From eff4101b62147f1051aa98e482e2b40bf9d2fdda Mon Sep 17 00:00:00 2001 From: Daniel Byrne Date: Mon, 8 Sep 2025 16:43:11 +0100 Subject: [PATCH] feat(IAM Identity) add new account settings Signed-off-by: Daniel Byrne --- examples/test_iam_identity_v1_examples.py | 96 +- ibm_platform_services/iam_identity_v1.py | 1211 ++++++++++----------- test/integration/test_iam_identity_v1.py | 103 +- test/unit/test_iam_identity_v1.py | 497 +++++---- 4 files changed, 972 insertions(+), 935 deletions(-) diff --git a/examples/test_iam_identity_v1_examples.py b/examples/test_iam_identity_v1_examples.py index 86a4b2c..79d9d74 100644 --- a/examples/test_iam_identity_v1_examples.py +++ b/examples/test_iam_identity_v1_examples.py @@ -50,9 +50,11 @@ config = None -apikey_name = 'Example-ApiKey' -serviceid_name = 'Example-ServiceId' -serviceid_group_name = 'Example-ServiceId' +now = str(round(time.time() * 1000)) + +apikey_name = 'Python-SDK-Example-ApiKey-' + now +serviceid_name = 'Python-SDK-Example-ServiceId-' + now +serviceid_group_name = 'Python-SDK-Example-ServiceId-' + now service = 'console' value_string = '/billing' preference_id1 = 'landing_page' @@ -60,7 +62,6 @@ # config property values account_id = None iam_id = None -iam_id_member = None apikey = None enterprise_account_id = None enterprise_subaccount_id = None @@ -92,12 +93,15 @@ profile_template_etag = None profile_template_assignment_id = None profile_template_assignment_etag = None +profile_template_name = 'Python-SDK-Example-Profile-Template-' + now +profile_template_profile_name = 'Python-SDK-Example-Profile-From-Template-' + now account_settings_template_id = None account_settings_template_version = None account_settings_template_etag = None account_settings_template_assignment_id = None account_settings_template_assignment_etag = None +account_settings_template_name = 'Python-SDK-Example-AccountSettings-Template-' + now iam_id_for_preferences = None @@ -134,9 +138,6 @@ def setup_class(cls): global iam_id iam_id = config['IAM_ID'] - global iam_id_member - iam_id_member = config['IAM_ID_MEMBER'] - global apikey apikey = config['APIKEY'] @@ -146,9 +147,6 @@ def setup_class(cls): global enterprise_subaccount_id enterprise_subaccount_id = config['ENTERPRISE_SUBACCOUNT_ID'] - global iam_id_for_preferences - iam_id_for_preferences = config['IAM_ID_FOR_PREFERENCES'] - print('Setup complete.') needscredentials = pytest.mark.skipif( @@ -570,9 +568,7 @@ def test_list_service_id_group_example(self): print('\nlist_service_id_group() result:') # begin-list_service_id_group - service_id_group_list = iam_identity_service.list_service_id_group( - account_id=account_id, name=serviceid_name - ).get_result() + service_id_group_list = iam_identity_service.list_service_id_group(account_id=account_id).get_result() print(json.dumps(service_id_group_list, indent=2)) # end-list_service_id_group @@ -638,6 +634,9 @@ def test_create_profile_example(self): global profile_id profile_id = profile['id'] + global iam_id_for_preferences + iam_id_for_preferences = profile['iam_id'] + except ApiException as e: pytest.fail(str(e)) @@ -968,6 +967,11 @@ def test_set_profile_identities(self): print('\nset_profile_identities() response status code: ', response.get_status_code()) + # delete identity so we can set again in the next test + iam_identity_service.delete_profile_identity( + profile_id=profile_id, identity_type="user", identifier_id=iam_id + ) + except ApiException as e: pytest.fail(str(e)) @@ -983,7 +987,7 @@ def test_set_profile_identity(self): response = iam_identity_service.set_profile_identity( profile_id=profile_id, identity_type="user", - identifier=iam_id_member, + identifier=iam_id, type="user", accounts=accounts, description="Identity description", @@ -1004,7 +1008,7 @@ def test_get_profile_identity(self): # begin-get_profile_identity response = iam_identity_service.get_profile_identity( - profile_id=profile_id, identity_type="user", identifier_id=iam_id_member + profile_id=profile_id, identity_type="user", identifier_id=iam_id ) # end-get_profile_identity @@ -1022,7 +1026,7 @@ def test_delete_profile_identity(self): # begin-delete_profile_identity response = iam_identity_service.delete_profile_identity( - profile_id=profile_id, identity_type="user", identifier_id=iam_id_member + profile_id=profile_id, identity_type="user", identifier_id=iam_id ) # end-delete_profile_identity @@ -1031,23 +1035,6 @@ def test_delete_profile_identity(self): except ApiException as e: pytest.fail(str(e)) - @needscredentials - def test_delete_profile_example(self): - """ - delete_profile request example - """ - try: - # begin-delete_profile - - response = iam_identity_service.delete_profile(profile_id=profile_id) - - # end-delete_profile - - print('\ndelete_profile() response status code: ', response.get_status_code()) - - except ApiException as e: - pytest.fail(str(e)) - @needscredentials def test_get_account_settings_example(self): """ @@ -1079,13 +1066,21 @@ def test_update_account_settings_example(self): # begin-updateAccountSettings account_settings_user_mfa = {} - account_settings_user_mfa['iam_id'] = iam_id_member + account_settings_user_mfa['iam_id'] = iam_id account_settings_user_mfa['mfa'] = 'NONE' + + account_settings_user_domain_restriction_model = {} + account_settings_user_domain_restriction_model['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model['invitation_email_allow_patterns'] = ['*.*@company.com'] + account_settings_user_domain_restriction_model['restrict_invitation'] = True + account_settings_response = iam_identity_service.update_account_settings( account_id=account_id, if_match=account_settings_etag, restrict_create_service_id="NOT_RESTRICTED", restrict_create_platform_apikey="NOT_RESTRICTED", + restrict_user_list_visibility="NOT_RESTRICTED", + restrict_user_domains=[account_settings_user_domain_restriction_model], mfa="NONE", user_mfa=[account_settings_user_mfa], session_expiration_in_seconds="86400", @@ -1240,12 +1235,12 @@ def test_create_profile_template(self): profile_claim_rule['conditions'] = [profile_claim_rule_conditions] profile = {} - profile['name'] = 'Profile-From-Example-Template' + profile['name'] = profile_template_profile_name profile['description'] = 'Trusted profile created from a template' profile['rules'] = [profile_claim_rule] create_response = iam_identity_service.create_profile_template( - name='Example-Profile-Template', + name=profile_template_name, description='IAM enterprise trusted profile template example', account_id=enterprise_account_id, profile=profile, @@ -1317,7 +1312,7 @@ def test_update_profile_template(self): template_id=profile_template_id, version=str(profile_template_version), if_match=profile_template_etag, - name='Example-Profile-Template', + name=profile_template_name, description='IAM enterprise trusted profile template example - updated', ) profile_template = update_response.get_result() @@ -1433,14 +1428,14 @@ def test_create_new_profile_template_version(self): profile_identity['description'] = 'Identity description' profile = {} - profile['name'] = 'Profile-From-Example-Template' + profile['name'] = profile_template_profile_name profile['description'] = 'Trusted profile created from a template - new version' profile['rules'] = [profile_claim_rule] profile['identities'] = [profile_identity] create_response = iam_identity_service.create_profile_template_version( template_id=profile_template_id, - name='Example-Profile-Template', + name=profile_template_name, description='IAM enterprise trusted profile template example - new version', account_id=enterprise_account_id, profile=profile, @@ -1586,7 +1581,7 @@ def test_create_account_settings_template(self): account_settings['system_access_token_expiration_in_seconds'] = 3000 create_response = iam_identity_service.create_account_settings_template( - name='Example-Account-Settings-Template', + name=account_settings_template_name, description='IAM enterprise account settings template example', account_id=enterprise_account_id, account_settings=account_settings, @@ -1662,7 +1657,7 @@ def test_update_account_settings_template(self): template_id=account_settings_template_id, version=str(account_settings_template_version), if_match=account_settings_template_etag, - name='Example-Account-Settings-Template', + name=account_settings_template_name, description='IAM enterprise account settings template example - updated', account_settings=account_settings, ) @@ -1769,7 +1764,7 @@ def test_create_new_account_settings_template_version(self): create_response = iam_identity_service.create_account_settings_template_version( template_id=account_settings_template_id, - name='Example-Account-Settings-Template', + name=account_settings_template_name, description='IAM enterprise account settings template example - new version', account_id=enterprise_account_id, account_settings=account_settings, @@ -2004,6 +1999,23 @@ def test_delete_preferences_on_scope_account(self): except ApiException as e: pytest.fail(str(e)) + @needscredentials + def test_delete_profile_example(self): + """ + delete_profile request example + """ + try: + # begin-delete_profile + + response = iam_identity_service.delete_profile(profile_id=profile_id) + + # end-delete_profile + + print('\ndelete_profile() response status code: ', response.get_status_code()) + + except ApiException as e: + pytest.fail(str(e)) + # endregion ############################################################################## diff --git a/ibm_platform_services/iam_identity_v1.py b/ibm_platform_services/iam_identity_v1.py index b92ed2d..6d9046c 100644 --- a/ibm_platform_services/iam_identity_v1.py +++ b/ibm_platform_services/iam_identity_v1.py @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# IBM OpenAPI SDK Code Generator Version: 3.106.0-09823488-20250707-071701 +# IBM OpenAPI SDK Code Generator Version: 3.107.1-41b0fbd0-20250825-080732 """ The IAM Identity Service API allows for the management of Account Settings and Identities @@ -2792,6 +2792,7 @@ def get_account_settings( account_id: str, *, include_history: Optional[bool] = None, + resolve_user_mfa: Optional[bool] = None, **kwargs, ) -> DetailedResponse: """ @@ -2802,6 +2803,8 @@ def get_account_settings( :param str account_id: Unique ID of the account. :param bool include_history: (optional) Defines if the entity history is included in the response. + :param bool resolve_user_mfa: (optional) Enrich MFA exemptions with user + PI. :param dict headers: A `dict` containing the request headers :return: A `DetailedResponse` containing the result, headers and HTTP status code. :rtype: DetailedResponse with `dict` result representing a `AccountSettingsResponse` object @@ -2819,6 +2822,7 @@ def get_account_settings( params = { 'include_history': include_history, + 'resolve_user_mfa': resolve_user_mfa, } if 'headers' in kwargs: @@ -2847,14 +2851,16 @@ def update_account_settings( *, restrict_create_service_id: Optional[str] = None, restrict_create_platform_apikey: Optional[str] = None, + restrict_user_list_visibility: Optional[str] = None, + restrict_user_domains: Optional[List['AccountSettingsUserDomainRestriction']] = None, allowed_ip_addresses: Optional[str] = None, mfa: Optional[str] = None, - user_mfa: Optional[List['AccountSettingsUserMFA']] = None, session_expiration_in_seconds: Optional[str] = None, session_invalidation_in_seconds: Optional[str] = None, max_sessions_per_identity: Optional[str] = None, system_access_token_expiration_in_seconds: Optional[str] = None, system_refresh_token_expiration_in_seconds: Optional[str] = None, + user_mfa: Optional[List['UserMfa']] = None, **kwargs, ) -> DetailedResponse: """ @@ -2871,21 +2877,31 @@ def update_account_settings( updates. :param str account_id: The id of the account to update the settings for. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or - not creating platform API keys is access controlled. Valid values: - * RESTRICTED - only users assigned the 'User API key creator' role on the - IAM Identity Service can create API keys, including the account owner - * NOT_RESTRICTED - all members of an account can create platform API keys + not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the + IAM Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: (optional) Defines whether or not + user visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the + account, such as those the user has invited to the account, or descendants + of those users based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the + Users page in IBM Cloud console. + :param List[AccountSettingsUserDomainRestriction] restrict_user_domains: + (optional) Defines if account invitations are restricted to specified + domains. To remove an entry for a realm_id, perform an update (PUT) request + with only the realm_id set. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA trait for the account. Valid - values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -2893,8 +2909,6 @@ def update_account_settings( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[AccountSettingsUserMFA] user_mfa: (optional) List of users that - are exempted from the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -2905,7 +2919,7 @@ def update_account_settings( * Any whole number between '900' and '7200' * NOT_SET - To unset account setting and use service default. :param str max_sessions_per_identity: (optional) Defines the max allowed - sessions per identity required by the account. Value values: + sessions per identity required by the account. Valid values: * Any whole number greater than 0 * NOT_SET - To unset account setting and use service default. :param str system_access_token_expiration_in_seconds: (optional) Defines @@ -2916,6 +2930,8 @@ def update_account_settings( the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default. + :param List[UserMfa] user_mfa: (optional) List of users that are exempted + from the MFA requirement of the account. :param dict headers: A `dict` containing the request headers :return: A `DetailedResponse` containing the result, headers and HTTP status code. :rtype: DetailedResponse with `dict` result representing a `AccountSettingsResponse` object @@ -2925,6 +2941,8 @@ def update_account_settings( raise ValueError('if_match must be provided') if not account_id: raise ValueError('account_id must be provided') + if restrict_user_domains is not None: + restrict_user_domains = [convert_model(x) for x in restrict_user_domains] if user_mfa is not None: user_mfa = [convert_model(x) for x in user_mfa] headers = { @@ -2940,14 +2958,16 @@ def update_account_settings( data = { 'restrict_create_service_id': restrict_create_service_id, 'restrict_create_platform_apikey': restrict_create_platform_apikey, + 'restrict_user_list_visibility': restrict_user_list_visibility, + 'restrict_user_domains': restrict_user_domains, 'allowed_ip_addresses': allowed_ip_addresses, 'mfa': mfa, - 'user_mfa': user_mfa, 'session_expiration_in_seconds': session_expiration_in_seconds, 'session_invalidation_in_seconds': session_invalidation_in_seconds, 'max_sessions_per_identity': max_sessions_per_identity, 'system_access_token_expiration_in_seconds': system_access_token_expiration_in_seconds, 'system_refresh_token_expiration_in_seconds': system_refresh_token_expiration_in_seconds, + 'user_mfa': user_mfa, } data = {k: v for (k, v) in data.items() if v is not None} data = json.dumps(data) @@ -5727,314 +5747,39 @@ def __ne__(self, other: 'AccountBasedMfaEnrollment') -> bool: return not self == other -class AccountSettingsAccountSection: +class AccountSettingsAssignedTemplatesSection: """ - AccountSettingsAccountSection. + Response body format for Account Settings REST requests. - :param str account_id: (optional) Unique ID of the account. + :param str template_id: Template Id. + :param int template_version: Template version. + :param str template_name: Template name. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or not - creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control - * NOT_SET - to 'unset' a previous set value. - :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets - from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA requirement for the user. Valid - values: - * NONE - No MFA trait set - * NONE_NO_ROPC- No MFA, disable CLI logins with only a password - * TOTP - For all non-federated IBMId users - * TOTP4ALL - For all users - * LEVEL1 - Email-based MFA for all users - * LEVEL2 - TOTP-based MFA for all users - * LEVEL3 - U2F MFA for all users. - :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of users - that are exempted from the MFA requirement of the account. - :param List[EnityHistoryRecord] history: (optional) History of the Account - Settings. - :param str session_expiration_in_seconds: (optional) Defines the session - expiration in seconds for the account. Valid values: - * Any whole number between between '900' and '86400' - * NOT_SET - To unset account setting and use service default. - :param str session_invalidation_in_seconds: (optional) Defines the period of - time in seconds in which a session will be invalidated due to inactivity. Valid - values: - * Any whole number between '900' and '7200' - * NOT_SET - To unset account setting and use service default. - :param str max_sessions_per_identity: (optional) Defines the max allowed - sessions per identity required by the account. Valid values: - * Any whole number greater than 0 - * NOT_SET - To unset account setting and use service default. - :param str system_access_token_expiration_in_seconds: (optional) Defines the - access token expiration in seconds. Valid values: - * Any whole number between '900' and '3600' - * NOT_SET - To unset account setting and use service default. - :param str system_refresh_token_expiration_in_seconds: (optional) Defines the - refresh token expiration in seconds. Valid values: - * Any whole number between '900' and '259200' - * NOT_SET - To unset account setting and use service default. - """ - - def __init__( - self, - *, - account_id: Optional[str] = None, - restrict_create_service_id: Optional[str] = None, - restrict_create_platform_apikey: Optional[str] = None, - allowed_ip_addresses: Optional[str] = None, - mfa: Optional[str] = None, - user_mfa: Optional[List['EffectiveAccountSettingsUserMFA']] = None, - history: Optional[List['EnityHistoryRecord']] = None, - session_expiration_in_seconds: Optional[str] = None, - session_invalidation_in_seconds: Optional[str] = None, - max_sessions_per_identity: Optional[str] = None, - system_access_token_expiration_in_seconds: Optional[str] = None, - system_refresh_token_expiration_in_seconds: Optional[str] = None, - ) -> None: - """ - Initialize a AccountSettingsAccountSection object. - - :param str account_id: (optional) Unique ID of the account. - :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: - * RESTRICTED - only users assigned the 'Service ID creator' role on the - IAM Identity Service can create service IDs, including the account owner - * NOT_RESTRICTED - all members of an account can create service IDs - * NOT_SET - to 'unset' a previous set value. - :param str restrict_create_platform_apikey: (optional) Defines whether or - not creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control - * NOT_SET - to 'unset' a previous set value. - :param str allowed_ip_addresses: (optional) Defines the IP addresses and - subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA requirement for the user. Valid - values: - * NONE - No MFA trait set - * NONE_NO_ROPC- No MFA, disable CLI logins with only a password - * TOTP - For all non-federated IBMId users - * TOTP4ALL - For all users - * LEVEL1 - Email-based MFA for all users - * LEVEL2 - TOTP-based MFA for all users - * LEVEL3 - U2F MFA for all users. - :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of - users that are exempted from the MFA requirement of the account. - :param List[EnityHistoryRecord] history: (optional) History of the Account - Settings. - :param str session_expiration_in_seconds: (optional) Defines the session - expiration in seconds for the account. Valid values: - * Any whole number between between '900' and '86400' - * NOT_SET - To unset account setting and use service default. - :param str session_invalidation_in_seconds: (optional) Defines the period - of time in seconds in which a session will be invalidated due to - inactivity. Valid values: - * Any whole number between '900' and '7200' - * NOT_SET - To unset account setting and use service default. - :param str max_sessions_per_identity: (optional) Defines the max allowed - sessions per identity required by the account. Valid values: - * Any whole number greater than 0 - * NOT_SET - To unset account setting and use service default. - :param str system_access_token_expiration_in_seconds: (optional) Defines - the access token expiration in seconds. Valid values: - * Any whole number between '900' and '3600' - * NOT_SET - To unset account setting and use service default. - :param str system_refresh_token_expiration_in_seconds: (optional) Defines - the refresh token expiration in seconds. Valid values: - * Any whole number between '900' and '259200' - * NOT_SET - To unset account setting and use service default. - """ - self.account_id = account_id - self.restrict_create_service_id = restrict_create_service_id - self.restrict_create_platform_apikey = restrict_create_platform_apikey - self.allowed_ip_addresses = allowed_ip_addresses - self.mfa = mfa - self.user_mfa = user_mfa - self.history = history - self.session_expiration_in_seconds = session_expiration_in_seconds - self.session_invalidation_in_seconds = session_invalidation_in_seconds - self.max_sessions_per_identity = max_sessions_per_identity - self.system_access_token_expiration_in_seconds = system_access_token_expiration_in_seconds - self.system_refresh_token_expiration_in_seconds = system_refresh_token_expiration_in_seconds - - @classmethod - def from_dict(cls, _dict: Dict) -> 'AccountSettingsAccountSection': - """Initialize a AccountSettingsAccountSection object from a json dictionary.""" - args = {} - if (account_id := _dict.get('account_id')) is not None: - args['account_id'] = account_id - if (restrict_create_service_id := _dict.get('restrict_create_service_id')) is not None: - args['restrict_create_service_id'] = restrict_create_service_id - if (restrict_create_platform_apikey := _dict.get('restrict_create_platform_apikey')) is not None: - args['restrict_create_platform_apikey'] = restrict_create_platform_apikey - if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None: - args['allowed_ip_addresses'] = allowed_ip_addresses - if (mfa := _dict.get('mfa')) is not None: - args['mfa'] = mfa - if (user_mfa := _dict.get('user_mfa')) is not None: - args['user_mfa'] = [EffectiveAccountSettingsUserMFA.from_dict(v) for v in user_mfa] - if (history := _dict.get('history')) is not None: - args['history'] = [EnityHistoryRecord.from_dict(v) for v in history] - if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None: - args['session_expiration_in_seconds'] = session_expiration_in_seconds - if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None: - args['session_invalidation_in_seconds'] = session_invalidation_in_seconds - if (max_sessions_per_identity := _dict.get('max_sessions_per_identity')) is not None: - args['max_sessions_per_identity'] = max_sessions_per_identity - if ( - system_access_token_expiration_in_seconds := _dict.get('system_access_token_expiration_in_seconds') - ) is not None: - args['system_access_token_expiration_in_seconds'] = system_access_token_expiration_in_seconds - if ( - system_refresh_token_expiration_in_seconds := _dict.get('system_refresh_token_expiration_in_seconds') - ) is not None: - args['system_refresh_token_expiration_in_seconds'] = system_refresh_token_expiration_in_seconds - return cls(**args) - - @classmethod - def _from_dict(cls, _dict): - """Initialize a AccountSettingsAccountSection object from a json dictionary.""" - return cls.from_dict(_dict) - - def to_dict(self) -> Dict: - """Return a json dictionary representing this model.""" - _dict = {} - if hasattr(self, 'account_id') and self.account_id is not None: - _dict['account_id'] = self.account_id - if hasattr(self, 'restrict_create_service_id') and self.restrict_create_service_id is not None: - _dict['restrict_create_service_id'] = self.restrict_create_service_id - if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None: - _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey - if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None: - _dict['allowed_ip_addresses'] = self.allowed_ip_addresses - if hasattr(self, 'mfa') and self.mfa is not None: - _dict['mfa'] = self.mfa - if hasattr(self, 'user_mfa') and self.user_mfa is not None: - user_mfa_list = [] - for v in self.user_mfa: - if isinstance(v, dict): - user_mfa_list.append(v) - else: - user_mfa_list.append(v.to_dict()) - _dict['user_mfa'] = user_mfa_list - if hasattr(self, 'history') and self.history is not None: - history_list = [] - for v in self.history: - if isinstance(v, dict): - history_list.append(v) - else: - history_list.append(v.to_dict()) - _dict['history'] = history_list - if hasattr(self, 'session_expiration_in_seconds') and self.session_expiration_in_seconds is not None: - _dict['session_expiration_in_seconds'] = self.session_expiration_in_seconds - if hasattr(self, 'session_invalidation_in_seconds') and self.session_invalidation_in_seconds is not None: - _dict['session_invalidation_in_seconds'] = self.session_invalidation_in_seconds - if hasattr(self, 'max_sessions_per_identity') and self.max_sessions_per_identity is not None: - _dict['max_sessions_per_identity'] = self.max_sessions_per_identity - if ( - hasattr(self, 'system_access_token_expiration_in_seconds') - and self.system_access_token_expiration_in_seconds is not None - ): - _dict['system_access_token_expiration_in_seconds'] = self.system_access_token_expiration_in_seconds - if ( - hasattr(self, 'system_refresh_token_expiration_in_seconds') - and self.system_refresh_token_expiration_in_seconds is not None - ): - _dict['system_refresh_token_expiration_in_seconds'] = self.system_refresh_token_expiration_in_seconds - return _dict - - def _to_dict(self): - """Return a json dictionary representing this model.""" - return self.to_dict() - - def __str__(self) -> str: - """Return a `str` version of this AccountSettingsAccountSection object.""" - return json.dumps(self.to_dict(), indent=2) - - def __eq__(self, other: 'AccountSettingsAccountSection') -> bool: - """Return `true` when self and other are equal, false otherwise.""" - if not isinstance(other, self.__class__): - return False - return self.__dict__ == other.__dict__ - - def __ne__(self, other: 'AccountSettingsAccountSection') -> bool: - """Return `true` when self and other are not equal, false otherwise.""" - return not self == other - - class RestrictCreateServiceIdEnum(str, Enum): - """ - Defines whether or not creating a service ID is access controlled. Valid values: - * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM - Identity Service can create service IDs, including the account owner - * NOT_RESTRICTED - all members of an account can create service IDs - * NOT_SET - to 'unset' a previous set value. - """ - - RESTRICTED = 'RESTRICTED' - NOT_RESTRICTED = 'NOT_RESTRICTED' - NOT_SET = 'NOT_SET' - - class RestrictCreatePlatformApikeyEnum(str, Enum): - """ - Defines whether or not creating platform API keys is access controlled. Valid - values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control - * NOT_SET - to 'unset' a previous set value. - """ - - RESTRICTED = 'RESTRICTED' - NOT_RESTRICTED = 'NOT_RESTRICTED' - NOT_SET = 'NOT_SET' - - class MfaEnum(str, Enum): - """ - Defines the MFA requirement for the user. Valid values: - * NONE - No MFA trait set - * NONE_NO_ROPC- No MFA, disable CLI logins with only a password - * TOTP - For all non-federated IBMId users - * TOTP4ALL - For all users - * LEVEL1 - Email-based MFA for all users - * LEVEL2 - TOTP-based MFA for all users - * LEVEL3 - U2F MFA for all users. - """ - - NONE = 'NONE' - NONE_NO_ROPC = 'NONE_NO_ROPC' - TOTP = 'TOTP' - TOTP4ALL = 'TOTP4ALL' - LEVEL1 = 'LEVEL1' - LEVEL2 = 'LEVEL2' - LEVEL3 = 'LEVEL3' - - -class AccountSettingsAssignedTemplatesSection: - """ - AccountSettingsAssignedTemplatesSection. - - :param str template_id: (optional) Template Id. - :param int template_version: (optional) Template version. - :param str template_name: (optional) Template name. - :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. - :param str restrict_create_platform_apikey: (optional) Defines whether or not - creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control - * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: (optional) Defines whether or not user + visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the account, + such as those the user has invited to the account, or descendants of those users + based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the Users + page in IBM Cloud console. + :param List[AccountSettingsUserDomainRestriction] restrict_user_domains: + (optional) Defines if account invitations are restricted to specified domains. + To remove an entry for a realm_id, perform an update (PUT) request with only the + realm_id set. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA requirement for the user. Valid - values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6042,8 +5787,6 @@ class AccountSettingsAssignedTemplatesSection: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of users - that are exempted from the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -6065,46 +5808,61 @@ class AccountSettingsAssignedTemplatesSection: refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default. + :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of users + that are exempted from the MFA requirement of the account. """ def __init__( self, + template_id: str, + template_version: int, + template_name: str, *, - template_id: Optional[str] = None, - template_version: Optional[int] = None, - template_name: Optional[str] = None, restrict_create_service_id: Optional[str] = None, restrict_create_platform_apikey: Optional[str] = None, + restrict_user_list_visibility: Optional[str] = None, + restrict_user_domains: Optional[List['AccountSettingsUserDomainRestriction']] = None, allowed_ip_addresses: Optional[str] = None, mfa: Optional[str] = None, - user_mfa: Optional[List['EffectiveAccountSettingsUserMFA']] = None, session_expiration_in_seconds: Optional[str] = None, session_invalidation_in_seconds: Optional[str] = None, max_sessions_per_identity: Optional[str] = None, system_access_token_expiration_in_seconds: Optional[str] = None, system_refresh_token_expiration_in_seconds: Optional[str] = None, + user_mfa: Optional[List['AccountSettingsUserMFAResponse']] = None, ) -> None: """ Initialize a AccountSettingsAssignedTemplatesSection object. - :param str template_id: (optional) Template Id. - :param int template_version: (optional) Template version. - :param str template_name: (optional) Template name. + :param str template_id: Template Id. + :param int template_version: Template version. + :param str template_name: Template name. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or - not creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the + IAM Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: (optional) Defines whether or not + user visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the + account, such as those the user has invited to the account, or descendants + of those users based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the + Users page in IBM Cloud console. + :param List[AccountSettingsUserDomainRestriction] restrict_user_domains: + (optional) Defines if account invitations are restricted to specified + domains. To remove an entry for a realm_id, perform an update (PUT) request + with only the realm_id set. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA requirement for the user. Valid - values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6112,8 +5870,6 @@ def __init__( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of - users that are exempted from the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -6135,20 +5891,24 @@ def __init__( the refresh token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default. + :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of + users that are exempted from the MFA requirement of the account. """ self.template_id = template_id self.template_version = template_version self.template_name = template_name self.restrict_create_service_id = restrict_create_service_id self.restrict_create_platform_apikey = restrict_create_platform_apikey + self.restrict_user_list_visibility = restrict_user_list_visibility + self.restrict_user_domains = restrict_user_domains self.allowed_ip_addresses = allowed_ip_addresses self.mfa = mfa - self.user_mfa = user_mfa self.session_expiration_in_seconds = session_expiration_in_seconds self.session_invalidation_in_seconds = session_invalidation_in_seconds self.max_sessions_per_identity = max_sessions_per_identity self.system_access_token_expiration_in_seconds = system_access_token_expiration_in_seconds self.system_refresh_token_expiration_in_seconds = system_refresh_token_expiration_in_seconds + self.user_mfa = user_mfa @classmethod def from_dict(cls, _dict: Dict) -> 'AccountSettingsAssignedTemplatesSection': @@ -6156,20 +5916,36 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsAssignedTemplatesSection': args = {} if (template_id := _dict.get('template_id')) is not None: args['template_id'] = template_id + else: + raise ValueError( + 'Required property \'template_id\' not present in AccountSettingsAssignedTemplatesSection JSON' + ) if (template_version := _dict.get('template_version')) is not None: args['template_version'] = template_version + else: + raise ValueError( + 'Required property \'template_version\' not present in AccountSettingsAssignedTemplatesSection JSON' + ) if (template_name := _dict.get('template_name')) is not None: args['template_name'] = template_name + else: + raise ValueError( + 'Required property \'template_name\' not present in AccountSettingsAssignedTemplatesSection JSON' + ) if (restrict_create_service_id := _dict.get('restrict_create_service_id')) is not None: args['restrict_create_service_id'] = restrict_create_service_id if (restrict_create_platform_apikey := _dict.get('restrict_create_platform_apikey')) is not None: args['restrict_create_platform_apikey'] = restrict_create_platform_apikey + if (restrict_user_list_visibility := _dict.get('restrict_user_list_visibility')) is not None: + args['restrict_user_list_visibility'] = restrict_user_list_visibility + if (restrict_user_domains := _dict.get('restrict_user_domains')) is not None: + args['restrict_user_domains'] = [ + AccountSettingsUserDomainRestriction.from_dict(v) for v in restrict_user_domains + ] if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None: args['allowed_ip_addresses'] = allowed_ip_addresses if (mfa := _dict.get('mfa')) is not None: args['mfa'] = mfa - if (user_mfa := _dict.get('user_mfa')) is not None: - args['user_mfa'] = [EffectiveAccountSettingsUserMFA.from_dict(v) for v in user_mfa] if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None: args['session_expiration_in_seconds'] = session_expiration_in_seconds if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None: @@ -6184,6 +5960,8 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsAssignedTemplatesSection': system_refresh_token_expiration_in_seconds := _dict.get('system_refresh_token_expiration_in_seconds') ) is not None: args['system_refresh_token_expiration_in_seconds'] = system_refresh_token_expiration_in_seconds + if (user_mfa := _dict.get('user_mfa')) is not None: + args['user_mfa'] = [AccountSettingsUserMFAResponse.from_dict(v) for v in user_mfa] return cls(**args) @classmethod @@ -6204,18 +5982,20 @@ def to_dict(self) -> Dict: _dict['restrict_create_service_id'] = self.restrict_create_service_id if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None: _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey + if hasattr(self, 'restrict_user_list_visibility') and self.restrict_user_list_visibility is not None: + _dict['restrict_user_list_visibility'] = self.restrict_user_list_visibility + if hasattr(self, 'restrict_user_domains') and self.restrict_user_domains is not None: + restrict_user_domains_list = [] + for v in self.restrict_user_domains: + if isinstance(v, dict): + restrict_user_domains_list.append(v) + else: + restrict_user_domains_list.append(v.to_dict()) + _dict['restrict_user_domains'] = restrict_user_domains_list if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None: _dict['allowed_ip_addresses'] = self.allowed_ip_addresses if hasattr(self, 'mfa') and self.mfa is not None: _dict['mfa'] = self.mfa - if hasattr(self, 'user_mfa') and self.user_mfa is not None: - user_mfa_list = [] - for v in self.user_mfa: - if isinstance(v, dict): - user_mfa_list.append(v) - else: - user_mfa_list.append(v.to_dict()) - _dict['user_mfa'] = user_mfa_list if hasattr(self, 'session_expiration_in_seconds') and self.session_expiration_in_seconds is not None: _dict['session_expiration_in_seconds'] = self.session_expiration_in_seconds if hasattr(self, 'session_invalidation_in_seconds') and self.session_invalidation_in_seconds is not None: @@ -6232,6 +6012,14 @@ def to_dict(self) -> Dict: and self.system_refresh_token_expiration_in_seconds is not None ): _dict['system_refresh_token_expiration_in_seconds'] = self.system_refresh_token_expiration_in_seconds + if hasattr(self, 'user_mfa') and self.user_mfa is not None: + user_mfa_list = [] + for v in self.user_mfa: + if isinstance(v, dict): + user_mfa_list.append(v) + else: + user_mfa_list.append(v.to_dict()) + _dict['user_mfa'] = user_mfa_list return _dict def _to_dict(self): @@ -6254,7 +6042,7 @@ def __ne__(self, other: 'AccountSettingsAssignedTemplatesSection') -> bool: class RestrictCreateServiceIdEnum(str, Enum): """ - Defines whether or not creating a service ID is access controlled. Valid values: + Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs @@ -6267,10 +6055,10 @@ class RestrictCreateServiceIdEnum(str, Enum): class RestrictCreatePlatformApikeyEnum(str, Enum): """ - Defines whether or not creating platform API keys is access controlled. Valid - values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + Defines whether or not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. """ @@ -6278,9 +6066,22 @@ class RestrictCreatePlatformApikeyEnum(str, Enum): NOT_RESTRICTED = 'NOT_RESTRICTED' NOT_SET = 'NOT_SET' + class RestrictUserListVisibilityEnum(str, Enum): + """ + Defines whether or not user visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the account, such + as those the user has invited to the account, or descendants of those users based + on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the Users + page in IBM Cloud console. + """ + + NOT_RESTRICTED = 'NOT_RESTRICTED' + RESTRICTED = 'RESTRICTED' + class MfaEnum(str, Enum): """ - Defines the MFA requirement for the user. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6304,19 +6105,20 @@ class AccountSettingsComponent: AccountSettingsComponent. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or not - creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA trait for the account. Valid values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6324,8 +6126,8 @@ class AccountSettingsComponent: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[AccountSettingsUserMFA] user_mfa: (optional) List of users that are - exempted from the MFA requirement of the account. + :param List[UserMfa] user_mfa: (optional) List of users that are exempted from + the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -6356,7 +6158,7 @@ def __init__( restrict_create_platform_apikey: Optional[str] = None, allowed_ip_addresses: Optional[str] = None, mfa: Optional[str] = None, - user_mfa: Optional[List['AccountSettingsUserMFA']] = None, + user_mfa: Optional[List['UserMfa']] = None, session_expiration_in_seconds: Optional[str] = None, session_invalidation_in_seconds: Optional[str] = None, max_sessions_per_identity: Optional[str] = None, @@ -6367,20 +6169,20 @@ def __init__( Initialize a AccountSettingsComponent object. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or - not creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the + IAM Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA trait for the account. Valid - values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6388,8 +6190,8 @@ def __init__( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[AccountSettingsUserMFA] user_mfa: (optional) List of users that - are exempted from the MFA requirement of the account. + :param List[UserMfa] user_mfa: (optional) List of users that are exempted + from the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -6436,7 +6238,7 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsComponent': if (mfa := _dict.get('mfa')) is not None: args['mfa'] = mfa if (user_mfa := _dict.get('user_mfa')) is not None: - args['user_mfa'] = [AccountSettingsUserMFA.from_dict(v) for v in user_mfa] + args['user_mfa'] = [UserMfa.from_dict(v) for v in user_mfa] if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None: args['session_expiration_in_seconds'] = session_expiration_in_seconds if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None: @@ -6515,7 +6317,7 @@ def __ne__(self, other: 'AccountSettingsComponent') -> bool: class RestrictCreateServiceIdEnum(str, Enum): """ - Defines whether or not creating a service ID is access controlled. Valid values: + Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs @@ -6528,10 +6330,10 @@ class RestrictCreateServiceIdEnum(str, Enum): class RestrictCreatePlatformApikeyEnum(str, Enum): """ - Defines whether or not creating platform API keys is access controlled. Valid - values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + Defines whether or not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. """ @@ -6541,7 +6343,7 @@ class RestrictCreatePlatformApikeyEnum(str, Enum): class MfaEnum(str, Enum): """ - Defines the MFA trait for the account. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6565,20 +6367,27 @@ class AccountSettingsEffectiveSection: AccountSettingsEffectiveSection. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or not - creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: (optional) Defines whether or not user + visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the account, + such as those the user has invited to the account, or descendants of those users + based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the Users + page in IBM Cloud console. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA requirement for the user. Valid - values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6586,7 +6395,7 @@ class AccountSettingsEffectiveSection: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of users + :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of users that are exempted from the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: @@ -6616,9 +6425,10 @@ def __init__( *, restrict_create_service_id: Optional[str] = None, restrict_create_platform_apikey: Optional[str] = None, + restrict_user_list_visibility: Optional[str] = None, allowed_ip_addresses: Optional[str] = None, mfa: Optional[str] = None, - user_mfa: Optional[List['EffectiveAccountSettingsUserMFA']] = None, + user_mfa: Optional[List['AccountSettingsUserMFAResponse']] = None, session_expiration_in_seconds: Optional[str] = None, session_invalidation_in_seconds: Optional[str] = None, max_sessions_per_identity: Optional[str] = None, @@ -6629,20 +6439,27 @@ def __init__( Initialize a AccountSettingsEffectiveSection object. :param str restrict_create_service_id: (optional) Defines whether or not - creating a service ID is access controlled. Valid values: + creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: (optional) Defines whether or - not creating platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the + IAM Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: (optional) Defines whether or not + user visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the + account, such as those the user has invited to the account, or descendants + of those users based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the + Users page in IBM Cloud console. :param str allowed_ip_addresses: (optional) Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str mfa: (optional) Defines the MFA requirement for the user. Valid - values: + :param str mfa: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6650,7 +6467,7 @@ def __init__( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[EffectiveAccountSettingsUserMFA] user_mfa: (optional) List of + :param List[AccountSettingsUserMFAResponse] user_mfa: (optional) List of users that are exempted from the MFA requirement of the account. :param str session_expiration_in_seconds: (optional) Defines the session expiration in seconds for the account. Valid values: @@ -6676,6 +6493,7 @@ def __init__( """ self.restrict_create_service_id = restrict_create_service_id self.restrict_create_platform_apikey = restrict_create_platform_apikey + self.restrict_user_list_visibility = restrict_user_list_visibility self.allowed_ip_addresses = allowed_ip_addresses self.mfa = mfa self.user_mfa = user_mfa @@ -6693,12 +6511,14 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsEffectiveSection': args['restrict_create_service_id'] = restrict_create_service_id if (restrict_create_platform_apikey := _dict.get('restrict_create_platform_apikey')) is not None: args['restrict_create_platform_apikey'] = restrict_create_platform_apikey + if (restrict_user_list_visibility := _dict.get('restrict_user_list_visibility')) is not None: + args['restrict_user_list_visibility'] = restrict_user_list_visibility if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None: args['allowed_ip_addresses'] = allowed_ip_addresses if (mfa := _dict.get('mfa')) is not None: args['mfa'] = mfa if (user_mfa := _dict.get('user_mfa')) is not None: - args['user_mfa'] = [EffectiveAccountSettingsUserMFA.from_dict(v) for v in user_mfa] + args['user_mfa'] = [AccountSettingsUserMFAResponse.from_dict(v) for v in user_mfa] if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None: args['session_expiration_in_seconds'] = session_expiration_in_seconds if (session_invalidation_in_seconds := _dict.get('session_invalidation_in_seconds')) is not None: @@ -6727,6 +6547,8 @@ def to_dict(self) -> Dict: _dict['restrict_create_service_id'] = self.restrict_create_service_id if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None: _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey + if hasattr(self, 'restrict_user_list_visibility') and self.restrict_user_list_visibility is not None: + _dict['restrict_user_list_visibility'] = self.restrict_user_list_visibility if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None: _dict['allowed_ip_addresses'] = self.allowed_ip_addresses if hasattr(self, 'mfa') and self.mfa is not None: @@ -6777,7 +6599,7 @@ def __ne__(self, other: 'AccountSettingsEffectiveSection') -> bool: class RestrictCreateServiceIdEnum(str, Enum): """ - Defines whether or not creating a service ID is access controlled. Valid values: + Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs @@ -6790,10 +6612,10 @@ class RestrictCreateServiceIdEnum(str, Enum): class RestrictCreatePlatformApikeyEnum(str, Enum): """ - Defines whether or not creating platform API keys is access controlled. Valid - values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + Defines whether or not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. """ @@ -6801,9 +6623,22 @@ class RestrictCreatePlatformApikeyEnum(str, Enum): NOT_RESTRICTED = 'NOT_RESTRICTED' NOT_SET = 'NOT_SET' + class RestrictUserListVisibilityEnum(str, Enum): + """ + Defines whether or not user visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the account, such + as those the user has invited to the account, or descendants of those users based + on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the Users + page in IBM Cloud console. + """ + + NOT_RESTRICTED = 'NOT_RESTRICTED' + RESTRICTED = 'RESTRICTED' + class MfaEnum(str, Enum): """ - Defines the MFA requirement for the user. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6824,26 +6659,39 @@ class MfaEnum(str, Enum): class AccountSettingsResponse: """ - Response body format for Account Settings REST requests. + Input body parameters for the Account Settings REST request. :param ResponseContext context: (optional) Context with key properties for problem determination. :param str account_id: Unique ID of the account. - :param str restrict_create_service_id: Defines whether or not creating a service - ID is access controlled. Valid values: + :param str entity_tag: Version of the account settings. + :param List[EnityHistoryRecord] history: (optional) History of the Account + Settings. + :param str restrict_create_service_id: Defines whether or not creating the + resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. - :param str restrict_create_platform_apikey: Defines whether or not creating - platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + :param str restrict_create_platform_apikey: Defines whether or not creating the + resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: Defines whether or not user visibility + is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the account, + such as those the user has invited to the account, or descendants of those users + based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the Users + page in IBM Cloud console. + :param List[AccountSettingsUserDomainRestriction] restrict_user_domains: Defines + if account invitations are restricted to specified domains. To remove an entry + for a realm_id, perform an update (PUT) request with only the realm_id set. :param str allowed_ip_addresses: Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str entity_tag: Version of the account settings. - :param str mfa: Defines the MFA trait for the account. Valid values: + :param str mfa: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6851,10 +6699,6 @@ class AccountSettingsResponse: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[AccountSettingsUserMFA] user_mfa: List of users that are exempted - from the MFA requirement of the account. - :param List[EnityHistoryRecord] history: (optional) History of the Account - Settings. :param str session_expiration_in_seconds: Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -6875,22 +6719,26 @@ class AccountSettingsResponse: expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default. + :param List[AccountSettingsUserMFAResponse] user_mfa: List of users that are + exempted from the MFA requirement of the account. """ def __init__( self, account_id: str, + entity_tag: str, restrict_create_service_id: str, restrict_create_platform_apikey: str, + restrict_user_list_visibility: str, + restrict_user_domains: List['AccountSettingsUserDomainRestriction'], allowed_ip_addresses: str, - entity_tag: str, mfa: str, - user_mfa: List['AccountSettingsUserMFA'], session_expiration_in_seconds: str, session_invalidation_in_seconds: str, max_sessions_per_identity: str, system_access_token_expiration_in_seconds: str, system_refresh_token_expiration_in_seconds: str, + user_mfa: List['AccountSettingsUserMFAResponse'], *, context: Optional['ResponseContext'] = None, history: Optional[List['EnityHistoryRecord']] = None, @@ -6899,21 +6747,33 @@ def __init__( Initialize a AccountSettingsResponse object. :param str account_id: Unique ID of the account. - :param str restrict_create_service_id: Defines whether or not creating a - service ID is access controlled. Valid values: + :param str entity_tag: Version of the account settings. + :param str restrict_create_service_id: Defines whether or not creating the + resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. :param str restrict_create_platform_apikey: Defines whether or not creating - platform API keys is access controlled. Valid values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the + IAM Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. + :param str restrict_user_list_visibility: Defines whether or not user + visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the + account, such as those the user has invited to the account, or descendants + of those users based on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the + Users page in IBM Cloud console. + :param List[AccountSettingsUserDomainRestriction] restrict_user_domains: + Defines if account invitations are restricted to specified domains. To + remove an entry for a realm_id, perform an update (PUT) request with only + the realm_id set. :param str allowed_ip_addresses: Defines the IP addresses and subnets from which IAM tokens can be created for the account. - :param str entity_tag: Version of the account settings. - :param str mfa: Defines the MFA trait for the account. Valid values: + :param str mfa: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -6921,8 +6781,6 @@ def __init__( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param List[AccountSettingsUserMFA] user_mfa: List of users that are - exempted from the MFA requirement of the account. :param str session_expiration_in_seconds: Defines the session expiration in seconds for the account. Valid values: * Any whole number between between '900' and '86400' @@ -6944,6 +6802,8 @@ def __init__( token expiration in seconds. Valid values: * Any whole number between '900' and '259200' * NOT_SET - To unset account setting and use service default. + :param List[AccountSettingsUserMFAResponse] user_mfa: List of users that + are exempted from the MFA requirement of the account. :param ResponseContext context: (optional) Context with key properties for problem determination. :param List[EnityHistoryRecord] history: (optional) History of the Account @@ -6951,18 +6811,20 @@ def __init__( """ self.context = context self.account_id = account_id + self.entity_tag = entity_tag + self.history = history self.restrict_create_service_id = restrict_create_service_id self.restrict_create_platform_apikey = restrict_create_platform_apikey + self.restrict_user_list_visibility = restrict_user_list_visibility + self.restrict_user_domains = restrict_user_domains self.allowed_ip_addresses = allowed_ip_addresses - self.entity_tag = entity_tag self.mfa = mfa - self.user_mfa = user_mfa - self.history = history self.session_expiration_in_seconds = session_expiration_in_seconds self.session_invalidation_in_seconds = session_invalidation_in_seconds self.max_sessions_per_identity = max_sessions_per_identity self.system_access_token_expiration_in_seconds = system_access_token_expiration_in_seconds self.system_refresh_token_expiration_in_seconds = system_refresh_token_expiration_in_seconds + self.user_mfa = user_mfa @classmethod def from_dict(cls, _dict: Dict) -> 'AccountSettingsResponse': @@ -6974,6 +6836,12 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsResponse': args['account_id'] = account_id else: raise ValueError('Required property \'account_id\' not present in AccountSettingsResponse JSON') + if (entity_tag := _dict.get('entity_tag')) is not None: + args['entity_tag'] = entity_tag + else: + raise ValueError('Required property \'entity_tag\' not present in AccountSettingsResponse JSON') + if (history := _dict.get('history')) is not None: + args['history'] = [EnityHistoryRecord.from_dict(v) for v in history] if (restrict_create_service_id := _dict.get('restrict_create_service_id')) is not None: args['restrict_create_service_id'] = restrict_create_service_id else: @@ -6986,24 +6854,26 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsResponse': raise ValueError( 'Required property \'restrict_create_platform_apikey\' not present in AccountSettingsResponse JSON' ) + if (restrict_user_list_visibility := _dict.get('restrict_user_list_visibility')) is not None: + args['restrict_user_list_visibility'] = restrict_user_list_visibility + else: + raise ValueError( + 'Required property \'restrict_user_list_visibility\' not present in AccountSettingsResponse JSON' + ) + if (restrict_user_domains := _dict.get('restrict_user_domains')) is not None: + args['restrict_user_domains'] = [ + AccountSettingsUserDomainRestriction.from_dict(v) for v in restrict_user_domains + ] + else: + raise ValueError('Required property \'restrict_user_domains\' not present in AccountSettingsResponse JSON') if (allowed_ip_addresses := _dict.get('allowed_ip_addresses')) is not None: args['allowed_ip_addresses'] = allowed_ip_addresses else: raise ValueError('Required property \'allowed_ip_addresses\' not present in AccountSettingsResponse JSON') - if (entity_tag := _dict.get('entity_tag')) is not None: - args['entity_tag'] = entity_tag - else: - raise ValueError('Required property \'entity_tag\' not present in AccountSettingsResponse JSON') if (mfa := _dict.get('mfa')) is not None: args['mfa'] = mfa else: raise ValueError('Required property \'mfa\' not present in AccountSettingsResponse JSON') - if (user_mfa := _dict.get('user_mfa')) is not None: - args['user_mfa'] = [AccountSettingsUserMFA.from_dict(v) for v in user_mfa] - else: - raise ValueError('Required property \'user_mfa\' not present in AccountSettingsResponse JSON') - if (history := _dict.get('history')) is not None: - args['history'] = [EnityHistoryRecord.from_dict(v) for v in history] if (session_expiration_in_seconds := _dict.get('session_expiration_in_seconds')) is not None: args['session_expiration_in_seconds'] = session_expiration_in_seconds else: @@ -7038,6 +6908,10 @@ def from_dict(cls, _dict: Dict) -> 'AccountSettingsResponse': raise ValueError( 'Required property \'system_refresh_token_expiration_in_seconds\' not present in AccountSettingsResponse JSON' ) + if (user_mfa := _dict.get('user_mfa')) is not None: + args['user_mfa'] = [AccountSettingsUserMFAResponse.from_dict(v) for v in user_mfa] + else: + raise ValueError('Required property \'user_mfa\' not present in AccountSettingsResponse JSON') return cls(**args) @classmethod @@ -7055,24 +6929,8 @@ def to_dict(self) -> Dict: _dict['context'] = self.context.to_dict() if hasattr(self, 'account_id') and self.account_id is not None: _dict['account_id'] = self.account_id - if hasattr(self, 'restrict_create_service_id') and self.restrict_create_service_id is not None: - _dict['restrict_create_service_id'] = self.restrict_create_service_id - if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None: - _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey - if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None: - _dict['allowed_ip_addresses'] = self.allowed_ip_addresses if hasattr(self, 'entity_tag') and self.entity_tag is not None: _dict['entity_tag'] = self.entity_tag - if hasattr(self, 'mfa') and self.mfa is not None: - _dict['mfa'] = self.mfa - if hasattr(self, 'user_mfa') and self.user_mfa is not None: - user_mfa_list = [] - for v in self.user_mfa: - if isinstance(v, dict): - user_mfa_list.append(v) - else: - user_mfa_list.append(v.to_dict()) - _dict['user_mfa'] = user_mfa_list if hasattr(self, 'history') and self.history is not None: history_list = [] for v in self.history: @@ -7081,6 +6939,24 @@ def to_dict(self) -> Dict: else: history_list.append(v.to_dict()) _dict['history'] = history_list + if hasattr(self, 'restrict_create_service_id') and self.restrict_create_service_id is not None: + _dict['restrict_create_service_id'] = self.restrict_create_service_id + if hasattr(self, 'restrict_create_platform_apikey') and self.restrict_create_platform_apikey is not None: + _dict['restrict_create_platform_apikey'] = self.restrict_create_platform_apikey + if hasattr(self, 'restrict_user_list_visibility') and self.restrict_user_list_visibility is not None: + _dict['restrict_user_list_visibility'] = self.restrict_user_list_visibility + if hasattr(self, 'restrict_user_domains') and self.restrict_user_domains is not None: + restrict_user_domains_list = [] + for v in self.restrict_user_domains: + if isinstance(v, dict): + restrict_user_domains_list.append(v) + else: + restrict_user_domains_list.append(v.to_dict()) + _dict['restrict_user_domains'] = restrict_user_domains_list + if hasattr(self, 'allowed_ip_addresses') and self.allowed_ip_addresses is not None: + _dict['allowed_ip_addresses'] = self.allowed_ip_addresses + if hasattr(self, 'mfa') and self.mfa is not None: + _dict['mfa'] = self.mfa if hasattr(self, 'session_expiration_in_seconds') and self.session_expiration_in_seconds is not None: _dict['session_expiration_in_seconds'] = self.session_expiration_in_seconds if hasattr(self, 'session_invalidation_in_seconds') and self.session_invalidation_in_seconds is not None: @@ -7097,6 +6973,14 @@ def to_dict(self) -> Dict: and self.system_refresh_token_expiration_in_seconds is not None ): _dict['system_refresh_token_expiration_in_seconds'] = self.system_refresh_token_expiration_in_seconds + if hasattr(self, 'user_mfa') and self.user_mfa is not None: + user_mfa_list = [] + for v in self.user_mfa: + if isinstance(v, dict): + user_mfa_list.append(v) + else: + user_mfa_list.append(v.to_dict()) + _dict['user_mfa'] = user_mfa_list return _dict def _to_dict(self): @@ -7119,7 +7003,7 @@ def __ne__(self, other: 'AccountSettingsResponse') -> bool: class RestrictCreateServiceIdEnum(str, Enum): """ - Defines whether or not creating a service ID is access controlled. Valid values: + Defines whether or not creating the resource is access controlled. Valid values: * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM Identity Service can create service IDs, including the account owner * NOT_RESTRICTED - all members of an account can create service IDs @@ -7132,10 +7016,10 @@ class RestrictCreateServiceIdEnum(str, Enum): class RestrictCreatePlatformApikeyEnum(str, Enum): """ - Defines whether or not creating platform API keys is access controlled. Valid - values: - * RESTRICTED - to apply access control - * NOT_RESTRICTED - to remove access control + Defines whether or not creating the resource is access controlled. Valid values: + * RESTRICTED - only users assigned the 'Service ID creator' role on the IAM + Identity Service can create service IDs, including the account owner + * NOT_RESTRICTED - all members of an account can create service IDs * NOT_SET - to 'unset' a previous set value. """ @@ -7143,9 +7027,22 @@ class RestrictCreatePlatformApikeyEnum(str, Enum): NOT_RESTRICTED = 'NOT_RESTRICTED' NOT_SET = 'NOT_SET' + class RestrictUserListVisibilityEnum(str, Enum): + """ + Defines whether or not user visibility is access controlled. Valid values: + * RESTRICTED - users can view only specific types of users in the account, such + as those the user has invited to the account, or descendants of those users based + on the classic infrastructure hierarchy + * NOT_RESTRICTED - any user in the account can view other users from the Users + page in IBM Cloud console. + """ + + NOT_RESTRICTED = 'NOT_RESTRICTED' + RESTRICTED = 'RESTRICTED' + class MfaEnum(str, Enum): """ - Defines the MFA trait for the account. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -7483,26 +7380,113 @@ def _to_dict(self): return self.to_dict() def __str__(self) -> str: - """Return a `str` version of this AccountSettingsTemplateResponse object.""" + """Return a `str` version of this AccountSettingsTemplateResponse object.""" + return json.dumps(self.to_dict(), indent=2) + + def __eq__(self, other: 'AccountSettingsTemplateResponse') -> bool: + """Return `true` when self and other are equal, false otherwise.""" + if not isinstance(other, self.__class__): + return False + return self.__dict__ == other.__dict__ + + def __ne__(self, other: 'AccountSettingsTemplateResponse') -> bool: + """Return `true` when self and other are not equal, false otherwise.""" + return not self == other + + +class AccountSettingsUserDomainRestriction: + """ + Input body parameters for the Account Settings REST request. + + :param str realm_id: The realm that the restrictions apply to. + :param List[str] invitation_email_allow_patterns: (optional) The list of allowed + email patterns. Wildcard syntax is supported, '*' represents any sequence of + zero or more characters in the string, except for '.' and '@'. The sequence ends + if a '.' or '@' was found. '**' represents any sequence of zero or more + characters in the string - without limit. + :param bool restrict_invitation: (optional) When true invites will only be + possible to the domain patterns provided, otherwise invites are unrestricted. + """ + + def __init__( + self, + realm_id: str, + *, + invitation_email_allow_patterns: Optional[List[str]] = None, + restrict_invitation: Optional[bool] = None, + ) -> None: + """ + Initialize a AccountSettingsUserDomainRestriction object. + + :param str realm_id: The realm that the restrictions apply to. + :param List[str] invitation_email_allow_patterns: (optional) The list of + allowed email patterns. Wildcard syntax is supported, '*' represents any + sequence of zero or more characters in the string, except for '.' and '@'. + The sequence ends if a '.' or '@' was found. '**' represents any sequence + of zero or more characters in the string - without limit. + :param bool restrict_invitation: (optional) When true invites will only be + possible to the domain patterns provided, otherwise invites are + unrestricted. + """ + self.realm_id = realm_id + self.invitation_email_allow_patterns = invitation_email_allow_patterns + self.restrict_invitation = restrict_invitation + + @classmethod + def from_dict(cls, _dict: Dict) -> 'AccountSettingsUserDomainRestriction': + """Initialize a AccountSettingsUserDomainRestriction object from a json dictionary.""" + args = {} + if (realm_id := _dict.get('realm_id')) is not None: + args['realm_id'] = realm_id + else: + raise ValueError('Required property \'realm_id\' not present in AccountSettingsUserDomainRestriction JSON') + if (invitation_email_allow_patterns := _dict.get('invitation_email_allow_patterns')) is not None: + args['invitation_email_allow_patterns'] = invitation_email_allow_patterns + if (restrict_invitation := _dict.get('restrict_invitation')) is not None: + args['restrict_invitation'] = restrict_invitation + return cls(**args) + + @classmethod + def _from_dict(cls, _dict): + """Initialize a AccountSettingsUserDomainRestriction object from a json dictionary.""" + return cls.from_dict(_dict) + + def to_dict(self) -> Dict: + """Return a json dictionary representing this model.""" + _dict = {} + if hasattr(self, 'realm_id') and self.realm_id is not None: + _dict['realm_id'] = self.realm_id + if hasattr(self, 'invitation_email_allow_patterns') and self.invitation_email_allow_patterns is not None: + _dict['invitation_email_allow_patterns'] = self.invitation_email_allow_patterns + if hasattr(self, 'restrict_invitation') and self.restrict_invitation is not None: + _dict['restrict_invitation'] = self.restrict_invitation + return _dict + + def _to_dict(self): + """Return a json dictionary representing this model.""" + return self.to_dict() + + def __str__(self) -> str: + """Return a `str` version of this AccountSettingsUserDomainRestriction object.""" return json.dumps(self.to_dict(), indent=2) - def __eq__(self, other: 'AccountSettingsTemplateResponse') -> bool: + def __eq__(self, other: 'AccountSettingsUserDomainRestriction') -> bool: """Return `true` when self and other are equal, false otherwise.""" if not isinstance(other, self.__class__): return False return self.__dict__ == other.__dict__ - def __ne__(self, other: 'AccountSettingsTemplateResponse') -> bool: + def __ne__(self, other: 'AccountSettingsUserDomainRestriction') -> bool: """Return `true` when self and other are not equal, false otherwise.""" return not self == other -class AccountSettingsUserMFA: +class AccountSettingsUserMFAResponse: """ - AccountSettingsUserMFA. + AccountSettingsUserMFAResponse. :param str iam_id: The iam_id of the user. - :param str mfa: Defines the MFA requirement for the user. Valid values: + :param str mfa: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -7510,18 +7494,27 @@ class AccountSettingsUserMFA: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. + :param str name: (optional) name of the user account. + :param str user_name: (optional) userName of the user. + :param str email: (optional) email of the user. + :param str description: (optional) optional description. """ def __init__( self, iam_id: str, mfa: str, + *, + name: Optional[str] = None, + user_name: Optional[str] = None, + email: Optional[str] = None, + description: Optional[str] = None, ) -> None: """ - Initialize a AccountSettingsUserMFA object. + Initialize a AccountSettingsUserMFAResponse object. :param str iam_id: The iam_id of the user. - :param str mfa: Defines the MFA requirement for the user. Valid values: + :param str mfa: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -7529,27 +7522,43 @@ def __init__( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. + :param str name: (optional) name of the user account. + :param str user_name: (optional) userName of the user. + :param str email: (optional) email of the user. + :param str description: (optional) optional description. """ self.iam_id = iam_id self.mfa = mfa + self.name = name + self.user_name = user_name + self.email = email + self.description = description @classmethod - def from_dict(cls, _dict: Dict) -> 'AccountSettingsUserMFA': - """Initialize a AccountSettingsUserMFA object from a json dictionary.""" + def from_dict(cls, _dict: Dict) -> 'AccountSettingsUserMFAResponse': + """Initialize a AccountSettingsUserMFAResponse object from a json dictionary.""" args = {} if (iam_id := _dict.get('iam_id')) is not None: args['iam_id'] = iam_id else: - raise ValueError('Required property \'iam_id\' not present in AccountSettingsUserMFA JSON') + raise ValueError('Required property \'iam_id\' not present in AccountSettingsUserMFAResponse JSON') if (mfa := _dict.get('mfa')) is not None: args['mfa'] = mfa else: - raise ValueError('Required property \'mfa\' not present in AccountSettingsUserMFA JSON') + raise ValueError('Required property \'mfa\' not present in AccountSettingsUserMFAResponse JSON') + if (name := _dict.get('name')) is not None: + args['name'] = name + if (user_name := _dict.get('userName')) is not None: + args['user_name'] = user_name + if (email := _dict.get('email')) is not None: + args['email'] = email + if (description := _dict.get('description')) is not None: + args['description'] = description return cls(**args) @classmethod def _from_dict(cls, _dict): - """Initialize a AccountSettingsUserMFA object from a json dictionary.""" + """Initialize a AccountSettingsUserMFAResponse object from a json dictionary.""" return cls.from_dict(_dict) def to_dict(self) -> Dict: @@ -7559,6 +7568,14 @@ def to_dict(self) -> Dict: _dict['iam_id'] = self.iam_id if hasattr(self, 'mfa') and self.mfa is not None: _dict['mfa'] = self.mfa + if hasattr(self, 'name') and self.name is not None: + _dict['name'] = self.name + if hasattr(self, 'user_name') and self.user_name is not None: + _dict['userName'] = self.user_name + if hasattr(self, 'email') and self.email is not None: + _dict['email'] = self.email + if hasattr(self, 'description') and self.description is not None: + _dict['description'] = self.description return _dict def _to_dict(self): @@ -7566,22 +7583,22 @@ def _to_dict(self): return self.to_dict() def __str__(self) -> str: - """Return a `str` version of this AccountSettingsUserMFA object.""" + """Return a `str` version of this AccountSettingsUserMFAResponse object.""" return json.dumps(self.to_dict(), indent=2) - def __eq__(self, other: 'AccountSettingsUserMFA') -> bool: + def __eq__(self, other: 'AccountSettingsUserMFAResponse') -> bool: """Return `true` when self and other are equal, false otherwise.""" if not isinstance(other, self.__class__): return False return self.__dict__ == other.__dict__ - def __ne__(self, other: 'AccountSettingsUserMFA') -> bool: + def __ne__(self, other: 'AccountSettingsUserMFAResponse') -> bool: """Return `true` when self and other are not equal, false otherwise.""" return not self == other class MfaEnum(str, Enum): """ - Defines the MFA requirement for the user. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -8840,7 +8857,8 @@ class EffectiveAccountSettingsResponse: problem determination. :param str account_id: Unique ID of the account. :param AccountSettingsEffectiveSection effective: - :param AccountSettingsAccountSection account: + :param AccountSettingsResponse account: Input body parameters for the Account + Settings REST request. :param List[AccountSettingsAssignedTemplatesSection] assigned_templates: (optional) assigned template section. """ @@ -8849,7 +8867,7 @@ def __init__( self, account_id: str, effective: 'AccountSettingsEffectiveSection', - account: 'AccountSettingsAccountSection', + account: 'AccountSettingsResponse', *, context: Optional['ResponseContext'] = None, assigned_templates: Optional[List['AccountSettingsAssignedTemplatesSection']] = None, @@ -8859,7 +8877,8 @@ def __init__( :param str account_id: Unique ID of the account. :param AccountSettingsEffectiveSection effective: - :param AccountSettingsAccountSection account: + :param AccountSettingsResponse account: Input body parameters for the + Account Settings REST request. :param ResponseContext context: (optional) Context with key properties for problem determination. :param List[AccountSettingsAssignedTemplatesSection] assigned_templates: @@ -8886,7 +8905,7 @@ def from_dict(cls, _dict: Dict) -> 'EffectiveAccountSettingsResponse': else: raise ValueError('Required property \'effective\' not present in EffectiveAccountSettingsResponse JSON') if (account := _dict.get('account')) is not None: - args['account'] = AccountSettingsAccountSection.from_dict(account) + args['account'] = AccountSettingsResponse.from_dict(account) else: raise ValueError('Required property \'account\' not present in EffectiveAccountSettingsResponse JSON') if (assigned_templates := _dict.get('assigned_templates')) is not None: @@ -8949,142 +8968,6 @@ def __ne__(self, other: 'EffectiveAccountSettingsResponse') -> bool: return not self == other -class EffectiveAccountSettingsUserMFA: - """ - EffectiveAccountSettingsUserMFA. - - :param str iam_id: The iam_id of the user. - :param str mfa: Defines the MFA requirement for the user. Valid values: - * NONE - No MFA trait set - * NONE_NO_ROPC- No MFA, disable CLI logins with only a password - * TOTP - For all non-federated IBMId users - * TOTP4ALL - For all users - * LEVEL1 - Email-based MFA for all users - * LEVEL2 - TOTP-based MFA for all users - * LEVEL3 - U2F MFA for all users. - :param str name: (optional) name of the user account. - :param str user_name: (optional) userName of the user. - :param str email: (optional) email of the user. - :param str description: (optional) optional description. - """ - - def __init__( - self, - iam_id: str, - mfa: str, - *, - name: Optional[str] = None, - user_name: Optional[str] = None, - email: Optional[str] = None, - description: Optional[str] = None, - ) -> None: - """ - Initialize a EffectiveAccountSettingsUserMFA object. - - :param str iam_id: The iam_id of the user. - :param str mfa: Defines the MFA requirement for the user. Valid values: - * NONE - No MFA trait set - * NONE_NO_ROPC- No MFA, disable CLI logins with only a password - * TOTP - For all non-federated IBMId users - * TOTP4ALL - For all users - * LEVEL1 - Email-based MFA for all users - * LEVEL2 - TOTP-based MFA for all users - * LEVEL3 - U2F MFA for all users. - :param str name: (optional) name of the user account. - :param str user_name: (optional) userName of the user. - :param str email: (optional) email of the user. - :param str description: (optional) optional description. - """ - self.iam_id = iam_id - self.mfa = mfa - self.name = name - self.user_name = user_name - self.email = email - self.description = description - - @classmethod - def from_dict(cls, _dict: Dict) -> 'EffectiveAccountSettingsUserMFA': - """Initialize a EffectiveAccountSettingsUserMFA object from a json dictionary.""" - args = {} - if (iam_id := _dict.get('iam_id')) is not None: - args['iam_id'] = iam_id - else: - raise ValueError('Required property \'iam_id\' not present in EffectiveAccountSettingsUserMFA JSON') - if (mfa := _dict.get('mfa')) is not None: - args['mfa'] = mfa - else: - raise ValueError('Required property \'mfa\' not present in EffectiveAccountSettingsUserMFA JSON') - if (name := _dict.get('name')) is not None: - args['name'] = name - if (user_name := _dict.get('userName')) is not None: - args['user_name'] = user_name - if (email := _dict.get('email')) is not None: - args['email'] = email - if (description := _dict.get('description')) is not None: - args['description'] = description - return cls(**args) - - @classmethod - def _from_dict(cls, _dict): - """Initialize a EffectiveAccountSettingsUserMFA object from a json dictionary.""" - return cls.from_dict(_dict) - - def to_dict(self) -> Dict: - """Return a json dictionary representing this model.""" - _dict = {} - if hasattr(self, 'iam_id') and self.iam_id is not None: - _dict['iam_id'] = self.iam_id - if hasattr(self, 'mfa') and self.mfa is not None: - _dict['mfa'] = self.mfa - if hasattr(self, 'name') and self.name is not None: - _dict['name'] = self.name - if hasattr(self, 'user_name') and self.user_name is not None: - _dict['userName'] = self.user_name - if hasattr(self, 'email') and self.email is not None: - _dict['email'] = self.email - if hasattr(self, 'description') and self.description is not None: - _dict['description'] = self.description - return _dict - - def _to_dict(self): - """Return a json dictionary representing this model.""" - return self.to_dict() - - def __str__(self) -> str: - """Return a `str` version of this EffectiveAccountSettingsUserMFA object.""" - return json.dumps(self.to_dict(), indent=2) - - def __eq__(self, other: 'EffectiveAccountSettingsUserMFA') -> bool: - """Return `true` when self and other are equal, false otherwise.""" - if not isinstance(other, self.__class__): - return False - return self.__dict__ == other.__dict__ - - def __ne__(self, other: 'EffectiveAccountSettingsUserMFA') -> bool: - """Return `true` when self and other are not equal, false otherwise.""" - return not self == other - - class MfaEnum(str, Enum): - """ - Defines the MFA requirement for the user. Valid values: - * NONE - No MFA trait set - * NONE_NO_ROPC- No MFA, disable CLI logins with only a password - * TOTP - For all non-federated IBMId users - * TOTP4ALL - For all users - * LEVEL1 - Email-based MFA for all users - * LEVEL2 - TOTP-based MFA for all users - * LEVEL3 - U2F MFA for all users. - """ - - NONE = 'NONE' - NONE_NO_ROPC = 'NONE_NO_ROPC' - TOTP = 'TOTP' - TOTP4ALL = 'TOTP4ALL' - LEVEL1 = 'LEVEL1' - LEVEL2 = 'LEVEL2' - LEVEL3 = 'LEVEL3' - - class EnityHistoryRecord: """ Response body format for an entity history record. @@ -9467,8 +9350,7 @@ class IdBasedMfaEnrollment: """ IdBasedMfaEnrollment. - :param str trait_account_default: Defines the MFA trait for the account. Valid - values: + :param str trait_account_default: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9476,8 +9358,7 @@ class IdBasedMfaEnrollment: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param str trait_user_specific: (optional) Defines the MFA trait for the - account. Valid values: + :param str trait_user_specific: (optional) MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9485,7 +9366,7 @@ class IdBasedMfaEnrollment: * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param str trait_effective: Defines the MFA trait for the account. Valid values: + :param str trait_effective: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9515,8 +9396,7 @@ def __init__( """ Initialize a IdBasedMfaEnrollment object. - :param str trait_account_default: Defines the MFA trait for the account. - Valid values: + :param str trait_account_default: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9524,8 +9404,7 @@ def __init__( * LEVEL1 - Email-based MFA for all users * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. - :param str trait_effective: Defines the MFA trait for the account. Valid - values: + :param str trait_effective: MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9534,8 +9413,8 @@ def __init__( * LEVEL2 - TOTP-based MFA for all users * LEVEL3 - U2F MFA for all users. :param bool complies: The enrollment complies to the effective requirement. - :param str trait_user_specific: (optional) Defines the MFA trait for the - account. Valid values: + :param str trait_user_specific: (optional) MFA trait definitions as + follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9619,7 +9498,7 @@ def __ne__(self, other: 'IdBasedMfaEnrollment') -> bool: class TraitAccountDefaultEnum(str, Enum): """ - Defines the MFA trait for the account. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9639,7 +9518,7 @@ class TraitAccountDefaultEnum(str, Enum): class TraitUserSpecificEnum(str, Enum): """ - Defines the MFA trait for the account. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -9659,7 +9538,7 @@ class TraitUserSpecificEnum(str, Enum): class TraitEffectiveEnum(str, Enum): """ - Defines the MFA trait for the account. Valid values: + MFA trait definitions as follows: * NONE - No MFA trait set * NONE_NO_ROPC- No MFA, disable CLI logins with only a password * TOTP - For all non-federated IBMId users @@ -13980,6 +13859,106 @@ def __ne__(self, other: 'UserActivity') -> bool: return not self == other +class UserMfa: + """ + UserMfa. + + :param str iam_id: (optional) The iam_id of the user. + :param str mfa: (optional) MFA trait definitions as follows: + * NONE - No MFA trait set + * NONE_NO_ROPC- No MFA, disable CLI logins with only a password + * TOTP - For all non-federated IBMId users + * TOTP4ALL - For all users + * LEVEL1 - Email-based MFA for all users + * LEVEL2 - TOTP-based MFA for all users + * LEVEL3 - U2F MFA for all users. + """ + + def __init__( + self, + *, + iam_id: Optional[str] = None, + mfa: Optional[str] = None, + ) -> None: + """ + Initialize a UserMfa object. + + :param str iam_id: (optional) The iam_id of the user. + :param str mfa: (optional) MFA trait definitions as follows: + * NONE - No MFA trait set + * NONE_NO_ROPC- No MFA, disable CLI logins with only a password + * TOTP - For all non-federated IBMId users + * TOTP4ALL - For all users + * LEVEL1 - Email-based MFA for all users + * LEVEL2 - TOTP-based MFA for all users + * LEVEL3 - U2F MFA for all users. + """ + self.iam_id = iam_id + self.mfa = mfa + + @classmethod + def from_dict(cls, _dict: Dict) -> 'UserMfa': + """Initialize a UserMfa object from a json dictionary.""" + args = {} + if (iam_id := _dict.get('iam_id')) is not None: + args['iam_id'] = iam_id + if (mfa := _dict.get('mfa')) is not None: + args['mfa'] = mfa + return cls(**args) + + @classmethod + def _from_dict(cls, _dict): + """Initialize a UserMfa object from a json dictionary.""" + return cls.from_dict(_dict) + + def to_dict(self) -> Dict: + """Return a json dictionary representing this model.""" + _dict = {} + if hasattr(self, 'iam_id') and self.iam_id is not None: + _dict['iam_id'] = self.iam_id + if hasattr(self, 'mfa') and self.mfa is not None: + _dict['mfa'] = self.mfa + return _dict + + def _to_dict(self): + """Return a json dictionary representing this model.""" + return self.to_dict() + + def __str__(self) -> str: + """Return a `str` version of this UserMfa object.""" + return json.dumps(self.to_dict(), indent=2) + + def __eq__(self, other: 'UserMfa') -> bool: + """Return `true` when self and other are equal, false otherwise.""" + if not isinstance(other, self.__class__): + return False + return self.__dict__ == other.__dict__ + + def __ne__(self, other: 'UserMfa') -> bool: + """Return `true` when self and other are not equal, false otherwise.""" + return not self == other + + class MfaEnum(str, Enum): + """ + MFA trait definitions as follows: + * NONE - No MFA trait set + * NONE_NO_ROPC- No MFA, disable CLI logins with only a password + * TOTP - For all non-federated IBMId users + * TOTP4ALL - For all users + * LEVEL1 - Email-based MFA for all users + * LEVEL2 - TOTP-based MFA for all users + * LEVEL3 - U2F MFA for all users. + """ + + NONE = 'NONE' + NONE_NO_ROPC = 'NONE_NO_ROPC' + TOTP = 'TOTP' + TOTP4ALL = 'TOTP4ALL' + LEVEL1 = 'LEVEL1' + LEVEL2 = 'LEVEL2' + LEVEL3 = 'LEVEL3' + + class UserMfaEnrollments: """ UserMfaEnrollments. diff --git a/test/integration/test_iam_identity_v1.py b/test/integration/test_iam_identity_v1.py index d57ec39..6804638 100644 --- a/test/integration/test_iam_identity_v1.py +++ b/test/integration/test_iam_identity_v1.py @@ -80,6 +80,8 @@ class TestIamIdentityV1: @classmethod def setup_class(cls): if os.path.exists(config_file): + now = str(round(time.time() * 1000)) + os.environ['IBM_CREDENTIALS_FILE'] = config_file cls.iam_identity_service = IamIdentityV1.new_instance() @@ -92,27 +94,24 @@ def setup_class(cls): cls.account_id = cls.config['ACCOUNT_ID'] cls.iam_id = cls.config['IAM_ID'] - cls.iam_id_member = cls.config['IAM_ID_MEMBER'] cls.apikey = cls.config['APIKEY'] cls.enterprise_account_id = cls.config['ENTERPRISE_ACCOUNT_ID'] cls.enterprise_subaccount_id = cls.config['ENTERPRISE_SUBACCOUNT_ID'] - cls.iam_id_for_preferences = cls.config['IAM_ID_FOR_PREFERENCES'] assert cls.account_id is not None assert cls.iam_id is not None - assert cls.iam_id_member is not None assert cls.apikey is not None - cls.apikey_name = 'Python-SDK-IT-ApiKey' - cls.serviceid_name = 'Python-SDK-IT-ServiceId' - cls.serviceid_group_name = 'Python-SDK-IT-ServiceId-group' - cls.profile_name1 = 'Python-SDK-IT-Profile1' - cls.profile_name2 = 'Python-SDK-IT-Profile2' + cls.apikey_name = 'Python-SDK-IT-ApiKey-' + now + cls.serviceid_name = 'Python-SDK-IT-ServiceId-' + now + cls.serviceid_group_name = 'Python-SDK-IT-ServiceId-group-' + now + cls.profile_name1 = 'Python-SDK-IT-Profile1-' + now + cls.profile_name2 = 'Python-SDK-IT-Profile2-' + now cls.claimRule_type = 'Profile-SAML' cls.realm_name = 'https://sdk.test.realm/1234' - cls.profile_template_name = 'Python-SDK-IT-TrustedProfileTemplate' - cls.profile_template_profile_name = 'Python-SDK-IT-TrustedProfile-FromTemplate' - cls.account_settings_template_name = 'Python-SDK-IT-TrustedProfileTemplate' + cls.profile_template_name = 'Python-SDK-IT-TrustedProfileTemplate-' + now + cls.profile_template_profile_name = 'Python-SDK-IT-TrustedProfile-FromTemplate-' + now + cls.account_settings_template_name = 'Python-SDK-IT-TrustedProfileTemplate-' + now cls.service = 'console' cls.value_string = '/billing' cls.preference_id1 = 'landing_page' @@ -413,7 +412,7 @@ def test_list_api_keys(self): pagetoken_present = True while pagetoken_present: list_api_keys_response = self.iam_identity_service.list_api_keys( - account_id=self.account_id, iam_id=self.iam_id, pagesize=1, pagetoken=pagetoken + account_id=self.account_id, iam_id=self.iam_id, pagesize=100, pagetoken=pagetoken ) assert list_api_keys_response.get_status_code() == 200 api_key_list = list_api_keys_response.get_result() @@ -442,7 +441,7 @@ def test_list_api_keys_with_filter(self): filter = "name co \"Python\"" while pagetoken_present: list_api_keys_response = self.iam_identity_service.list_api_keys( - account_id=self.account_id, iam_id=self.iam_id, pagesize=1, pagetoken=pagetoken, filter=filter + account_id=self.account_id, iam_id=self.iam_id, pagesize=100, pagetoken=pagetoken, filter=filter ) assert list_api_keys_response.get_status_code() == 200 api_key_list = list_api_keys_response.get_result() @@ -778,7 +777,12 @@ def test_create_profile2(self): global profile_id2 profile_id2 = profile['id'] + + global iam_id_for_preferences + iam_id_for_preferences = profile['iam_id'] + assert profile_id2 is not None + assert iam_id_for_preferences is not None @needscredentials def test_get_profile(self): @@ -812,7 +816,7 @@ def test_list_profiles(self): pagetoken_present = True while pagetoken_present: list_profiles_response = self.iam_identity_service.list_profiles( - account_id=self.account_id, pagesize=1, pagetoken=pagetoken, include_history=False + account_id=self.account_id, pagesize=100, pagetoken=pagetoken, include_history=False ) assert list_profiles_response.get_status_code() == 200 profile_list = list_profiles_response.get_result() @@ -838,7 +842,7 @@ def test_list_profiles_with_filter(self): filter = "name co \"Python\"" while pagetoken_present: list_profiles_response = self.iam_identity_service.list_profiles( - account_id=self.account_id, pagesize=1, pagetoken=pagetoken, include_history=False, filter=filter + account_id=self.account_id, pagesize=100, pagetoken=pagetoken, include_history=False, filter=filter ) assert list_profiles_response.get_status_code() == 200 profile_list = list_profiles_response.get_result() @@ -1156,15 +1160,19 @@ def test_get_identities(self): assert len(identifiers) == 1 + # delete again so we can set again in future test + self.iam_identity_service.delete_profile_identity( + profile_id=profile_id2, identity_type="user", identifier_id=self.iam_id + ) + @needscredentials def test_set_identity(self): - identifiers = [] accounts = [self.account_id] get_identity_response = self.iam_identity_service.set_profile_identity( profile_id=profile_id2, identity_type="user", - identifier=self.iam_id_member, + identifier=self.iam_id, type="user", accounts=accounts, description="Identity description", @@ -1176,10 +1184,8 @@ def test_set_identity(self): @needscredentials def test_get_identity(self): - identifiers = [] - get_identity_response = self.iam_identity_service.get_profile_identity( - profile_id=profile_id2, identity_type="user", identifier_id=self.iam_id_member + profile_id=profile_id2, identity_type="user", identifier_id=self.iam_id ) assert get_identity_response.get_status_code() == 200 Identity_list = get_identity_response.get_result() @@ -1188,24 +1194,11 @@ def test_get_identity(self): @needscredentials def test_delete_identity(self): - identifiers = [] - delete_identity_response = self.iam_identity_service.delete_profile_identity( - profile_id=profile_id2, identity_type="user", identifier_id=self.iam_id_member + profile_id=profile_id2, identity_type="user", identifier_id=self.iam_id ) assert delete_identity_response.get_status_code() == 204 - @needscredentials - def test_delete_profile2(self): - assert profile_id2 is not None - - delete_profile_response = self.iam_identity_service.delete_profile(profile_id=profile_id2) - - assert delete_profile_response.get_status_code() == 204 - - profile = self.get_profile(self.iam_identity_service, profile_id2) - assert profile is None - def test_create_profile_bad_request(self): with pytest.raises(ApiException) as e: self.iam_identity_service.create_profile( @@ -1299,7 +1292,7 @@ def test_get_account_settings(self): assert account_setting_etag is None get_account_settings_response = self.iam_identity_service.get_account_settings( - account_id=self.account_id, include_history=False + account_id=self.account_id, include_history=True ) assert get_account_settings_response.get_status_code() == 200 @@ -1309,6 +1302,8 @@ def test_get_account_settings(self): assert settings["account_id"] == self.account_id assert settings["restrict_create_service_id"] is not None assert settings["restrict_create_platform_apikey"] is not None + # assert settings["restrict_user_list_visibility"] is not None + # assert settings["restrict_user_domains"] is not None assert settings["entity_tag"] is not None assert settings["mfa"] is not None assert settings["user_mfa"] is not None @@ -1326,14 +1321,21 @@ def test_update_account_settings(self): assert account_setting_etag is not None account_settings_user_mfa = {} - account_settings_user_mfa['iam_id'] = self.iam_id_member + account_settings_user_mfa['iam_id'] = self.iam_id account_settings_user_mfa['mfa'] = 'NONE' + restrict_user_domain_item = {} + restrict_user_domain_item['realm_id'] = 'IBMid' + restrict_user_domain_item['restrict_invitation'] = False + restrict_user_domain_item['invitation_email_allow_patterns'] = ['*.*@company.com'] + update_account_settings_response = self.iam_identity_service.update_account_settings( if_match=account_setting_etag, account_id=self.account_id, restrict_create_service_id="NOT_RESTRICTED", restrict_create_platform_apikey="NOT_RESTRICTED", + restrict_user_list_visibility="NOT_RESTRICTED", + restrict_user_domains=[restrict_user_domain_item], # allowed_ip_addresses='testString', mfa='NONE', user_mfa=[account_settings_user_mfa], @@ -1352,6 +1354,8 @@ def test_update_account_settings(self): assert settings["account_id"] == self.account_id assert settings["restrict_create_service_id"] == "NOT_RESTRICTED" assert settings["restrict_create_platform_apikey"] == "NOT_RESTRICTED" + assert settings["restrict_user_list_visibility"] == "NOT_RESTRICTED" + assert settings["restrict_user_domains"] is not None assert settings["entity_tag"] != account_setting_etag assert settings["mfa"] == "NONE" assert settings["user_mfa"] is not None @@ -2026,11 +2030,11 @@ def test_update_api_key(self): @needscredentials def test_update_preference_on_scope_account(self): - assert self.iam_id_for_preferences is not None + assert iam_id_for_preferences is not None assert self.preference_id1 is not None preference = self.iam_identity_service.update_preference_on_scope_account( - iam_id=self.iam_id_for_preferences, + iam_id=iam_id_for_preferences, account_id=self.account_id, service=self.service, preference_id=self.preference_id1, @@ -2041,10 +2045,10 @@ def test_update_preference_on_scope_account(self): @needscredentials def test_get_preferences_on_scope_account(self): - assert self.iam_id_for_preferences is not None + assert iam_id_for_preferences is not None assert self.preference_id1 is not None preference = self.iam_identity_service.get_preferences_on_scope_account( - iam_id=self.iam_id_for_preferences, + iam_id=iam_id_for_preferences, account_id=self.account_id, service=self.service, preference_id=self.preference_id1, @@ -2054,22 +2058,33 @@ def test_get_preferences_on_scope_account(self): @needscredentials def test_get_all_preferences_on_scope_account(self): - assert self.iam_id_for_preferences is not None + assert iam_id_for_preferences is not None assert self.preference_id1 is not None preference = self.iam_identity_service.get_all_preferences_on_scope_account( - account_id=self.account_id, iam_id=self.iam_id_for_preferences + account_id=self.account_id, iam_id=iam_id_for_preferences ).get_result() print('\nget_all_preference_on_scope_account() response: ', json.dumps(preference, indent=2)) assert preference is not None @needscredentials def test_delete_preferences_on_scope_account(self): - assert self.iam_id_for_preferences is not None + assert iam_id_for_preferences is not None assert self.preference_id1 is not None preference = self.iam_identity_service.delete_preferences_on_scope_account( - iam_id=self.iam_id_for_preferences, + iam_id=iam_id_for_preferences, account_id=self.account_id, service=self.service, preference_id=self.preference_id1, ) assert preference.get_status_code() == 204 + + @needscredentials + def test_delete_profile2(self): + assert profile_id2 is not None + + delete_profile_response = self.iam_identity_service.delete_profile(profile_id=profile_id2) + + assert delete_profile_response.get_status_code() == 204 + + profile = self.get_profile(self.iam_identity_service, profile_id2) + assert profile is None diff --git a/test/unit/test_iam_identity_v1.py b/test/unit/test_iam_identity_v1.py index dfba890..5ad2927 100644 --- a/test/unit/test_iam_identity_v1.py +++ b/test/unit/test_iam_identity_v1.py @@ -4783,7 +4783,7 @@ def test_get_account_settings_all_params(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "entity_tag": "entity_tag", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}' responses.add( responses.GET, url, @@ -4795,11 +4795,13 @@ def test_get_account_settings_all_params(self): # Set up parameter values account_id = 'testString' include_history = False + resolve_user_mfa = False # Invoke method response = _service.get_account_settings( account_id, include_history=include_history, + resolve_user_mfa=resolve_user_mfa, headers={}, ) @@ -4810,6 +4812,7 @@ def test_get_account_settings_all_params(self): query_string = responses.calls[0].request.url.split('?', 1)[1] query_string = urllib.parse.unquote_plus(query_string) assert 'include_history={}'.format('true' if include_history else 'false') in query_string + assert 'resolve_user_mfa={}'.format('true' if resolve_user_mfa else 'false') in query_string def test_get_account_settings_all_params_with_retries(self): # Enable retries and run test_get_account_settings_all_params. @@ -4827,7 +4830,7 @@ def test_get_account_settings_required_params(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "entity_tag": "entity_tag", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}' responses.add( responses.GET, url, @@ -4865,7 +4868,7 @@ def test_get_account_settings_value_error(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "entity_tag": "entity_tag", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}' responses.add( responses.GET, url, @@ -4908,7 +4911,7 @@ def test_update_account_settings_all_params(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "entity_tag": "entity_tag", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}' responses.add( responses.PUT, url, @@ -4917,24 +4920,32 @@ def test_update_account_settings_all_params(self): status=200, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a AccountSettingsUserDomainRestriction model + account_settings_user_domain_restriction_model = {} + account_settings_user_domain_restriction_model['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model['invitation_email_allow_patterns'] = [] + account_settings_user_domain_restriction_model['restrict_invitation'] = True + + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Set up parameter values if_match = 'testString' account_id = 'testString' - restrict_create_service_id = 'RESTRICTED' - restrict_create_platform_apikey = 'RESTRICTED' + restrict_create_service_id = 'NOT_SET' + restrict_create_platform_apikey = 'NOT_SET' + restrict_user_list_visibility = 'NOT_RESTRICTED' + restrict_user_domains = [account_settings_user_domain_restriction_model] allowed_ip_addresses = 'testString' mfa = 'NONE' - user_mfa = [account_settings_user_mfa_model] session_expiration_in_seconds = '86400' session_invalidation_in_seconds = '7200' max_sessions_per_identity = 'testString' system_access_token_expiration_in_seconds = '3600' system_refresh_token_expiration_in_seconds = '259200' + user_mfa = [user_mfa_model] # Invoke method response = _service.update_account_settings( @@ -4942,14 +4953,16 @@ def test_update_account_settings_all_params(self): account_id, restrict_create_service_id=restrict_create_service_id, restrict_create_platform_apikey=restrict_create_platform_apikey, + restrict_user_list_visibility=restrict_user_list_visibility, + restrict_user_domains=restrict_user_domains, allowed_ip_addresses=allowed_ip_addresses, mfa=mfa, - user_mfa=user_mfa, session_expiration_in_seconds=session_expiration_in_seconds, session_invalidation_in_seconds=session_invalidation_in_seconds, max_sessions_per_identity=max_sessions_per_identity, system_access_token_expiration_in_seconds=system_access_token_expiration_in_seconds, system_refresh_token_expiration_in_seconds=system_refresh_token_expiration_in_seconds, + user_mfa=user_mfa, headers={}, ) @@ -4958,16 +4971,18 @@ def test_update_account_settings_all_params(self): assert response.status_code == 200 # Validate body params req_body = json.loads(str(responses.calls[0].request.body, 'utf-8')) - assert req_body['restrict_create_service_id'] == 'RESTRICTED' - assert req_body['restrict_create_platform_apikey'] == 'RESTRICTED' + assert req_body['restrict_create_service_id'] == 'NOT_SET' + assert req_body['restrict_create_platform_apikey'] == 'NOT_SET' + assert req_body['restrict_user_list_visibility'] == 'NOT_RESTRICTED' + assert req_body['restrict_user_domains'] == [account_settings_user_domain_restriction_model] assert req_body['allowed_ip_addresses'] == 'testString' assert req_body['mfa'] == 'NONE' - assert req_body['user_mfa'] == [account_settings_user_mfa_model] assert req_body['session_expiration_in_seconds'] == '86400' assert req_body['session_invalidation_in_seconds'] == '7200' assert req_body['max_sessions_per_identity'] == 'testString' assert req_body['system_access_token_expiration_in_seconds'] == '3600' assert req_body['system_refresh_token_expiration_in_seconds'] == '259200' + assert req_body['user_mfa'] == [user_mfa_model] def test_update_account_settings_all_params_with_retries(self): # Enable retries and run test_update_account_settings_all_params. @@ -4985,7 +5000,7 @@ def test_update_account_settings_value_error(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "entity_tag": "entity_tag", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}' responses.add( responses.PUT, url, @@ -4994,24 +5009,32 @@ def test_update_account_settings_value_error(self): status=200, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a AccountSettingsUserDomainRestriction model + account_settings_user_domain_restriction_model = {} + account_settings_user_domain_restriction_model['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model['invitation_email_allow_patterns'] = [] + account_settings_user_domain_restriction_model['restrict_invitation'] = True + + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Set up parameter values if_match = 'testString' account_id = 'testString' - restrict_create_service_id = 'RESTRICTED' - restrict_create_platform_apikey = 'RESTRICTED' + restrict_create_service_id = 'NOT_SET' + restrict_create_platform_apikey = 'NOT_SET' + restrict_user_list_visibility = 'NOT_RESTRICTED' + restrict_user_domains = [account_settings_user_domain_restriction_model] allowed_ip_addresses = 'testString' mfa = 'NONE' - user_mfa = [account_settings_user_mfa_model] session_expiration_in_seconds = '86400' session_invalidation_in_seconds = '7200' max_sessions_per_identity = 'testString' system_access_token_expiration_in_seconds = '3600' system_refresh_token_expiration_in_seconds = '259200' + user_mfa = [user_mfa_model] # Pass in all but one required param and check for a ValueError req_param_dict = { @@ -5045,7 +5068,7 @@ def test_get_effective_account_settings_all_params(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/effective_settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "effective": {"restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "account": {"account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "assigned_templates": [{"template_id": "template_id", "template_version": 16, "template_name": "template_name", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}]}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "effective": {"restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "account": {"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}, "assigned_templates": [{"template_id": "template_id", "template_version": 16, "template_name": "template_name", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}]}' responses.add( responses.GET, url, @@ -5092,7 +5115,7 @@ def test_get_effective_account_settings_required_params(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/effective_settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "effective": {"restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "account": {"account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "assigned_templates": [{"template_id": "template_id", "template_version": 16, "template_name": "template_name", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}]}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "effective": {"restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "account": {"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}, "assigned_templates": [{"template_id": "template_id", "template_version": 16, "template_name": "template_name", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}]}' responses.add( responses.GET, url, @@ -5130,7 +5153,7 @@ def test_get_effective_account_settings_value_error(self): """ # Set up mock url = preprocess_url('/v1/accounts/testString/effective_settings/identity') - mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "effective": {"restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "account": {"account_id": "account_id", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "assigned_templates": [{"template_id": "template_id", "template_version": 16, "template_name": "template_name", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}]}' + mock_response = '{"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "effective": {"restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}], "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200"}, "account": {"context": {"transaction_id": "transaction_id", "operation": "operation", "user_agent": "user_agent", "url": "url", "instance_id": "instance_id", "thread_id": "thread_id", "host": "host", "start_time": "start_time", "end_time": "end_time", "elapsed_time": "elapsed_time", "cluster_name": "cluster_name"}, "account_id": "account_id", "entity_tag": "entity_tag", "history": [{"timestamp": "timestamp", "iam_id": "iam_id", "iam_id_account": "iam_id_account", "action": "action", "params": ["params"], "message": "message"}], "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}, "assigned_templates": [{"template_id": "template_id", "template_version": 16, "template_name": "template_name", "restrict_create_service_id": "NOT_SET", "restrict_create_platform_apikey": "NOT_SET", "restrict_user_list_visibility": "NOT_RESTRICTED", "restrict_user_domains": [{"realm_id": "IBMid", "invitation_email_allow_patterns": ["invitation_email_allow_patterns"], "restrict_invitation": false}], "allowed_ip_addresses": "allowed_ip_addresses", "mfa": "NONE", "session_expiration_in_seconds": "86400", "session_invalidation_in_seconds": "7200", "max_sessions_per_identity": "max_sessions_per_identity", "system_access_token_expiration_in_seconds": "3600", "system_refresh_token_expiration_in_seconds": "259200", "user_mfa": [{"iam_id": "iam_id", "mfa": "NONE", "name": "name", "userName": "user_name", "email": "email", "description": "description"}]}]}' responses.add( responses.GET, url, @@ -7924,10 +7947,10 @@ def test_create_account_settings_template_all_params(self): status=201, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Construct a dict representation of a AccountSettingsComponent model account_settings_component_model = {} @@ -7935,7 +7958,7 @@ def test_create_account_settings_template_all_params(self): account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -8335,10 +8358,10 @@ def test_create_account_settings_template_version_all_params(self): status=201, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Construct a dict representation of a AccountSettingsComponent model account_settings_component_model = {} @@ -8346,7 +8369,7 @@ def test_create_account_settings_template_version_all_params(self): account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -8405,10 +8428,10 @@ def test_create_account_settings_template_version_value_error(self): status=201, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Construct a dict representation of a AccountSettingsComponent model account_settings_component_model = {} @@ -8416,7 +8439,7 @@ def test_create_account_settings_template_version_value_error(self): account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -8601,10 +8624,10 @@ def test_update_account_settings_template_version_all_params(self): status=200, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Construct a dict representation of a AccountSettingsComponent model account_settings_component_model = {} @@ -8612,7 +8635,7 @@ def test_update_account_settings_template_version_all_params(self): account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -8675,10 +8698,10 @@ def test_update_account_settings_template_version_value_error(self): status=200, ) - # Construct a dict representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model = {} - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + # Construct a dict representation of a UserMfa model + user_mfa_model = {} + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Construct a dict representation of a AccountSettingsComponent model account_settings_component_model = {} @@ -8686,7 +8709,7 @@ def test_update_account_settings_template_version_value_error(self): account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -9479,71 +9502,6 @@ def test_account_based_mfa_enrollment_serialization(self): assert account_based_mfa_enrollment_model_json2 == account_based_mfa_enrollment_model_json -class TestModel_AccountSettingsAccountSection: - """ - Test Class for AccountSettingsAccountSection - """ - - def test_account_settings_account_section_serialization(self): - """ - Test serialization/deserialization for AccountSettingsAccountSection - """ - - # Construct dict forms of any model objects needed in order to build this model. - - effective_account_settings_user_mfa_model = {} # EffectiveAccountSettingsUserMFA - effective_account_settings_user_mfa_model['iam_id'] = 'testString' - effective_account_settings_user_mfa_model['mfa'] = 'NONE' - effective_account_settings_user_mfa_model['name'] = 'testString' - effective_account_settings_user_mfa_model['userName'] = 'testString' - effective_account_settings_user_mfa_model['email'] = 'testString' - effective_account_settings_user_mfa_model['description'] = 'testString' - - enity_history_record_model = {} # EnityHistoryRecord - enity_history_record_model['timestamp'] = 'testString' - enity_history_record_model['iam_id'] = 'testString' - enity_history_record_model['iam_id_account'] = 'testString' - enity_history_record_model['action'] = 'testString' - enity_history_record_model['params'] = ['testString'] - enity_history_record_model['message'] = 'testString' - - # Construct a json representation of a AccountSettingsAccountSection model - account_settings_account_section_model_json = {} - account_settings_account_section_model_json['account_id'] = 'testString' - account_settings_account_section_model_json['restrict_create_service_id'] = 'NOT_SET' - account_settings_account_section_model_json['restrict_create_platform_apikey'] = 'NOT_SET' - account_settings_account_section_model_json['allowed_ip_addresses'] = 'testString' - account_settings_account_section_model_json['mfa'] = 'NONE' - account_settings_account_section_model_json['user_mfa'] = [effective_account_settings_user_mfa_model] - account_settings_account_section_model_json['history'] = [enity_history_record_model] - account_settings_account_section_model_json['session_expiration_in_seconds'] = '86400' - account_settings_account_section_model_json['session_invalidation_in_seconds'] = '7200' - account_settings_account_section_model_json['max_sessions_per_identity'] = 'testString' - account_settings_account_section_model_json['system_access_token_expiration_in_seconds'] = '3600' - account_settings_account_section_model_json['system_refresh_token_expiration_in_seconds'] = '259200' - - # Construct a model instance of AccountSettingsAccountSection by calling from_dict on the json representation - account_settings_account_section_model = AccountSettingsAccountSection.from_dict( - account_settings_account_section_model_json - ) - assert account_settings_account_section_model != False - - # Construct a model instance of AccountSettingsAccountSection by calling from_dict on the json representation - account_settings_account_section_model_dict = AccountSettingsAccountSection.from_dict( - account_settings_account_section_model_json - ).__dict__ - account_settings_account_section_model2 = AccountSettingsAccountSection( - **account_settings_account_section_model_dict - ) - - # Verify the model instances are equivalent - assert account_settings_account_section_model == account_settings_account_section_model2 - - # Convert model instance back to dict and verify no loss of data - account_settings_account_section_model_json2 = account_settings_account_section_model.to_dict() - assert account_settings_account_section_model_json2 == account_settings_account_section_model_json - - class TestModel_AccountSettingsAssignedTemplatesSection: """ Test Class for AccountSettingsAssignedTemplatesSection @@ -9556,13 +9514,18 @@ def test_account_settings_assigned_templates_section_serialization(self): # Construct dict forms of any model objects needed in order to build this model. - effective_account_settings_user_mfa_model = {} # EffectiveAccountSettingsUserMFA - effective_account_settings_user_mfa_model['iam_id'] = 'testString' - effective_account_settings_user_mfa_model['mfa'] = 'NONE' - effective_account_settings_user_mfa_model['name'] = 'testString' - effective_account_settings_user_mfa_model['userName'] = 'testString' - effective_account_settings_user_mfa_model['email'] = 'testString' - effective_account_settings_user_mfa_model['description'] = 'testString' + account_settings_user_domain_restriction_model = {} # AccountSettingsUserDomainRestriction + account_settings_user_domain_restriction_model['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model['invitation_email_allow_patterns'] = [] + account_settings_user_domain_restriction_model['restrict_invitation'] = True + + account_settings_user_mfa_response_model = {} # AccountSettingsUserMFAResponse + account_settings_user_mfa_response_model['iam_id'] = 'testString' + account_settings_user_mfa_response_model['mfa'] = 'NONE' + account_settings_user_mfa_response_model['name'] = 'testString' + account_settings_user_mfa_response_model['userName'] = 'testString' + account_settings_user_mfa_response_model['email'] = 'testString' + account_settings_user_mfa_response_model['description'] = 'testString' # Construct a json representation of a AccountSettingsAssignedTemplatesSection model account_settings_assigned_templates_section_model_json = {} @@ -9571,14 +9534,18 @@ def test_account_settings_assigned_templates_section_serialization(self): account_settings_assigned_templates_section_model_json['template_name'] = 'testString' account_settings_assigned_templates_section_model_json['restrict_create_service_id'] = 'NOT_SET' account_settings_assigned_templates_section_model_json['restrict_create_platform_apikey'] = 'NOT_SET' + account_settings_assigned_templates_section_model_json['restrict_user_list_visibility'] = 'NOT_RESTRICTED' + account_settings_assigned_templates_section_model_json['restrict_user_domains'] = [ + account_settings_user_domain_restriction_model + ] account_settings_assigned_templates_section_model_json['allowed_ip_addresses'] = 'testString' account_settings_assigned_templates_section_model_json['mfa'] = 'NONE' - account_settings_assigned_templates_section_model_json['user_mfa'] = [effective_account_settings_user_mfa_model] account_settings_assigned_templates_section_model_json['session_expiration_in_seconds'] = '86400' account_settings_assigned_templates_section_model_json['session_invalidation_in_seconds'] = '7200' account_settings_assigned_templates_section_model_json['max_sessions_per_identity'] = 'testString' account_settings_assigned_templates_section_model_json['system_access_token_expiration_in_seconds'] = '3600' account_settings_assigned_templates_section_model_json['system_refresh_token_expiration_in_seconds'] = '259200' + account_settings_assigned_templates_section_model_json['user_mfa'] = [account_settings_user_mfa_response_model] # Construct a model instance of AccountSettingsAssignedTemplatesSection by calling from_dict on the json representation account_settings_assigned_templates_section_model = AccountSettingsAssignedTemplatesSection.from_dict( @@ -9619,9 +9586,9 @@ def test_account_settings_component_serialization(self): # Construct dict forms of any model objects needed in order to build this model. - account_settings_user_mfa_model = {} # AccountSettingsUserMFA - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + user_mfa_model = {} # UserMfa + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' # Construct a json representation of a AccountSettingsComponent model account_settings_component_model_json = {} @@ -9629,7 +9596,7 @@ def test_account_settings_component_serialization(self): account_settings_component_model_json['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model_json['allowed_ip_addresses'] = 'testString' account_settings_component_model_json['mfa'] = 'NONE' - account_settings_component_model_json['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model_json['user_mfa'] = [user_mfa_model] account_settings_component_model_json['session_expiration_in_seconds'] = '86400' account_settings_component_model_json['session_invalidation_in_seconds'] = '7200' account_settings_component_model_json['max_sessions_per_identity'] = 'testString' @@ -9666,21 +9633,22 @@ def test_account_settings_effective_section_serialization(self): # Construct dict forms of any model objects needed in order to build this model. - effective_account_settings_user_mfa_model = {} # EffectiveAccountSettingsUserMFA - effective_account_settings_user_mfa_model['iam_id'] = 'testString' - effective_account_settings_user_mfa_model['mfa'] = 'NONE' - effective_account_settings_user_mfa_model['name'] = 'testString' - effective_account_settings_user_mfa_model['userName'] = 'testString' - effective_account_settings_user_mfa_model['email'] = 'testString' - effective_account_settings_user_mfa_model['description'] = 'testString' + account_settings_user_mfa_response_model = {} # AccountSettingsUserMFAResponse + account_settings_user_mfa_response_model['iam_id'] = 'testString' + account_settings_user_mfa_response_model['mfa'] = 'NONE' + account_settings_user_mfa_response_model['name'] = 'testString' + account_settings_user_mfa_response_model['userName'] = 'testString' + account_settings_user_mfa_response_model['email'] = 'testString' + account_settings_user_mfa_response_model['description'] = 'testString' # Construct a json representation of a AccountSettingsEffectiveSection model account_settings_effective_section_model_json = {} account_settings_effective_section_model_json['restrict_create_service_id'] = 'NOT_SET' account_settings_effective_section_model_json['restrict_create_platform_apikey'] = 'NOT_SET' + account_settings_effective_section_model_json['restrict_user_list_visibility'] = 'NOT_RESTRICTED' account_settings_effective_section_model_json['allowed_ip_addresses'] = 'testString' account_settings_effective_section_model_json['mfa'] = 'NONE' - account_settings_effective_section_model_json['user_mfa'] = [effective_account_settings_user_mfa_model] + account_settings_effective_section_model_json['user_mfa'] = [account_settings_user_mfa_response_model] account_settings_effective_section_model_json['session_expiration_in_seconds'] = '86400' account_settings_effective_section_model_json['session_invalidation_in_seconds'] = '7200' account_settings_effective_section_model_json['max_sessions_per_identity'] = 'testString' @@ -9734,10 +9702,6 @@ def test_account_settings_response_serialization(self): response_context_model['elapsed_time'] = 'testString' response_context_model['cluster_name'] = 'testString' - account_settings_user_mfa_model = {} # AccountSettingsUserMFA - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' - enity_history_record_model = {} # EnityHistoryRecord enity_history_record_model['timestamp'] = 'testString' enity_history_record_model['iam_id'] = 'testString' @@ -9746,22 +9710,37 @@ def test_account_settings_response_serialization(self): enity_history_record_model['params'] = ['testString'] enity_history_record_model['message'] = 'testString' + account_settings_user_domain_restriction_model = {} # AccountSettingsUserDomainRestriction + account_settings_user_domain_restriction_model['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model['invitation_email_allow_patterns'] = [] + account_settings_user_domain_restriction_model['restrict_invitation'] = True + + account_settings_user_mfa_response_model = {} # AccountSettingsUserMFAResponse + account_settings_user_mfa_response_model['iam_id'] = 'testString' + account_settings_user_mfa_response_model['mfa'] = 'NONE' + account_settings_user_mfa_response_model['name'] = 'testString' + account_settings_user_mfa_response_model['userName'] = 'testString' + account_settings_user_mfa_response_model['email'] = 'testString' + account_settings_user_mfa_response_model['description'] = 'testString' + # Construct a json representation of a AccountSettingsResponse model account_settings_response_model_json = {} account_settings_response_model_json['context'] = response_context_model account_settings_response_model_json['account_id'] = 'testString' + account_settings_response_model_json['entity_tag'] = 'testString' + account_settings_response_model_json['history'] = [enity_history_record_model] account_settings_response_model_json['restrict_create_service_id'] = 'NOT_SET' account_settings_response_model_json['restrict_create_platform_apikey'] = 'NOT_SET' + account_settings_response_model_json['restrict_user_list_visibility'] = 'NOT_RESTRICTED' + account_settings_response_model_json['restrict_user_domains'] = [account_settings_user_domain_restriction_model] account_settings_response_model_json['allowed_ip_addresses'] = 'testString' - account_settings_response_model_json['entity_tag'] = 'testString' account_settings_response_model_json['mfa'] = 'NONE' - account_settings_response_model_json['user_mfa'] = [account_settings_user_mfa_model] - account_settings_response_model_json['history'] = [enity_history_record_model] account_settings_response_model_json['session_expiration_in_seconds'] = '86400' account_settings_response_model_json['session_invalidation_in_seconds'] = '7200' account_settings_response_model_json['max_sessions_per_identity'] = 'testString' account_settings_response_model_json['system_access_token_expiration_in_seconds'] = '3600' account_settings_response_model_json['system_refresh_token_expiration_in_seconds'] = '259200' + account_settings_response_model_json['user_mfa'] = [account_settings_user_mfa_response_model] # Construct a model instance of AccountSettingsResponse by calling from_dict on the json representation account_settings_response_model = AccountSettingsResponse.from_dict(account_settings_response_model_json) @@ -9806,16 +9785,16 @@ def test_account_settings_template_list_serialization(self): response_context_model['elapsed_time'] = 'testString' response_context_model['cluster_name'] = 'testString' - account_settings_user_mfa_model = {} # AccountSettingsUserMFA - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + user_mfa_model = {} # UserMfa + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' account_settings_component_model = {} # AccountSettingsComponent account_settings_component_model['restrict_create_service_id'] = 'NOT_SET' account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -9890,16 +9869,16 @@ def test_account_settings_template_response_serialization(self): # Construct dict forms of any model objects needed in order to build this model. - account_settings_user_mfa_model = {} # AccountSettingsUserMFA - account_settings_user_mfa_model['iam_id'] = 'testString' - account_settings_user_mfa_model['mfa'] = 'NONE' + user_mfa_model = {} # UserMfa + user_mfa_model['iam_id'] = 'testString' + user_mfa_model['mfa'] = 'NONE' account_settings_component_model = {} # AccountSettingsComponent account_settings_component_model['restrict_create_service_id'] = 'NOT_SET' account_settings_component_model['restrict_create_platform_apikey'] = 'NOT_SET' account_settings_component_model['allowed_ip_addresses'] = 'testString' account_settings_component_model['mfa'] = 'NONE' - account_settings_component_model['user_mfa'] = [account_settings_user_mfa_model] + account_settings_component_model['user_mfa'] = [user_mfa_model] account_settings_component_model['session_expiration_in_seconds'] = '86400' account_settings_component_model['session_invalidation_in_seconds'] = '7200' account_settings_component_model['max_sessions_per_identity'] = 'testString' @@ -9953,37 +9932,85 @@ def test_account_settings_template_response_serialization(self): assert account_settings_template_response_model_json2 == account_settings_template_response_model_json -class TestModel_AccountSettingsUserMFA: +class TestModel_AccountSettingsUserDomainRestriction: + """ + Test Class for AccountSettingsUserDomainRestriction + """ + + def test_account_settings_user_domain_restriction_serialization(self): + """ + Test serialization/deserialization for AccountSettingsUserDomainRestriction + """ + + # Construct a json representation of a AccountSettingsUserDomainRestriction model + account_settings_user_domain_restriction_model_json = {} + account_settings_user_domain_restriction_model_json['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model_json['invitation_email_allow_patterns'] = [] + account_settings_user_domain_restriction_model_json['restrict_invitation'] = True + + # Construct a model instance of AccountSettingsUserDomainRestriction by calling from_dict on the json representation + account_settings_user_domain_restriction_model = AccountSettingsUserDomainRestriction.from_dict( + account_settings_user_domain_restriction_model_json + ) + assert account_settings_user_domain_restriction_model != False + + # Construct a model instance of AccountSettingsUserDomainRestriction by calling from_dict on the json representation + account_settings_user_domain_restriction_model_dict = AccountSettingsUserDomainRestriction.from_dict( + account_settings_user_domain_restriction_model_json + ).__dict__ + account_settings_user_domain_restriction_model2 = AccountSettingsUserDomainRestriction( + **account_settings_user_domain_restriction_model_dict + ) + + # Verify the model instances are equivalent + assert account_settings_user_domain_restriction_model == account_settings_user_domain_restriction_model2 + + # Convert model instance back to dict and verify no loss of data + account_settings_user_domain_restriction_model_json2 = account_settings_user_domain_restriction_model.to_dict() + assert ( + account_settings_user_domain_restriction_model_json2 == account_settings_user_domain_restriction_model_json + ) + + +class TestModel_AccountSettingsUserMFAResponse: """ - Test Class for AccountSettingsUserMFA + Test Class for AccountSettingsUserMFAResponse """ - def test_account_settings_user_mfa_serialization(self): + def test_account_settings_user_mfa_response_serialization(self): """ - Test serialization/deserialization for AccountSettingsUserMFA + Test serialization/deserialization for AccountSettingsUserMFAResponse """ - # Construct a json representation of a AccountSettingsUserMFA model - account_settings_user_mfa_model_json = {} - account_settings_user_mfa_model_json['iam_id'] = 'testString' - account_settings_user_mfa_model_json['mfa'] = 'NONE' + # Construct a json representation of a AccountSettingsUserMFAResponse model + account_settings_user_mfa_response_model_json = {} + account_settings_user_mfa_response_model_json['iam_id'] = 'testString' + account_settings_user_mfa_response_model_json['mfa'] = 'NONE' + account_settings_user_mfa_response_model_json['name'] = 'testString' + account_settings_user_mfa_response_model_json['userName'] = 'testString' + account_settings_user_mfa_response_model_json['email'] = 'testString' + account_settings_user_mfa_response_model_json['description'] = 'testString' - # Construct a model instance of AccountSettingsUserMFA by calling from_dict on the json representation - account_settings_user_mfa_model = AccountSettingsUserMFA.from_dict(account_settings_user_mfa_model_json) - assert account_settings_user_mfa_model != False + # Construct a model instance of AccountSettingsUserMFAResponse by calling from_dict on the json representation + account_settings_user_mfa_response_model = AccountSettingsUserMFAResponse.from_dict( + account_settings_user_mfa_response_model_json + ) + assert account_settings_user_mfa_response_model != False - # Construct a model instance of AccountSettingsUserMFA by calling from_dict on the json representation - account_settings_user_mfa_model_dict = AccountSettingsUserMFA.from_dict( - account_settings_user_mfa_model_json + # Construct a model instance of AccountSettingsUserMFAResponse by calling from_dict on the json representation + account_settings_user_mfa_response_model_dict = AccountSettingsUserMFAResponse.from_dict( + account_settings_user_mfa_response_model_json ).__dict__ - account_settings_user_mfa_model2 = AccountSettingsUserMFA(**account_settings_user_mfa_model_dict) + account_settings_user_mfa_response_model2 = AccountSettingsUserMFAResponse( + **account_settings_user_mfa_response_model_dict + ) # Verify the model instances are equivalent - assert account_settings_user_mfa_model == account_settings_user_mfa_model2 + assert account_settings_user_mfa_response_model == account_settings_user_mfa_response_model2 # Convert model instance back to dict and verify no loss of data - account_settings_user_mfa_model_json2 = account_settings_user_mfa_model.to_dict() - assert account_settings_user_mfa_model_json2 == account_settings_user_mfa_model_json + account_settings_user_mfa_response_model_json2 = account_settings_user_mfa_response_model.to_dict() + assert account_settings_user_mfa_response_model_json2 == account_settings_user_mfa_response_model_json class TestModel_ActionControls: @@ -10536,20 +10563,21 @@ def test_effective_account_settings_response_serialization(self): response_context_model['elapsed_time'] = 'testString' response_context_model['cluster_name'] = 'testString' - effective_account_settings_user_mfa_model = {} # EffectiveAccountSettingsUserMFA - effective_account_settings_user_mfa_model['iam_id'] = 'testString' - effective_account_settings_user_mfa_model['mfa'] = 'NONE' - effective_account_settings_user_mfa_model['name'] = 'testString' - effective_account_settings_user_mfa_model['userName'] = 'testString' - effective_account_settings_user_mfa_model['email'] = 'testString' - effective_account_settings_user_mfa_model['description'] = 'testString' + account_settings_user_mfa_response_model = {} # AccountSettingsUserMFAResponse + account_settings_user_mfa_response_model['iam_id'] = 'testString' + account_settings_user_mfa_response_model['mfa'] = 'NONE' + account_settings_user_mfa_response_model['name'] = 'testString' + account_settings_user_mfa_response_model['userName'] = 'testString' + account_settings_user_mfa_response_model['email'] = 'testString' + account_settings_user_mfa_response_model['description'] = 'testString' account_settings_effective_section_model = {} # AccountSettingsEffectiveSection account_settings_effective_section_model['restrict_create_service_id'] = 'NOT_SET' account_settings_effective_section_model['restrict_create_platform_apikey'] = 'NOT_SET' + account_settings_effective_section_model['restrict_user_list_visibility'] = 'NOT_RESTRICTED' account_settings_effective_section_model['allowed_ip_addresses'] = 'testString' account_settings_effective_section_model['mfa'] = 'NONE' - account_settings_effective_section_model['user_mfa'] = [effective_account_settings_user_mfa_model] + account_settings_effective_section_model['user_mfa'] = [account_settings_user_mfa_response_model] account_settings_effective_section_model['session_expiration_in_seconds'] = '86400' account_settings_effective_section_model['session_invalidation_in_seconds'] = '7200' account_settings_effective_section_model['max_sessions_per_identity'] = 'testString' @@ -10564,19 +10592,28 @@ def test_effective_account_settings_response_serialization(self): enity_history_record_model['params'] = ['testString'] enity_history_record_model['message'] = 'testString' - account_settings_account_section_model = {} # AccountSettingsAccountSection - account_settings_account_section_model['account_id'] = 'testString' - account_settings_account_section_model['restrict_create_service_id'] = 'NOT_SET' - account_settings_account_section_model['restrict_create_platform_apikey'] = 'NOT_SET' - account_settings_account_section_model['allowed_ip_addresses'] = 'testString' - account_settings_account_section_model['mfa'] = 'NONE' - account_settings_account_section_model['user_mfa'] = [effective_account_settings_user_mfa_model] - account_settings_account_section_model['history'] = [enity_history_record_model] - account_settings_account_section_model['session_expiration_in_seconds'] = '86400' - account_settings_account_section_model['session_invalidation_in_seconds'] = '7200' - account_settings_account_section_model['max_sessions_per_identity'] = 'testString' - account_settings_account_section_model['system_access_token_expiration_in_seconds'] = '3600' - account_settings_account_section_model['system_refresh_token_expiration_in_seconds'] = '259200' + account_settings_user_domain_restriction_model = {} # AccountSettingsUserDomainRestriction + account_settings_user_domain_restriction_model['realm_id'] = 'IBMid' + account_settings_user_domain_restriction_model['invitation_email_allow_patterns'] = [] + account_settings_user_domain_restriction_model['restrict_invitation'] = True + + account_settings_response_model = {} # AccountSettingsResponse + account_settings_response_model['context'] = response_context_model + account_settings_response_model['account_id'] = 'testString' + account_settings_response_model['entity_tag'] = 'testString' + account_settings_response_model['history'] = [enity_history_record_model] + account_settings_response_model['restrict_create_service_id'] = 'NOT_SET' + account_settings_response_model['restrict_create_platform_apikey'] = 'NOT_SET' + account_settings_response_model['restrict_user_list_visibility'] = 'NOT_RESTRICTED' + account_settings_response_model['restrict_user_domains'] = [account_settings_user_domain_restriction_model] + account_settings_response_model['allowed_ip_addresses'] = 'testString' + account_settings_response_model['mfa'] = 'NONE' + account_settings_response_model['session_expiration_in_seconds'] = '86400' + account_settings_response_model['session_invalidation_in_seconds'] = '7200' + account_settings_response_model['max_sessions_per_identity'] = 'testString' + account_settings_response_model['system_access_token_expiration_in_seconds'] = '3600' + account_settings_response_model['system_refresh_token_expiration_in_seconds'] = '259200' + account_settings_response_model['user_mfa'] = [account_settings_user_mfa_response_model] account_settings_assigned_templates_section_model = {} # AccountSettingsAssignedTemplatesSection account_settings_assigned_templates_section_model['template_id'] = 'testString' @@ -10584,21 +10621,25 @@ def test_effective_account_settings_response_serialization(self): account_settings_assigned_templates_section_model['template_name'] = 'testString' account_settings_assigned_templates_section_model['restrict_create_service_id'] = 'NOT_SET' account_settings_assigned_templates_section_model['restrict_create_platform_apikey'] = 'NOT_SET' + account_settings_assigned_templates_section_model['restrict_user_list_visibility'] = 'NOT_RESTRICTED' + account_settings_assigned_templates_section_model['restrict_user_domains'] = [ + account_settings_user_domain_restriction_model + ] account_settings_assigned_templates_section_model['allowed_ip_addresses'] = 'testString' account_settings_assigned_templates_section_model['mfa'] = 'NONE' - account_settings_assigned_templates_section_model['user_mfa'] = [effective_account_settings_user_mfa_model] account_settings_assigned_templates_section_model['session_expiration_in_seconds'] = '86400' account_settings_assigned_templates_section_model['session_invalidation_in_seconds'] = '7200' account_settings_assigned_templates_section_model['max_sessions_per_identity'] = 'testString' account_settings_assigned_templates_section_model['system_access_token_expiration_in_seconds'] = '3600' account_settings_assigned_templates_section_model['system_refresh_token_expiration_in_seconds'] = '259200' + account_settings_assigned_templates_section_model['user_mfa'] = [account_settings_user_mfa_response_model] # Construct a json representation of a EffectiveAccountSettingsResponse model effective_account_settings_response_model_json = {} effective_account_settings_response_model_json['context'] = response_context_model effective_account_settings_response_model_json['account_id'] = 'testString' effective_account_settings_response_model_json['effective'] = account_settings_effective_section_model - effective_account_settings_response_model_json['account'] = account_settings_account_section_model + effective_account_settings_response_model_json['account'] = account_settings_response_model effective_account_settings_response_model_json['assigned_templates'] = [ account_settings_assigned_templates_section_model ] @@ -10625,47 +10666,6 @@ def test_effective_account_settings_response_serialization(self): assert effective_account_settings_response_model_json2 == effective_account_settings_response_model_json -class TestModel_EffectiveAccountSettingsUserMFA: - """ - Test Class for EffectiveAccountSettingsUserMFA - """ - - def test_effective_account_settings_user_mfa_serialization(self): - """ - Test serialization/deserialization for EffectiveAccountSettingsUserMFA - """ - - # Construct a json representation of a EffectiveAccountSettingsUserMFA model - effective_account_settings_user_mfa_model_json = {} - effective_account_settings_user_mfa_model_json['iam_id'] = 'testString' - effective_account_settings_user_mfa_model_json['mfa'] = 'NONE' - effective_account_settings_user_mfa_model_json['name'] = 'testString' - effective_account_settings_user_mfa_model_json['userName'] = 'testString' - effective_account_settings_user_mfa_model_json['email'] = 'testString' - effective_account_settings_user_mfa_model_json['description'] = 'testString' - - # Construct a model instance of EffectiveAccountSettingsUserMFA by calling from_dict on the json representation - effective_account_settings_user_mfa_model = EffectiveAccountSettingsUserMFA.from_dict( - effective_account_settings_user_mfa_model_json - ) - assert effective_account_settings_user_mfa_model != False - - # Construct a model instance of EffectiveAccountSettingsUserMFA by calling from_dict on the json representation - effective_account_settings_user_mfa_model_dict = EffectiveAccountSettingsUserMFA.from_dict( - effective_account_settings_user_mfa_model_json - ).__dict__ - effective_account_settings_user_mfa_model2 = EffectiveAccountSettingsUserMFA( - **effective_account_settings_user_mfa_model_dict - ) - - # Verify the model instances are equivalent - assert effective_account_settings_user_mfa_model == effective_account_settings_user_mfa_model2 - - # Convert model instance back to dict and verify no loss of data - effective_account_settings_user_mfa_model_json2 = effective_account_settings_user_mfa_model.to_dict() - assert effective_account_settings_user_mfa_model_json2 == effective_account_settings_user_mfa_model_json - - class TestModel_EnityHistoryRecord: """ Test Class for EnityHistoryRecord @@ -12915,6 +12915,37 @@ def test_user_activity_serialization(self): assert user_activity_model_json2 == user_activity_model_json +class TestModel_UserMfa: + """ + Test Class for UserMfa + """ + + def test_user_mfa_serialization(self): + """ + Test serialization/deserialization for UserMfa + """ + + # Construct a json representation of a UserMfa model + user_mfa_model_json = {} + user_mfa_model_json['iam_id'] = 'testString' + user_mfa_model_json['mfa'] = 'NONE' + + # Construct a model instance of UserMfa by calling from_dict on the json representation + user_mfa_model = UserMfa.from_dict(user_mfa_model_json) + assert user_mfa_model != False + + # Construct a model instance of UserMfa by calling from_dict on the json representation + user_mfa_model_dict = UserMfa.from_dict(user_mfa_model_json).__dict__ + user_mfa_model2 = UserMfa(**user_mfa_model_dict) + + # Verify the model instances are equivalent + assert user_mfa_model == user_mfa_model2 + + # Convert model instance back to dict and verify no loss of data + user_mfa_model_json2 = user_mfa_model.to_dict() + assert user_mfa_model_json2 == user_mfa_model_json + + class TestModel_UserMfaEnrollments: """ Test Class for UserMfaEnrollments