Add User domains and User list visibility to iam_account_settings

Question

Add User domains and User list visibility to iam_account_settings

pauljegouic opened this issue 2 years ago · 7 comments

pauljegouic commented 2 years ago

Hello there,

I am looking for those IAM account configuration, and I cannot find them in the terraform IBM Cloud provider.

Am i missing something or is it something that will come in next releases ?

Regards,

Answer 1 · 2022-11-29T14:17:40.000Z

Also this account settings would be needed:

Answer 2 · 2022-11-29T15:44:19.000Z

BTW, I cannot found the related API in the doc ...

I have inspected network in IBM Cloud console, it shows:

https://cloud.ibm.com/iam/api/v1/accounts/$account_id/settings?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id
and
https://cloud.ibm.com/iam/api/v1/accounts/$account_id/settings/idps/IBMid?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id

But both ends up with authentication error.

I tried the following routes:
https://iam.cloud.ibm.com/v1/accounts/$account_id/settings/idps/IBMid?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id
https://iam.cloud.ibm.com/v1/accounts/$account_id/settings?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id

But both ends up to 404 error.

My script:

token=$(curl -s  -X POST https://iam.cloud.ibm.com/identity/token -H "accept: application/json" -H "content-type: application/x-www-form-urlencoded" -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$IBMCLOUD_API_KEY" | jq -r .access_token)
echo $token
# Account ID retrieval
account_id=$(ibmcloud account show --output json | jq -r .account_id)
ims_account_id=$(ibmcloud account show --output json | jq -r .ims_account_id)
endpoint="https://iam.cloud.ibm.com/v1/accounts/$account_id/settings"
echo $endpoint
# Update User visibility and user domains allowed
res=$(curl -v -X PATCH $endpoint -H "Authorization: Bearer $token" -H 'Content-Type: application/json' -d '{ "team_directory_enabled": false }')
echo $res
endpoint="https://iam.cloud.ibm.com/v1/accounts/$account_id/settings/idps/IBMid?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id"
echo $endpoint
# Update user domains allowed
res=$(curl -v -X POST $endpoint -H "Authorization: Bearer $token" -H 'Content-Type: application/json' -d '{ "type": "IBMid", "settings": { "restrict_invitation": true,"invitation_email_allow_patterns": ["**@mycompany.com","**@*.mycompany.com"]} }')
echo $res

Thanks a lot in advance, we need to automate this part, and as a workaround, a null_resource could be ok.

Answer 3 · 2023-02-08T09:43:31.000Z

I'd be interested to get the info as well!

Answer 4 · 2023-03-07T18:29:49.000Z

@narinder-kaur, @Rajesh-Pirati, @pooraniss-ibm Could one of you please review and suggest a workaround or next steps?

Answer 5 · 2023-03-28T13:11:42.000Z

Hello, and thank you for the feedback. This is currently supported only through Console settings at this time. Terraform would be supported in a future release.

Answer 6 · 2023-05-09T09:15:25.000Z

@gzalpuri-ibm-us Is it possible to set these with an api? Looks like @pauljegouic was attempting it in #4204 (comment)

Answer 7 · 2023-12-19T17:17:28.000Z

FYI, there are undocumented apis that can be used to set these...

To retrieve:
GET https://accounts.cloud.ibm.com/v1/accounts/{account_id}/traits

To update FS Validated (for example)
PATCH https://accounts.cloud.ibm.com/v1/accounts/{account_id}/traits

body:
{
   "fs_ready": true
}

To update user list visibility (for example):
PATCH https://accounts.cloud.ibm.com/v1/accounts/{account_id}/traits

body:
{
   "team_directory_enabled": false
}