Class: OCI::Apiaccesscontrol::PrivilegedApiControlClient

Inherits:
Object
  • Object
show all
Defined in:
lib/oci/apiaccesscontrol/privileged_api_control_client.rb

Overview

This service is used to restrict the control plane service apis; so that everybody won't be able to access those apis. There are two main resouces defined as a part of this service 1. PrivilegedApiControl: This is created by the customer which defines which service apis are controlled and who can access it. 2. PrivilegedApiRequest: This is a request object again created by the customer operators who seek access to those privileged apis. After a request is obtained based on the PrivilegedAccessControl for which the api belongs to, either it can be approved so that the requested person can execute the service apis or it will wait for the customer to approve it.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ PrivilegedApiControlClient

Creates a new PrivilegedApiControlClient. Notes: If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Either a region or an endpoint must be specified. If an endpoint is specified, it will be used instead of the region. A region may be specified in the config or via or the region parameter. If specified in both, then the region parameter will be used.

Parameters:

  • config (Config) (defaults to: nil)

    A Config object.

  • region (String) (defaults to: nil)

    A region used to determine the service endpoint. This will usually correspond to a value in Regions::REGION_ENUM, but may be an arbitrary string.

  • endpoint (String) (defaults to: nil)

    The fully qualified endpoint URL

  • signer (OCI::BaseSigner) (defaults to: nil)

    A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

  • proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil)

    If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

  • retry_config (OCI::Retry::RetryConfig) (defaults to: nil)

    The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries



60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 60

def initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config

  if endpoint
    @endpoint = endpoint + '/20241130'
  else
    region ||= config.region
    region ||= signer.region if signer.respond_to?(:region)
    self.region = region
  end
  logger.info "PrivilegedApiControlClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_clientOCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:



20
21
22
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 20

def api_client
  @api_client
end

#endpointString (readonly)

Fully qualified endpoint URL

Returns:

  • (String)


24
25
26
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 24

def endpoint
  @endpoint
end

#regionString

The region, which will usually correspond to a value in Regions::REGION_ENUM.

Returns:

  • (String)


34
35
36
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 34

def region
  @region
end

#retry_configOCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries



30
31
32
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 30

def retry_config
  @retry_config
end

Instance Method Details

#change_privileged_api_control_compartment(privileged_api_control_id, change_privileged_api_control_compartment_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use change_privileged_api_control_compartment API.

Moves a PrivilegedApiControl into a different compartment within the same tenancy. For information about moving resources between compartments, see Moving Resources to a Different Compartment.

Parameters:

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :if_match (String)

    For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.

  • :opc_request_id (String)

    Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. The only valid characters for request IDs are letters, numbers, underscore, and dash.

  • :opc_retry_token (String)

    A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of running that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations. For example, if a resource has been deleted and removed from the system, then a retry of the original creation request might be rejected.

Returns:

  • (Response)

    A Response object with data of type nil



134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 134

def change_privileged_api_control_compartment(privileged_api_control_id, change_privileged_api_control_compartment_details, opts = {})
  logger.debug 'Calling operation PrivilegedApiControlClient#change_privileged_api_control_compartment.' if logger

  raise "Missing the required parameter 'privileged_api_control_id' when calling change_privileged_api_control_compartment." if privileged_api_control_id.nil?
  raise "Missing the required parameter 'change_privileged_api_control_compartment_details' when calling change_privileged_api_control_compartment." if change_privileged_api_control_compartment_details.nil?
  raise "Parameter value for 'privileged_api_control_id' must not be blank" if OCI::Internal::Util.blank_string?(privileged_api_control_id)

  path = '/privilegedApiControls/{privilegedApiControlId}/actions/changeCompartment'.sub('{privilegedApiControlId}', privileged_api_control_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'if-match'] = opts[:if_match] if opts[:if_match]
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  header_params[:'opc-retry-token'] = opts[:opc_retry_token] if opts[:opc_retry_token]
  # rubocop:enable Style/NegatedIf
  header_params[:'opc-retry-token'] ||= OCI::Retry.generate_opc_retry_token

  post_body = @api_client.object_to_http_body(change_privileged_api_control_compartment_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'PrivilegedApiControlClient#change_privileged_api_control_compartment') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#create_privileged_api_control(create_privileged_api_control_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use create_privileged_api_control API.

Creates a PrivilegedApiControl.

Parameters:

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :opc_retry_token (String)

    A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of running that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations. For example, if a resource has been deleted and removed from the system, then a retry of the original creation request might be rejected.

  • :opc_request_id (String)

    Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. The only valid characters for request IDs are letters, numbers, underscore, and dash.

Returns:



202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 202

def create_privileged_api_control(create_privileged_api_control_details, opts = {})
  logger.debug 'Calling operation PrivilegedApiControlClient#create_privileged_api_control.' if logger

  raise "Missing the required parameter 'create_privileged_api_control_details' when calling create_privileged_api_control." if create_privileged_api_control_details.nil?

  path = '/privilegedApiControls'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-retry-token'] = opts[:opc_retry_token] if opts[:opc_retry_token]
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf
  header_params[:'opc-retry-token'] ||= OCI::Retry.generate_opc_retry_token

  post_body = @api_client.object_to_http_body(create_privileged_api_control_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'PrivilegedApiControlClient#create_privileged_api_control') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::Apiaccesscontrol::Models::PrivilegedApiControl'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#delete_privileged_api_control(privileged_api_control_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use delete_privileged_api_control API.

Deletes a PrivilegedApiControl.

Parameters:

  • privileged_api_control_id (String)

    The OCID of the PrivilegedApiControl.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :description (String)

    reason for deletion of PrivilegedApiControl.

  • :if_match (String)

    For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.

  • :opc_request_id (String)

    Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. The only valid characters for request IDs are letters, numbers, underscore, and dash.

Returns:

  • (Response)

    A Response object with data of type nil



267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 267

def delete_privileged_api_control(privileged_api_control_id, opts = {})
  logger.debug 'Calling operation PrivilegedApiControlClient#delete_privileged_api_control.' if logger

  raise "Missing the required parameter 'privileged_api_control_id' when calling delete_privileged_api_control." if privileged_api_control_id.nil?
  raise "Parameter value for 'privileged_api_control_id' must not be blank" if OCI::Internal::Util.blank_string?(privileged_api_control_id)

  path = '/privilegedApiControls/{privilegedApiControlId}'.sub('{privilegedApiControlId}', privileged_api_control_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:description] = opts[:description] if opts[:description]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'if-match'] = opts[:if_match] if opts[:if_match]
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'PrivilegedApiControlClient#delete_privileged_api_control') do
    @api_client.call_api(
      :DELETE,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#get_privileged_api_control(privileged_api_control_id, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use get_privileged_api_control API.

Gets information about a PrivilegedApiControl.

Parameters:

  • privileged_api_control_id (String)

    The OCID of the PrivilegedApiControl.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :opc_request_id (String)

    Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. The only valid characters for request IDs are letters, numbers, underscore, and dash.

Returns:



326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 326

def get_privileged_api_control(privileged_api_control_id, opts = {})
  logger.debug 'Calling operation PrivilegedApiControlClient#get_privileged_api_control.' if logger

  raise "Missing the required parameter 'privileged_api_control_id' when calling get_privileged_api_control." if privileged_api_control_id.nil?
  raise "Parameter value for 'privileged_api_control_id' must not be blank" if OCI::Internal::Util.blank_string?(privileged_api_control_id)

  path = '/privilegedApiControls/{privilegedApiControlId}'.sub('{privilegedApiControlId}', privileged_api_control_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'PrivilegedApiControlClient#get_privileged_api_control') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::Apiaccesscontrol::Models::PrivilegedApiControl'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#list_privileged_api_controls(opts = {}) ⇒ Response

Note:

Click here to see an example of how to use list_privileged_api_controls API.

Gets a list of PrivilegedApiControls.

Parameters:

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :compartment_id (String)

    The OCID of the compartment in which to list resources.

  • :id (String)

    The OCID of the PrivilegedApiControl.

  • :lifecycle_state (String)

    A filter to return only resources that match the given lifecycle state. The state value is case-insensitive.

  • :display_name (String)

    A filter to return only resources that match the given display name exactly.

  • :resource_type (String)

    A filter to return only lists of resources that match the entire given service type.

  • :limit (Integer)

    For list pagination. The maximum number of results per page, or items to return in a paginated "List" call. For important details about how pagination works, see List Pagination. (default to 10)

  • :page (String)

    For list pagination. The value of the opc-next-page response header from the previous "List" call. For important details about how pagination works, see List Pagination.

  • :sort_order (String)

    The sort order to use, either ascending (ASC) or descending (DESC).

  • :sort_by (String)

    The field to sort by. You can provide only one sort order. Default order for timeCreated is descending. Default order for displayName is ascending. (default to timeCreated) Allowed values are: timeCreated, displayName

  • :opc_request_id (String)

    Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. The only valid characters for request IDs are letters, numbers, underscore, and dash.

Returns:



404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 404

def list_privileged_api_controls(opts = {})
  logger.debug 'Calling operation PrivilegedApiControlClient#list_privileged_api_controls.' if logger


  if opts[:lifecycle_state] && !OCI::Apiaccesscontrol::Models::PrivilegedApiControl::LIFECYCLE_STATE_ENUM.include?(opts[:lifecycle_state])
    raise 'Invalid value for "lifecycle_state", must be one of the values in OCI::Apiaccesscontrol::Models::PrivilegedApiControl::LIFECYCLE_STATE_ENUM.'
  end

  if opts[:sort_order] && !OCI::Apiaccesscontrol::Models::SORT_ORDER_ENUM.include?(opts[:sort_order])
    raise 'Invalid value for "sort_order", must be one of the values in OCI::Apiaccesscontrol::Models::SORT_ORDER_ENUM.'
  end

  if opts[:sort_by] && !%w[timeCreated displayName].include?(opts[:sort_by])
    raise 'Invalid value for "sort_by", must be one of timeCreated, displayName.'
  end

  path = '/privilegedApiControls'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}
  query_params[:compartmentId] = opts[:compartment_id] if opts[:compartment_id]
  query_params[:id] = opts[:id] if opts[:id]
  query_params[:lifecycleState] = opts[:lifecycle_state] if opts[:lifecycle_state]
  query_params[:displayName] = opts[:display_name] if opts[:display_name]
  query_params[:resourceType] = opts[:resource_type] if opts[:resource_type]
  query_params[:limit] = opts[:limit] if opts[:limit]
  query_params[:page] = opts[:page] if opts[:page]
  query_params[:sortOrder] = opts[:sort_order] if opts[:sort_order]
  query_params[:sortBy] = opts[:sort_by] if opts[:sort_by]

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = nil

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'PrivilegedApiControlClient#list_privileged_api_controls') do
    @api_client.call_api(
      :GET,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::Apiaccesscontrol::Models::PrivilegedApiControlCollection'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#loggerLogger

Returns The logger for this client. May be nil.

Returns:

  • (Logger)

    The logger for this client. May be nil.



99
100
101
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 99

def logger
  @api_client.config.logger
end

#update_privileged_api_control(privileged_api_control_id, update_privileged_api_control_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use update_privileged_api_control API.

Updates a PrivilegedApiControl.

Parameters:

Options Hash (opts):

  • :retry_config (OCI::Retry::RetryConfig)

    The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

  • :if_match (String)

    For optimistic concurrency control. In the PUT or DELETE call for a resource, set the if-match parameter to the value of the etag from a previous GET or POST response for that resource. The resource will be updated or deleted only if the etag you provide matches the resource's current etag value.

  • :opc_request_id (String)

    Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID. The only valid characters for request IDs are letters, numbers, underscore, and dash.

Returns:

  • (Response)

    A Response object with data of type nil



487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
# File 'lib/oci/apiaccesscontrol/privileged_api_control_client.rb', line 487

def update_privileged_api_control(privileged_api_control_id, update_privileged_api_control_details, opts = {})
  logger.debug 'Calling operation PrivilegedApiControlClient#update_privileged_api_control.' if logger

  raise "Missing the required parameter 'privileged_api_control_id' when calling update_privileged_api_control." if privileged_api_control_id.nil?
  raise "Missing the required parameter 'update_privileged_api_control_details' when calling update_privileged_api_control." if update_privileged_api_control_details.nil?
  raise "Parameter value for 'privileged_api_control_id' must not be blank" if OCI::Internal::Util.blank_string?(privileged_api_control_id)

  path = '/privilegedApiControls/{privilegedApiControlId}'.sub('{privilegedApiControlId}', privileged_api_control_id.to_s)
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'if-match'] = opts[:if_match] if opts[:if_match]
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(update_privileged_api_control_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'PrivilegedApiControlClient#update_privileged_api_control') do
    @api_client.call_api(
      :PUT,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body
    )
  end
  # rubocop:enable Metrics/BlockLength
end