feat(IAM Access Groups): add support for dynamic membership (#143)

Co-authored-by: Narinder <narinde.kaur1@ibm.com>

Author: narinder-kaur

modules/examples/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/IamAccessGroupsExamples.java

@@ -63,6 +63,7 @@
 // IAM_ACCESS_GROUPS_APIKEY=<your iam apikey>
 // IAM_ACCESS_GROUPS_AUTH_URL=<IAM token service URL - omit this if using the production environment>
 // IAM_ACCESS_GROUPS_TEST_ACCOUNT_ID=<id of an account used for testing>
+// IAM_ACCESS_GROUPS_TEST_PROFILE_ID=<id of an profile used for testing>
 //
 // These configuration properties can be exported as environment variables, or stored
 // in a configuration file and then:
@@ -73,13 +74,14 @@ public class IamAccessGroupsExamples {
   protected IamAccessGroupsExamples() { }
 
   private static String testAccountId = null;
+  private static String testProfileId = null;
   private static String testGroupId = null;
   private static String testGroupETag = null;
   private static String testClaimRuleId = null;
   private static String testClaimRuleETag = null;
 
   static {
-      System.setProperty("IBM_CREDENTIALS_FILE", "../../iam_access_groups.env");
+      System.setProperty("IBM_CREDENTIALS_FILE", "../../iam_access_groups_v2.env");
   }
 
   public static void main(String[] args) throws Exception {
@@ -88,6 +90,7 @@ public static void main(String[] args) throws Exception {
     // Load up our test-specific config properties.
     Map<String, String> config = CredentialUtils.getServiceProperties(IamAccessGroups.DEFAULT_SERVICE_NAME);
     testAccountId = config.get("TEST_ACCOUNT_ID");
+    testProfileId = config.get("TEST_PROFILE_ID");
 
     try {
       System.out.println("createAccessGroup() result:");
@@ -193,10 +196,15 @@ public static void main(String[] args) throws Exception {
         .iamId("iam-ServiceId-123")
         .type("service")
         .build();
+        AddGroupMembersRequestMembersItem member3 = new AddGroupMembersRequestMembersItem.Builder()
+        .iamId(testProfileId)
+        .type("profile")
+        .build();
       AddMembersToAccessGroupOptions addMembersToAccessGroupOptions = new AddMembersToAccessGroupOptions.Builder()
         .accessGroupId(testGroupId)
         .addMembers(member1)
         .addMembers(member2)
+        .addMembers(member3)
         .build();
       Response<AddGroupMembersResponse> response = service.addMembersToAccessGroup(addMembersToAccessGroupOptions).execute();
       AddGroupMembersResponse addGroupMembersResponse = response.getResult();
@@ -291,6 +299,28 @@ public static void main(String[] args) throws Exception {
           e.getStatusCode(), e.getMessage(), e.getDebuggingInfo()), e);
     }
 
+    try {
+      System.out.println("removeMembersFromAccessGroup() result:");
+
+      // begin-remove_members_from_access_group
+
+      RemoveMembersFromAccessGroupOptions removeMembersFromAccessGroupOptions = new RemoveMembersFromAccessGroupOptions.Builder()
+        .accessGroupId(testGroupId)
+        .addMembers(testProfileId)
+        .build();
+
+      Response<DeleteGroupBulkMembersResponse> response = service.removeMembersFromAccessGroup(removeMembersFromAccessGroupOptions).execute();
+      // DeleteGroupBulkMembersResponse deleteGroupBulkMembersResponse = response.getResult();
+
+      // System.out.println(deleteGroupBulkMembersResponse);
+
+      // end-remove_members_from_access_group
+
+    } catch (ServiceResponseException e) {
+        logger.error(String.format("Profile returned status code %s: %s\nError details: %s",
+          e.getStatusCode(), e.getMessage(), e.getDebuggingInfo()), e);
+    }
+
     try {
       System.out.println("addMemberToMultipleAccessGroups() result:");
 
@@ -351,7 +381,7 @@ public static void main(String[] args) throws Exception {
         .accessGroupId(testGroupId)
         .name("Manager group rule")
         .expiration(12)
-        .realmName("https://idp.example.org/SAML2")
+        .realmName("https://idp.example.org/SAML5")
         .addConditions(ruleConditionsModel)
         .build();
 

modules/iam-access-groups/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/IamAccessGroups.java

@@ -12,7 +12,7 @@
  */
 
 /*
- * IBM OpenAPI SDK Code Generator Version: 3.43.4-432d779b-20220119-173927
+ * IBM OpenAPI SDK Code Generator Version: 3.46.1-a5569134-20220316-164819
  */
 
 package com.ibm.cloud.platform_services.iam_access_groups.v2;
@@ -169,6 +169,9 @@ public ServiceCall<GroupsList> listAccessGroups(ListAccessGroupsOptions listAcce
     if (listAccessGroupsOptions.iamId() != null) {
       builder.query("iam_id", String.valueOf(listAccessGroupsOptions.iamId()));
     }
+    if (listAccessGroupsOptions.membershipType() != null) {
+      builder.query("membership_type", String.valueOf(listAccessGroupsOptions.membershipType()));
+    }
     if (listAccessGroupsOptions.limit() != null) {
       builder.query("limit", String.valueOf(listAccessGroupsOptions.limit()));
     }
@@ -291,9 +294,9 @@ public ServiceCall<Void> deleteAccessGroup(DeleteAccessGroupOptions deleteAccess
   /**
    * Check membership in an access group.
    *
-   * This HEAD operation determines if a given `iam_id` is present in a group. No response body is returned with this
-   * request. If the membership exists, a `204 - No Content` status code is returned. If the membership or the group
-   * does not exist, a `404 - Not Found` status code is returned.
+   * This HEAD operation determines if a given `iam_id` is present in a group either explicitly or via dynamic rules. No
+   * response body is returned with this request. If the membership exists, a `204 - No Content` status code is
+   * returned. If the membership or the group does not exist, a `404 - Not Found` status code is returned.
    *
    * @param isMemberOfAccessGroupOptions the {@link IsMemberOfAccessGroupOptions} containing the options for the call
    * @return a {@link ServiceCall} with a void result
@@ -377,6 +380,9 @@ public ServiceCall<GroupMembersList> listAccessGroupMembers(ListAccessGroupMembe
     if (listAccessGroupMembersOptions.transactionId() != null) {
       builder.header("Transaction-Id", listAccessGroupMembersOptions.transactionId());
     }
+    if (listAccessGroupMembersOptions.membershipType() != null) {
+      builder.query("membership_type", String.valueOf(listAccessGroupMembersOptions.membershipType()));
+    }
     if (listAccessGroupMembersOptions.limit() != null) {
       builder.query("limit", String.valueOf(listAccessGroupMembersOptions.limit()));
     }
@@ -401,7 +407,8 @@ public ServiceCall<GroupMembersList> listAccessGroupMembers(ListAccessGroupMembe
    * Delete member from an access group.
    *
    * Remove one member from a group using this API. If the operation is successful, only a `204 - No Content` response
-   * with no body is returned. However, if any error occurs, the standard error format will be returned.
+   * with no body is returned. However, if any error occurs, the standard error format will be returned. Dynamic member
+   * cannot be deleted using this API. Dynamic rules needs to be adjusted to delete dynamic members.
    *
    * @param removeMemberFromAccessGroupOptions the {@link RemoveMemberFromAccessGroupOptions} containing the options for the call
    * @return a {@link ServiceCall} with a void result
@@ -429,7 +436,8 @@ public ServiceCall<Void> removeMemberFromAccessGroup(RemoveMemberFromAccessGroup
    *
    * Remove multiple members from a group using this API. On a successful call, this API will always return 207. It is
    * the caller's responsibility to iterate across the body to determine successful deletion of each member. This API
-   * request payload can delete up to 50 members per call.
+   * request payload can delete up to 50 members per call. This API doesnt delete dynamic members accessing the access
+   * group via dynamic rules.
    *
    * @param removeMembersFromAccessGroupOptions the {@link RemoveMembersFromAccessGroupOptions} containing the options for the call
    * @return a {@link ServiceCall} with a result of type {@link DeleteGroupBulkMembersResponse}

modules/iam-access-groups/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/AddGroupMembersRequestMembersItem.java

@@ -106,7 +106,7 @@ public Builder newBuilder() {
   /**
    * Gets the iamId.
    *
-   * The IBMid, Service Id or Profile Id of the member.
+   * The IBMid, service ID or trusted profile ID of the member.
    *
    * @return the iamId
    */

modules/iam-access-groups/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/Group.java

@@ -38,6 +38,8 @@ public class Group extends GenericModel {
   protected String href;
   @SerializedName("is_federated")
   protected Boolean isFederated;
+  @SerializedName("membership_type")
+  protected String membershipType;
 
   /**
    * Gets the id.
@@ -148,5 +150,16 @@ public String getHref() {
   public Boolean isIsFederated() {
     return isFederated;
   }
+
+  /**
+   * Gets the membershipType.
+   *
+   * Type of the membership. `static` or `dynamic`.
+   *
+   * @return the membershipType
+   */
+  public String getMembershipType() {
+    return membershipType;
+  }
 }
 

modules/iam-access-groups/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/ListAccessGroupMembersOptions.java

@@ -21,6 +21,7 @@ public class ListAccessGroupMembersOptions extends GenericModel {
 
   protected String accessGroupId;
   protected String transactionId;
+  protected String membershipType;
   protected Long limit;
   protected Long offset;
   protected String type;
@@ -33,6 +34,7 @@ public class ListAccessGroupMembersOptions extends GenericModel {
   public static class Builder {
     private String accessGroupId;
     private String transactionId;
+    private String membershipType;
     private Long limit;
     private Long offset;
     private String type;
@@ -42,6 +44,7 @@ public static class Builder {
     private Builder(ListAccessGroupMembersOptions listAccessGroupMembersOptions) {
       this.accessGroupId = listAccessGroupMembersOptions.accessGroupId;
       this.transactionId = listAccessGroupMembersOptions.transactionId;
+      this.membershipType = listAccessGroupMembersOptions.membershipType;
       this.limit = listAccessGroupMembersOptions.limit;
       this.offset = listAccessGroupMembersOptions.offset;
       this.type = listAccessGroupMembersOptions.type;
@@ -95,6 +98,17 @@ public Builder transactionId(String transactionId) {
       return this;
     }
 
+    /**
+     * Set the membershipType.
+     *
+     * @param membershipType the membershipType
+     * @return the ListAccessGroupMembersOptions builder
+     */
+    public Builder membershipType(String membershipType) {
+      this.membershipType = membershipType;
+      return this;
+    }
+
     /**
      * Set the limit.
      *
@@ -156,6 +170,7 @@ protected ListAccessGroupMembersOptions(Builder builder) {
       "accessGroupId cannot be empty");
     accessGroupId = builder.accessGroupId;
     transactionId = builder.transactionId;
+    membershipType = builder.membershipType;
     limit = builder.limit;
     offset = builder.offset;
     type = builder.type;
@@ -196,6 +211,19 @@ public String transactionId() {
     return transactionId;
   }
 
+  /**
+   * Gets the membershipType.
+   *
+   * Filters members by membership type. Membership type can be either `static`, `dynamic` or `all`. `static` lists
+   * those members explicitly added to the access group, `dynamic` lists those members part of access group via dynamic
+   * rules at the moment. `all` lists both static and dynamic members.
+   *
+   * @return the membershipType
+   */
+  public String membershipType() {
+    return membershipType;
+  }
+
   /**
    * Gets the limit.
    *
@@ -232,7 +260,7 @@ public String type() {
   /**
    * Gets the verbose.
    *
-   * Return user's email and name for each user id or the name for each service id or trusted profile.
+   * Return user's email and name for each user ID or the name for each service ID or trusted profile.
    *
    * @return the verbose
    */

modules/iam-access-groups/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/ListAccessGroupsOptions.java

@@ -22,6 +22,7 @@ public class ListAccessGroupsOptions extends GenericModel {
   protected String accountId;
   protected String transactionId;
   protected String iamId;
+  protected String membershipType;
   protected Long limit;
   protected Long offset;
   protected String sort;
@@ -35,6 +36,7 @@ public static class Builder {
     private String accountId;
     private String transactionId;
     private String iamId;
+    private String membershipType;
     private Long limit;
     private Long offset;
     private String sort;
@@ -45,6 +47,7 @@ private Builder(ListAccessGroupsOptions listAccessGroupsOptions) {
       this.accountId = listAccessGroupsOptions.accountId;
       this.transactionId = listAccessGroupsOptions.transactionId;
       this.iamId = listAccessGroupsOptions.iamId;
+      this.membershipType = listAccessGroupsOptions.membershipType;
       this.limit = listAccessGroupsOptions.limit;
       this.offset = listAccessGroupsOptions.offset;
       this.sort = listAccessGroupsOptions.sort;
@@ -109,6 +112,17 @@ public Builder iamId(String iamId) {
       return this;
     }
 
+    /**
+     * Set the membershipType.
+     *
+     * @param membershipType the membershipType
+     * @return the ListAccessGroupsOptions builder
+     */
+    public Builder membershipType(String membershipType) {
+      this.membershipType = membershipType;
+      return this;
+    }
+
     /**
      * Set the limit.
      *
@@ -171,6 +185,7 @@ protected ListAccessGroupsOptions(Builder builder) {
     accountId = builder.accountId;
     transactionId = builder.transactionId;
     iamId = builder.iamId;
+    membershipType = builder.membershipType;
     limit = builder.limit;
     offset = builder.offset;
     sort = builder.sort;
@@ -216,14 +231,28 @@ public String transactionId() {
   /**
    * Gets the iamId.
    *
-   * Return groups for member id (IBMid, Service Id or Profile Id).
+   * Return groups for member ID (IBMid, service ID or trusted profile ID).
    *
    * @return the iamId
    */
   public String iamId() {
     return iamId;
   }
 
+  /**
+   * Gets the membershipType.
+   *
+   * Membership type need to be specified along with iam_id and must be either `static`, `dynamic` or `all`. If
+   * membership type is `static`, members explicitly added to the group will be shown. If membership type is `dynamic`,
+   * members accessing the access group at the moment via dynamic rules will be shown. If membership type is `all`, both
+   * static and dynamic members will be shown.
+   *
+   * @return the membershipType
+   */
+  public String membershipType() {
+    return membershipType;
+  }
+
   /**
    * Gets the limit.
    *

modules/iam-access-groups/src/main/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/ListGroupMembersResponseMember.java

@@ -25,6 +25,8 @@ public class ListGroupMembersResponseMember extends GenericModel {
   @SerializedName("iam_id")
   protected String iamId;
   protected String type;
+  @SerializedName("membership_type")
+  protected String membershipType;
   protected String name;
   protected String email;
   protected String description;
@@ -48,14 +50,25 @@ public String getIamId() {
   /**
    * Gets the type.
    *
-   * The member type - either `user` or `service`.
+   * The member type - either `user`, `service` or `profile`.
    *
    * @return the type
    */
   public String getType() {
     return type;
   }
 
+  /**
+   * Gets the membershipType.
+   *
+   * The membership type - either `static` or `dynamic`.
+   *
+   * @return the membershipType
+   */
+  public String getMembershipType() {
+    return membershipType;
+  }
+
   /**
    * Gets the name.
    *

modules/iam-access-groups/src/test/java/com/ibm/cloud/platform_services/iam_access_groups/v2/IamAccessGroupsIT.java

@@ -87,7 +87,7 @@ public class IamAccessGroupsIT extends SdkIntegrationTestBase {
 
     @Override
     public String getConfigFilename() {
-        return "../../iam_access_groups.env";
+        return "../../iam_access_groups_v2.env";
     }
 
     @Override

modules/iam-access-groups/src/test/java/com/ibm/cloud/platform_services/iam_access_groups/v2/IamAccessGroupsTest.java

@@ -38,5 +38,6 @@ public void testGroup() throws Throwable {
     assertNull(groupModel.getAccountId());
     assertNull(groupModel.getHref());
     assertNull(groupModel.isIsFederated());
+    assertNull(groupModel.getMembershipType());
   }
 }

modules/iam-access-groups/src/test/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/GroupTest.java

@@ -34,6 +34,7 @@ public void testListAccessGroupMembersOptions() throws Throwable {
     ListAccessGroupMembersOptions listAccessGroupMembersOptionsModel = new ListAccessGroupMembersOptions.Builder()
       .accessGroupId("testString")
       .transactionId("testString")
+      .membershipType("static")
       .limit(Long.valueOf("26"))
       .offset(Long.valueOf("26"))
       .type("testString")
@@ -42,6 +43,7 @@ public void testListAccessGroupMembersOptions() throws Throwable {
       .build();
     assertEquals(listAccessGroupMembersOptionsModel.accessGroupId(), "testString");
     assertEquals(listAccessGroupMembersOptionsModel.transactionId(), "testString");
+    assertEquals(listAccessGroupMembersOptionsModel.membershipType(), "static");
     assertEquals(listAccessGroupMembersOptionsModel.limit(), Long.valueOf("26"));
     assertEquals(listAccessGroupMembersOptionsModel.offset(), Long.valueOf("26"));
     assertEquals(listAccessGroupMembersOptionsModel.type(), "testString");

modules/iam-access-groups/src/test/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/ListAccessGroupMembersOptionsTest.java

@@ -35,6 +35,7 @@ public void testListAccessGroupsOptions() throws Throwable {
       .accountId("testString")
       .transactionId("testString")
       .iamId("testString")
+      .membershipType("static")
       .limit(Long.valueOf("26"))
       .offset(Long.valueOf("26"))
       .sort("name")
@@ -44,6 +45,7 @@ public void testListAccessGroupsOptions() throws Throwable {
     assertEquals(listAccessGroupsOptionsModel.accountId(), "testString");
     assertEquals(listAccessGroupsOptionsModel.transactionId(), "testString");
     assertEquals(listAccessGroupsOptionsModel.iamId(), "testString");
+    assertEquals(listAccessGroupsOptionsModel.membershipType(), "static");
     assertEquals(listAccessGroupsOptionsModel.limit(), Long.valueOf("26"));
     assertEquals(listAccessGroupsOptionsModel.offset(), Long.valueOf("26"));
     assertEquals(listAccessGroupsOptionsModel.sort(), "name");

modules/iam-access-groups/src/test/java/com/ibm/cloud/platform_services/iam_access_groups/v2/model/ListAccessGroupsOptionsTest.java

@@ -34,6 +34,7 @@ public void testListGroupMembersResponseMember() throws Throwable {
     ListGroupMembersResponseMember listGroupMembersResponseMemberModel = new ListGroupMembersResponseMember();
     assertNull(listGroupMembersResponseMemberModel.getIamId());
     assertNull(listGroupMembersResponseMemberModel.getType());
+    assertNull(listGroupMembersResponseMemberModel.getMembershipType());
     assertNull(listGroupMembersResponseMemberModel.getName());
     assertNull(listGroupMembersResponseMemberModel.getEmail());
     assertNull(listGroupMembersResponseMemberModel.getDescription());