Merge branch 'main' into iam-identity-adding-activity

Author: padamstx

.bumpversion.cfg

@@ -1,5 +1,5 @@
 [bumpversion]
-current_version = 0.22.9
+current_version = 0.23.0
 commit = True
 message = Update version {current_version} -> {new_version}
 

CHANGELOG.md

@@ -1,3 +1,10 @@
+# [0.23.0](https://github.com/IBM/platform-services-python-sdk/compare/v0.22.9...v0.23.0) (2022-04-04)
+
+
+### Features
+
+* **IAM Access Groups:** add support for dynamic membership ([#154](https://github.com/IBM/platform-services-python-sdk/issues/154)) ([256792d](https://github.com/IBM/platform-services-python-sdk/commit/256792d1dc6cb1368821ae3ac1a5a81f24f9f1b8))
+
 ## [0.22.9](https://github.com/IBM/platform-services-python-sdk/compare/v0.22.8...v0.22.9) (2022-03-21)
 
 

README.md

@@ -8,7 +8,7 @@
 [![CLA assistant](https://cla-assistant.io/readme/badge/IBM/platform-services-python-sdk)](https://cla-assistant.io/IBM/platform-services-python-sdk)
 
 
-# IBM Cloud Platform Services Python SDK Version 0.22.9
+# IBM Cloud Platform Services Python SDK Version 0.23.0
 
 Python client library to interact with various 
 [IBM Cloud Platform Service APIs](https://cloud.ibm.com/docs?tab=api-docs&category=platform_services).

examples/test_iam_access_groups_v2_examples.py

@@ -37,13 +37,14 @@
 # in a configuration file and then:
 # export IBM_CREDENTIALS_FILE=<name of configuration file>
 #
-config_file = 'iam_access_groups.env'
+config_file = 'iam_access_groups_v2.env'
 
 iam_access_groups_service = None
 
 config = None
 
 test_account_id = None
+test_profile_id = None
 test_group_etag = None
 test_group_id = None
 test_claim_rule_id = None
@@ -74,10 +75,11 @@ def setup_class(cls):
             assert iam_access_groups_service is not None
 
             # Load the configuration
-            global config, test_account_id
+            global config, test_account_id, test_profile_id
             config = read_external_sources(
                 IamAccessGroupsV2.DEFAULT_SERVICE_NAME)
             test_account_id = config['TEST_ACCOUNT_ID']
+            test_profile_id = config['TEST_PROFILE_ID']
 
         print('Setup complete.')
 
@@ -188,7 +190,9 @@ def test_add_members_to_access_group_example(self):
                 iam_id='IBMid-user1', type='user')
             member2 = AddGroupMembersRequestMembersItem(
                 iam_id='iam-ServiceId-123', type='service')
-            members = [member1, member2]
+            member3 = AddGroupMembersRequestMembersItem(
+                iam_id=test_profile_id, type='profile')
+            members = [member1, member2, member3]
 
             add_group_members_response = iam_access_groups_service.add_members_to_access_group(
                 access_group_id=test_group_id,
@@ -281,6 +285,27 @@ def test_remove_members_from_access_group_example(self):
         except ApiException as e:
             pytest.fail(str(e))
 
+    @needscredentials
+    def test_remove_profile_members_from_access_group_example(self):
+        """
+        remove_members_from_access_group request example
+        """
+        try:
+            print('\nremove_members_from_access_group() result:')
+            # begin-remove_members_from_access_group
+
+            delete_group_bulk_members_response = iam_access_groups_service.remove_members_from_access_group(
+                access_group_id=test_group_id,
+                members=[test_profile_id]
+            ).get_result()
+
+            print(json.dumps(delete_group_bulk_members_response, indent=2))
+
+            # end-remove_members_from_access_group
+
+        except ApiException as e:
+            pytest.fail(str(e))
+
     @needscredentials
     def test_add_member_to_multiple_access_groups_example(self):
         """

ibm_platform_services/iam_access_groups_v2.py

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# IBM OpenAPI SDK Code Generator Version: 3.43.4-432d779b-20220119-173927
+# IBM OpenAPI SDK Code Generator Version: 3.46.1-a5569134-20220316-164819
 
 """
 The IAM Access Groups API allows for the management of access groups (Create, Read,
@@ -161,6 +161,7 @@ def list_access_groups(self,
         *,
         transaction_id: str = None,
         iam_id: str = None,
+        membership_type: str = None,
         limit: int = None,
         offset: int = None,
         sort: str = None,
@@ -187,8 +188,14 @@ def list_access_groups(self,
                multiple services by using one identifier. The header key must be set to
                Transaction-Id and the value is anything that you choose. If no transaction
                ID is passed in, then a random ID is generated.
-        :param str iam_id: (optional) Return groups for member id (IBMid, Service
-               Id or Profile Id).
+        :param str iam_id: (optional) Return groups for member ID (IBMid, service
+               ID or trusted profile ID).
+        :param str membership_type: (optional) Membership type need to be specified
+               along with iam_id and must be either `static`, `dynamic` or `all`. If
+               membership type is `static`, members explicitly added to the group will be
+               shown. If membership type is `dynamic`, members accessing the access group
+               at the moment via dynamic rules will be shown. If membership type is `all`,
+               both static and dynamic members will be shown.
         :param int limit: (optional) Return up to this limit of results where limit
                is between 0 and 100.
         :param int offset: (optional) The offset of the first result item to be
@@ -218,6 +225,7 @@ def list_access_groups(self,
         params = {
             'account_id': account_id,
             'iam_id': iam_id,
+            'membership_type': membership_type,
             'limit': limit,
             'offset': offset,
             'sort': sort,
@@ -444,10 +452,11 @@ def is_member_of_access_group(self,
         """
         Check membership in an access group.
 
-        This HEAD operation determines if a given `iam_id` is present in a group. No
-        response body is returned with this request. If the membership exists, a `204 - No
-        Content` status code is returned. If the membership or the group does not exist, a
-        `404 - Not Found` status code is returned.
+        This HEAD operation determines if a given `iam_id` is present in a group either
+        explicitly or via dynamic rules. No response body is returned with this request.
+        If the membership exists, a `204 - No Content` status code is returned. If the
+        membership or the group does not exist, a `404 - Not Found` status code is
+        returned.
 
         :param str access_group_id: The access group identifier.
         :param str iam_id: The IAM identifier.
@@ -558,6 +567,7 @@ def list_access_group_members(self,
         access_group_id: str,
         *,
         transaction_id: str = None,
+        membership_type: str = None,
         limit: int = None,
         offset: int = None,
         type: str = None,
@@ -580,13 +590,18 @@ def list_access_group_members(self,
                multiple services by using one identifier. The header key must be set to
                Transaction-Id and the value is anything that you choose. If no transaction
                ID is passed in, then a random ID is generated.
+        :param str membership_type: (optional) Filters members by membership type.
+               Membership type can be either `static`, `dynamic` or `all`. `static` lists
+               those members explicitly added to the access group, `dynamic` lists those
+               members part of access group via dynamic rules at the moment. `all` lists
+               both static and dynamic members.
         :param int limit: (optional) Return up to this limit of results where limit
                is between 0 and 100.
         :param int offset: (optional) The offset of the first result item to be
                returned.
         :param str type: (optional) Filter the results by member type.
         :param bool verbose: (optional) Return user's email and name for each user
-               id or the name for each service id or trusted profile.
+               ID or the name for each service ID or trusted profile.
         :param str sort: (optional) If verbose is true, sort the results by id,
                name, or email.
         :param dict headers: A `dict` containing the request headers
@@ -605,6 +620,7 @@ def list_access_group_members(self,
         headers.update(sdk_headers)
 
         params = {
+            'membership_type': membership_type,
             'limit': limit,
             'offset': offset,
             'type': type,
@@ -641,7 +657,9 @@ def remove_member_from_access_group(self,
 
         Remove one member from a group using this API. If the operation is successful,
         only a `204 - No Content` response with no body is returned. However, if any error
-        occurs, the standard error format will be returned.
+        occurs, the standard error format will be returned. Dynamic member cannot be
+        deleted using this API. Dynamic rules needs to be adjusted to delete dynamic
+        members.
 
         :param str access_group_id: The access group identifier.
         :param str iam_id: The IAM identifier.
@@ -695,7 +713,8 @@ def remove_members_from_access_group(self,
         Remove multiple members from a group using this API. On a successful call, this
         API will always return 207. It is the caller's responsibility to iterate across
         the body to determine successful deletion of each member. This API request payload
-        can delete up to 50 members per call.
+        can delete up to 50 members per call. This API doesnt delete dynamic members
+        accessing the access group via dynamic rules.
 
         :param str access_group_id: The access group identifier.
         :param List[str] members: (optional) The `iam_id`s to remove from the
@@ -1437,7 +1456,7 @@ class AddGroupMembersRequestMembersItem():
     """
     AddGroupMembersRequestMembersItem.
 
-    :attr str iam_id: The IBMid, Service Id or Profile Id of the member.
+    :attr str iam_id: The IBMid, service ID or trusted profile ID of the member.
     :attr str type: The type of the member, must be either "user", "service" or
           "trusted profile".
     """
@@ -1448,7 +1467,8 @@ def __init__(self,
         """
         Initialize a AddGroupMembersRequestMembersItem object.
 
-        :param str iam_id: The IBMid, Service Id or Profile Id of the member.
+        :param str iam_id: The IBMid, service ID or trusted profile ID of the
+               member.
         :param str type: The type of the member, must be either "user", "service"
                or "trusted profile".
         """
@@ -2212,6 +2232,8 @@ class Group():
     :attr str href: (optional) A url to the given group resource.
     :attr bool is_federated: (optional) This is set to true if rules exist for the
           group.
+    :attr str membership_type: (optional) Type of the membership. `static` or
+          `dynamic`.
     """
 
     def __init__(self,
@@ -2225,7 +2247,8 @@ def __init__(self,
                  last_modified_at: datetime = None,
                  last_modified_by_id: str = None,
                  href: str = None,
-                 is_federated: bool = None) -> None:
+                 is_federated: bool = None,
+                 membership_type: str = None) -> None:
         """
         Initialize a Group object.
 
@@ -2237,6 +2260,8 @@ def __init__(self,
         :param str href: (optional) A url to the given group resource.
         :param bool is_federated: (optional) This is set to true if rules exist for
                the group.
+        :param str membership_type: (optional) Type of the membership. `static` or
+               `dynamic`.
         """
         self.id = id
         self.name = name
@@ -2248,6 +2273,7 @@ def __init__(self,
         self.last_modified_by_id = last_modified_by_id
         self.href = href
         self.is_federated = is_federated
+        self.membership_type = membership_type
 
     @classmethod
     def from_dict(cls, _dict: Dict) -> 'Group':
@@ -2273,6 +2299,8 @@ def from_dict(cls, _dict: Dict) -> 'Group':
             args['href'] = _dict.get('href')
         if 'is_federated' in _dict:
             args['is_federated'] = _dict.get('is_federated')
+        if 'membership_type' in _dict:
+            args['membership_type'] = _dict.get('membership_type')
         return cls(**args)
 
     @classmethod
@@ -2303,6 +2331,8 @@ def to_dict(self) -> Dict:
             _dict['href'] = self.href
         if hasattr(self, 'is_federated') and self.is_federated is not None:
             _dict['is_federated'] = self.is_federated
+        if hasattr(self, 'membership_type') and self.membership_type is not None:
+            _dict['membership_type'] = self.membership_type
         return _dict
 
     def _to_dict(self):
@@ -2615,7 +2645,10 @@ class ListGroupMembersResponseMember():
     A single member of an access group in a list.
 
     :attr str iam_id: (optional) The IBMid or Service Id of the member.
-    :attr str type: (optional) The member type - either `user` or `service`.
+    :attr str type: (optional) The member type - either `user`, `service` or
+          `profile`.
+    :attr str membership_type: (optional) The membership type - either `static` or
+          `dynamic`.
     :attr str name: (optional) The user's or service id's name.
     :attr str email: (optional) If the member type is user, this is the user's
           email.
@@ -2632,6 +2665,7 @@ def __init__(self,
                  *,
                  iam_id: str = None,
                  type: str = None,
+                 membership_type: str = None,
                  name: str = None,
                  email: str = None,
                  description: str = None,
@@ -2642,7 +2676,10 @@ def __init__(self,
         Initialize a ListGroupMembersResponseMember object.
 
         :param str iam_id: (optional) The IBMid or Service Id of the member.
-        :param str type: (optional) The member type - either `user` or `service`.
+        :param str type: (optional) The member type - either `user`, `service` or
+               `profile`.
+        :param str membership_type: (optional) The membership type - either
+               `static` or `dynamic`.
         :param str name: (optional) The user's or service id's name.
         :param str email: (optional) If the member type is user, this is the user's
                email.
@@ -2656,6 +2693,7 @@ def __init__(self,
         """
         self.iam_id = iam_id
         self.type = type
+        self.membership_type = membership_type
         self.name = name
         self.email = email
         self.description = description
@@ -2671,6 +2709,8 @@ def from_dict(cls, _dict: Dict) -> 'ListGroupMembersResponseMember':
             args['iam_id'] = _dict.get('iam_id')
         if 'type' in _dict:
             args['type'] = _dict.get('type')
+        if 'membership_type' in _dict:
+            args['membership_type'] = _dict.get('membership_type')
         if 'name' in _dict:
             args['name'] = _dict.get('name')
         if 'email' in _dict:
@@ -2697,6 +2737,8 @@ def to_dict(self) -> Dict:
             _dict['iam_id'] = self.iam_id
         if hasattr(self, 'type') and self.type is not None:
             _dict['type'] = self.type
+        if hasattr(self, 'membership_type') and self.membership_type is not None:
+            _dict['membership_type'] = self.membership_type
         if hasattr(self, 'name') and self.name is not None:
             _dict['name'] = self.name
         if hasattr(self, 'email') and self.email is not None:

ibm_platform_services/version.py

@@ -1,4 +1,4 @@
 """
 Version of platform_services
 """
-__version__ = '0.22.9'
+__version__ = '0.23.0'

setup.py

@@ -19,7 +19,7 @@
 import sys
 import pkg_resources
 
-__version__ = '0.22.9'
+__version__ = '0.23.0'
 PACKAGE_NAME = 'ibm_platform_services'
 PACKAGE_DESC = 'Python client library for IBM Cloud Platform Services'
 

test/integration/test_iam_access_groups_v2.py

@@ -28,7 +28,7 @@
 from ibm_platform_services.iam_access_groups_v2 import *
 
 # Read config file
-configFile = 'iam_access_groups.env'
+configFile = 'iam_access_groups_v2.env'
 
 
 class TestIamAccessGroupsV2(unittest.TestCase):