Support for IAM service authorization

README.md

@@ -33,7 +33,6 @@ The IBM Cloud Secrets Manager Java SDK allows developers to programmatically int
 - Java 11
 
 ## Installation
-
 ##### Maven
 
 ```xml

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/Configuration.java

@@ -189,6 +189,7 @@ public interface SigningMethod {
   protected String classicInfrastructureUsername;
   @SerializedName("classic_infrastructure_password")
   protected String classicInfrastructurePassword;
+  protected Boolean disabled;
   @SerializedName("api_key")
   protected String apiKey;
   @SerializedName("common_name")
@@ -471,6 +472,17 @@ public String getClassicInfrastructurePassword() {
     return classicInfrastructurePassword;
   }
 
+  /**
+   * Gets the disabled.
+   *
+   * This parameter indicates whether the API key configuration is disabled.
+   *
+   * @return the disabled
+   */
+  public Boolean isDisabled() {
+    return disabled;
+  }
+
   /**
    * Gets the apiKey.
    *

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/ConfigurationMetadata.java

@@ -154,6 +154,7 @@ public interface SigningMethod {
   protected Date createdAt;
   @SerializedName("updated_at")
   protected Date updatedAt;
+  protected Boolean disabled;
   @SerializedName("lets_encrypt_environment")
   protected String letsEncryptEnvironment;
   @SerializedName("lets_encrypt_preferred_chain")
@@ -249,6 +250,17 @@ public Date getUpdatedAt() {
     return updatedAt;
   }
 
+  /**
+   * Gets the disabled.
+   *
+   * This parameter indicates whether the API key configuration is disabled.
+   *
+   * @return the disabled
+   */
+  public Boolean isDisabled() {
+    return disabled;
+  }
+
   /**
    * Gets the letsEncryptEnvironment.
    *

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/ConfigurationPatch.java

@@ -56,6 +56,7 @@ public interface LetsEncryptEnvironment {
 
   @SerializedName("api_key")
   protected String apiKey;
+  protected Boolean disabled;
   @SerializedName("max_ttl")
   protected String maxTtl;
   @SerializedName("crl_expiry")
@@ -162,6 +163,20 @@ public String apiKey() {
     return apiKey;
   }
 
+  /**
+   * Gets the disabled.
+   *
+   * This parameter indicates whether the API key configuration is disabled.
+   *
+   * If it is set to `disabled`, the IAM credentials engine doesn't use the configured API key for credentials
+   * management.
+   *
+   * @return the disabled
+   */
+  public Boolean disabled() {
+    return disabled;
+  }
+
   /**
    * Gets the maxTtl.
    *

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/ConfigurationPrototype.java

@@ -243,6 +243,7 @@ public interface SigningMethod {
   protected String notBeforeDuration;
   @SerializedName("api_key")
   protected String apiKey;
+  protected Boolean disabled;
 
   protected ConfigurationPrototype() { }
 
@@ -1096,5 +1097,18 @@ public String notBeforeDuration() {
   public String apiKey() {
     return apiKey;
   }
+
+  /**
+   * Gets the disabled.
+   *
+   * This parameter indicates whether the API key configuration is disabled.
+   *
+   * If it is set to `true`, the IAM credentials engine doesn't use the configured API key for credentials management.
+   *
+   * @return the disabled
+   */
+  public Boolean disabled() {
+    return disabled;
+  }
 }
 

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/IAMCredentialsConfigurationPatch.java

@@ -28,6 +28,7 @@ public class IAMCredentialsConfigurationPatch extends ConfigurationPatch {
    */
   public static class Builder {
     private String apiKey;
+    private Boolean disabled;
 
     /**
      * Instantiates a new Builder from an existing IAMCredentialsConfigurationPatch instance.
@@ -36,6 +37,7 @@ public static class Builder {
      */
     public Builder(ConfigurationPatch iamCredentialsConfigurationPatch) {
       this.apiKey = iamCredentialsConfigurationPatch.apiKey;
+      this.disabled = iamCredentialsConfigurationPatch.disabled;
     }
 
     /**
@@ -44,15 +46,6 @@ public Builder(ConfigurationPatch iamCredentialsConfigurationPatch) {
     public Builder() {
     }
 
-    /**
-     * Instantiates a new builder with required properties.
-     *
-     * @param apiKey the apiKey
-     */
-    public Builder(String apiKey) {
-      this.apiKey = apiKey;
-    }
-
     /**
      * Builds a IAMCredentialsConfigurationPatch.
      *
@@ -72,14 +65,24 @@ public Builder apiKey(String apiKey) {
       this.apiKey = apiKey;
       return this;
     }
+
+    /**
+     * Set the disabled.
+     *
+     * @param disabled the disabled
+     * @return the IAMCredentialsConfigurationPatch builder
+     */
+    public Builder disabled(Boolean disabled) {
+      this.disabled = disabled;
+      return this;
+    }
   }
 
   protected IAMCredentialsConfigurationPatch() { }
 
   protected IAMCredentialsConfigurationPatch(Builder builder) {
-    com.ibm.cloud.sdk.core.util.Validator.notNull(builder.apiKey,
-      "apiKey cannot be null");
     apiKey = builder.apiKey;
+    disabled = builder.disabled;
   }
 
   /**

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/IAMCredentialsConfigurationPrototype.java

@@ -49,6 +49,7 @@ public static class Builder {
     private String name;
     private String configType;
     private String apiKey;
+    private Boolean disabled;
 
     /**
      * Instantiates a new Builder from an existing IAMCredentialsConfigurationPrototype instance.
@@ -59,6 +60,7 @@ public Builder(ConfigurationPrototype iamCredentialsConfigurationPrototype) {
       this.name = iamCredentialsConfigurationPrototype.name;
       this.configType = iamCredentialsConfigurationPrototype.configType;
       this.apiKey = iamCredentialsConfigurationPrototype.apiKey;
+      this.disabled = iamCredentialsConfigurationPrototype.disabled;
     }
 
     /**
@@ -121,6 +123,17 @@ public Builder apiKey(String apiKey) {
       this.apiKey = apiKey;
       return this;
     }
+
+    /**
+     * Set the disabled.
+     *
+     * @param disabled the disabled
+     * @return the IAMCredentialsConfigurationPrototype builder
+     */
+    public Builder disabled(Boolean disabled) {
+      this.disabled = disabled;
+      return this;
+    }
   }
 
   protected IAMCredentialsConfigurationPrototype() { }
@@ -135,6 +148,7 @@ protected IAMCredentialsConfigurationPrototype(Builder builder) {
     name = builder.name;
     configType = builder.configType;
     apiKey = builder.apiKey;
+    disabled = builder.disabled;
   }
 
   /**

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/IAMCredentialsSecretPrototype.java

@@ -58,6 +58,7 @@ public static class Builder {
     private String ttl;
     private List<String> accessGroups;
     private String serviceId;
+    private String accountId;
     private Boolean reuseApiKey;
     private RotationPolicy rotation;
     private Map<String, Object> customMetadata;
@@ -77,6 +78,7 @@ public Builder(SecretPrototype iamCredentialsSecretPrototype) {
       this.ttl = iamCredentialsSecretPrototype.ttl;
       this.accessGroups = iamCredentialsSecretPrototype.accessGroups;
       this.serviceId = iamCredentialsSecretPrototype.serviceId;
+      this.accountId = iamCredentialsSecretPrototype.accountId;
       this.reuseApiKey = iamCredentialsSecretPrototype.reuseApiKey;
       this.rotation = iamCredentialsSecretPrototype.rotation;
       this.customMetadata = iamCredentialsSecretPrototype.customMetadata;
@@ -235,6 +237,17 @@ public Builder serviceId(String serviceId) {
       return this;
     }
 
+    /**
+     * Set the accountId.
+     *
+     * @param accountId the accountId
+     * @return the IAMCredentialsSecretPrototype builder
+     */
+    public Builder accountId(String accountId) {
+      this.accountId = accountId;
+      return this;
+    }
+
     /**
      * Set the reuseApiKey.
      *
@@ -299,6 +312,7 @@ protected IAMCredentialsSecretPrototype(Builder builder) {
     ttl = builder.ttl;
     accessGroups = builder.accessGroups;
     serviceId = builder.serviceId;
+    accountId = builder.accountId;
     reuseApiKey = builder.reuseApiKey;
     rotation = builder.rotation;
     customMetadata = builder.customMetadata;

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/Secret.java

@@ -124,6 +124,8 @@ public interface StateDescription {
   protected String apiKeyId;
   @SerializedName("service_id")
   protected String serviceId;
+  @SerializedName("account_id")
+  protected String accountId;
   @SerializedName("service_id_is_static")
   protected Boolean serviceIdIsStatic;
   @SerializedName("reuse_api_key")
@@ -461,6 +463,18 @@ public String getServiceId() {
     return serviceId;
   }
 
+  /**
+   * Gets the accountId.
+   *
+   * The ID of the account in which the IAM credentials are created. Use this field only if the target account is not
+   * the same as the account of the Secrets Manager instance. Otherwise, the field can be omitted.
+   *
+   * @return the accountId
+   */
+  public String getAccountId() {
+    return accountId;
+  }
+
   /**
    * Gets the serviceIdIsStatic.
    *

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/SecretMetadata.java

@@ -123,6 +123,8 @@ public interface StateDescription {
   protected String apiKeyId;
   @SerializedName("service_id")
   protected String serviceId;
+  @SerializedName("account_id")
+  protected String accountId;
   @SerializedName("service_id_is_static")
   protected Boolean serviceIdIsStatic;
   @SerializedName("reuse_api_key")
@@ -435,6 +437,18 @@ public String getServiceId() {
     return serviceId;
   }
 
+  /**
+   * Gets the accountId.
+   *
+   * The ID of the account in which the IAM credentials are created. Use this field only if the target account is not
+   * the same as the account of the Secrets Manager instance. Otherwise, the field can be omitted.
+   *
+   * @return the accountId
+   */
+  public String getAccountId() {
+    return accountId;
+  }
+
   /**
    * Gets the serviceIdIsStatic.
    *

modules/secrets-manager/src/main/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/SecretPrototype.java

@@ -110,6 +110,8 @@ public interface PrivateKeyFormat {
   protected List<String> accessGroups;
   @SerializedName("service_id")
   protected String serviceId;
+  @SerializedName("account_id")
+  protected String accountId;
   @SerializedName("reuse_api_key")
   protected Boolean reuseApiKey;
   protected RotationPolicy rotation;
@@ -309,6 +311,18 @@ public String serviceId() {
     return serviceId;
   }
 
+  /**
+   * Gets the accountId.
+   *
+   * The ID of the account in which the IAM credentials are created. Use this field only if the target account is not
+   * the same as the account of the Secrets Manager instance. Otherwise, the field can be omitted.
+   *
+   * @return the accountId
+   */
+  public String accountId() {
+    return accountId;
+  }
+
   /**
    * Gets the reuseApiKey.
    *

modules/secrets-manager/src/test/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/SecretsManagerTest.java

@@ -2096,7 +2096,7 @@ public void testCreateConfigurationNoOptions() throws Throwable {
   @Test
   public void testListConfigurationsWOptions() throws Throwable {
     // Register a mock response
-    String mockResponseBody = "{\"total_count\": 0, \"limit\": 25, \"offset\": 25, \"first\": {\"href\": \"href\"}, \"next\": {\"href\": \"href\"}, \"previous\": {\"href\": \"href\"}, \"last\": {\"href\": \"href\"}, \"configurations\": [{\"config_type\": \"iam_credentials_configuration\", \"name\": \"my-secret-engine-config\", \"secret_type\": \"arbitrary\", \"created_by\": \"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\", \"created_at\": \"2022-04-12T23:20:50.520Z\", \"updated_at\": \"2022-04-12T23:20:50.520Z\"}]}";
+    String mockResponseBody = "{\"total_count\": 0, \"limit\": 25, \"offset\": 25, \"first\": {\"href\": \"href\"}, \"next\": {\"href\": \"href\"}, \"previous\": {\"href\": \"href\"}, \"last\": {\"href\": \"href\"}, \"configurations\": [{\"config_type\": \"iam_credentials_configuration\", \"name\": \"my-secret-engine-config\", \"secret_type\": \"arbitrary\", \"created_by\": \"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\", \"created_at\": \"2022-04-12T23:20:50.520Z\", \"updated_at\": \"2022-04-12T23:20:50.520Z\", \"disabled\": true}]}";
     String listConfigurationsPath = "/api/v2/configurations";
     server.enqueue(new MockResponse()
       .setHeader("Content-type", "application/json")
@@ -2149,8 +2149,8 @@ public void testListConfigurationsWRetries() throws Throwable {
   @Test
   public void testListConfigurationsWithPagerGetNext() throws Throwable {
     // Set up the two-page mock response.
-    String mockResponsePage1 = "{\"next\":{\"href\":\"https://myhost.com/somePath?offset=1\"},\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\"}],\"limit\":1}";
-    String mockResponsePage2 = "{\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\"}],\"limit\":1}";
+    String mockResponsePage1 = "{\"next\":{\"href\":\"https://myhost.com/somePath?offset=1\"},\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\",\"disabled\":true}],\"limit\":1}";
+    String mockResponsePage2 = "{\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\",\"disabled\":true}],\"limit\":1}";
     server.enqueue(new MockResponse()
       .setHeader("Content-type", "application/json")
       .setResponseCode(200)
@@ -2185,8 +2185,8 @@ public void testListConfigurationsWithPagerGetNext() throws Throwable {
   @Test
   public void testListConfigurationsWithPagerGetAll() throws Throwable {
     // Set up the two-page mock response.
-    String mockResponsePage1 = "{\"next\":{\"href\":\"https://myhost.com/somePath?offset=1\"},\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\"}],\"limit\":1}";
-    String mockResponsePage2 = "{\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\"}],\"limit\":1}";
+    String mockResponsePage1 = "{\"next\":{\"href\":\"https://myhost.com/somePath?offset=1\"},\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\",\"disabled\":true}],\"limit\":1}";
+    String mockResponsePage2 = "{\"total_count\":2,\"configurations\":[{\"config_type\":\"iam_credentials_configuration\",\"name\":\"my-secret-engine-config\",\"secret_type\":\"arbitrary\",\"created_by\":\"iam-ServiceId-e4a2f0a4-3c76-4bef-b1f2-fbeae11c0f21\",\"created_at\":\"2022-04-12T23:20:50.520Z\",\"updated_at\":\"2022-04-12T23:20:50.520Z\",\"disabled\":true}],\"limit\":1}";
     server.enqueue(new MockResponse()
       .setHeader("Content-type", "application/json")
       .setResponseCode(200)

modules/secrets-manager/src/test/java/com/ibm/cloud/secrets_manager_sdk/secrets_manager/v2/model/IAMCredentialsConfigurationMetadataTest.java

@@ -38,5 +38,6 @@ public void testIAMCredentialsConfigurationMetadata() throws Throwable {
     assertNull(iamCredentialsConfigurationMetadataModel.getCreatedBy());
     assertNull(iamCredentialsConfigurationMetadataModel.getCreatedAt());
     assertNull(iamCredentialsConfigurationMetadataModel.getUpdatedAt());
+    assertNull(iamCredentialsConfigurationMetadataModel.isDisabled());
   }
 }