(offset); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __listAssignmentsTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __listAssignmentsTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __listAssignmentsTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const accountId = 'accountID-123'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const listAssignmentsParams = { + accountId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.listAssignments(listAssignmentsParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.listAssignments({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.listAssignments(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('getAssignment', () => { + describe('positive tests', () => { + function __getAssignmentTest() { + // Construct the params object for operation getAssignment + const assignmentId = 'testString'; + const transactionId = 'testString'; + const verbose = false; + const getAssignmentParams = { + assignmentId, + transactionId, + verbose, + }; + + const getAssignmentResult = iamAccessGroupsService.getAssignment(getAssignmentParams); + + // all methods should return a Promise + expectToBePromise(getAssignmentResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_assignments/{assignment_id}', 'GET'); + const expectedAccept = 'application/json'; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.qs.verbose).toEqual(verbose); + expect(mockRequestOptions.path.assignment_id).toEqual(assignmentId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __getAssignmentTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __getAssignmentTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __getAssignmentTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const assignmentId = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const getAssignmentParams = { + assignmentId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.getAssignment(getAssignmentParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.getAssignment({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.getAssignment(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('updateAssignment', () => { + describe('positive tests', () => { + function __updateAssignmentTest() { + // Construct the params object for operation updateAssignment + const assignmentId = 'testString'; + const ifMatch = 'testString'; + const templateVersion = '1'; + const updateAssignmentParams = { + assignmentId, + ifMatch, + templateVersion, + }; + + const updateAssignmentResult = iamAccessGroupsService.updateAssignment(updateAssignmentParams); + + // all methods should return a Promise + expectToBePromise(updateAssignmentResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_assignments/{assignment_id}', 'PATCH'); + const expectedAccept = 'application/json'; + const expectedContentType = 'application/json'; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'If-Match', ifMatch); + expect(mockRequestOptions.body.template_version).toEqual(templateVersion); + expect(mockRequestOptions.path.assignment_id).toEqual(assignmentId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __updateAssignmentTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __updateAssignmentTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __updateAssignmentTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const assignmentId = 'testString'; + const ifMatch = 'testString'; + const templateVersion = '1'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const updateAssignmentParams = { + assignmentId, + ifMatch, + templateVersion, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.updateAssignment(updateAssignmentParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.updateAssignment({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.updateAssignment(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); + + describe('deleteAssignment', () => { + describe('positive tests', () => { + function __deleteAssignmentTest() { + // Construct the params object for operation deleteAssignment + const assignmentId = 'testString'; + const transactionId = 'testString'; + const deleteAssignmentParams = { + assignmentId, + transactionId, + }; + + const deleteAssignmentResult = iamAccessGroupsService.deleteAssignment(deleteAssignmentParams); + + // all methods should return a Promise + expectToBePromise(deleteAssignmentResult); + + // assert that create request was called + expect(createRequestMock).toHaveBeenCalledTimes(1); + + const mockRequestOptions = getOptions(createRequestMock); + + checkUrlAndMethod(mockRequestOptions, '/v1/group_assignments/{assignment_id}', 'DELETE'); + const expectedAccept = undefined; + const expectedContentType = undefined; + checkMediaHeaders(createRequestMock, expectedAccept, expectedContentType); + checkUserHeader(createRequestMock, 'Transaction-Id', transactionId); + expect(mockRequestOptions.path.assignment_id).toEqual(assignmentId); + } + + test('should pass the right params to createRequest with enable and disable retries', () => { + // baseline test + __deleteAssignmentTest(); + + // enable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.enableRetries(); + __deleteAssignmentTest(); + + // disable retries and test again + createRequestMock.mockClear(); + iamAccessGroupsService.disableRetries(); + __deleteAssignmentTest(); + }); + + test('should prioritize user-given headers', () => { + // parameters + const assignmentId = 'testString'; + const userAccept = 'fake/accept'; + const userContentType = 'fake/contentType'; + const deleteAssignmentParams = { + assignmentId, + headers: { + Accept: userAccept, + 'Content-Type': userContentType, + }, + }; + + iamAccessGroupsService.deleteAssignment(deleteAssignmentParams); + checkMediaHeaders(createRequestMock, userAccept, userContentType); + }); + }); + + describe('negative tests', () => { + test('should enforce required parameters', async () => { + let err; + try { + await iamAccessGroupsService.deleteAssignment({}); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + + test('should reject promise when required params are not given', async () => { + let err; + try { + await iamAccessGroupsService.deleteAssignment(); + } catch (e) { + err = e; + } + + expect(err.message).toMatch(/Missing required parameters/); + }); + }); + }); });