Add User domains and User list visibility to iam_account_settings
pauljegouic opened this issue · 7 comments
BTW, I cannot found the related API in the doc ...
I have inspected network in IBM Cloud console, it shows:
https://cloud.ibm.com/iam/api/v1/accounts/$account_id/settings?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id
and
https://cloud.ibm.com/iam/api/v1/accounts/$account_id/settings/idps/IBMid?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id
But both ends up with authentication error.
I tried the following routes:
https://iam.cloud.ibm.com/v1/accounts/$account_id/settings/idps/IBMid?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id
https://iam.cloud.ibm.com/v1/accounts/$account_id/settings?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id
But both ends up to 404 error.
My script:
token=$(curl -s -X POST https://iam.cloud.ibm.com/identity/token -H "accept: application/json" -H "content-type: application/x-www-form-urlencoded" -d "grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=$IBMCLOUD_API_KEY" | jq -r .access_token)
echo $token
# Account ID retrieval
account_id=$(ibmcloud account show --output json | jq -r .account_id)
ims_account_id=$(ibmcloud account show --output json | jq -r .ims_account_id)
endpoint="https://iam.cloud.ibm.com/v1/accounts/$account_id/settings"
echo $endpoint
# Update User visibility and user domains allowed
res=$(curl -v -X PATCH $endpoint -H "Authorization: Bearer $token" -H 'Content-Type: application/json' -d '{ "team_directory_enabled": false }')
echo $res
endpoint="https://iam.cloud.ibm.com/v1/accounts/$account_id/settings/idps/IBMid?bss_account=$account_id&linkedaccount=true&imsaccountid=$ims_account_id"
echo $endpoint
# Update user domains allowed
res=$(curl -v -X POST $endpoint -H "Authorization: Bearer $token" -H 'Content-Type: application/json' -d '{ "type": "IBMid", "settings": { "restrict_invitation": true,"invitation_email_allow_patterns": ["**@mycompany.com","**@*.mycompany.com"]} }')
echo $res
Thanks a lot in advance, we need to automate this part, and as a workaround, a null_resource could be ok.
I'd be interested to get the info as well!
@narinder-kaur, @Rajesh-Pirati, @pooraniss-ibm Could one of you please review and suggest a workaround or next steps?
Hello, and thank you for the feedback. This is currently supported only through Console settings at this time. Terraform would be supported in a future release.
@gzalpuri-ibm-us Is it possible to set these with an api? Looks like @pauljegouic was attempting it in #4204 (comment)
FYI, there are undocumented apis that can be used to set these...
To retrieve:
GET https://accounts.cloud.ibm.com/v1/accounts/{account_id}/traits
To update FS Validated (for example)
PATCH https://accounts.cloud.ibm.com/v1/accounts/{account_id}/traits
body:
{
"fs_ready": true
}
To update user list visibility (for example):
PATCH https://accounts.cloud.ibm.com/v1/accounts/{account_id}/traits
body:
{
"team_directory_enabled": false
}