Class: OCI::IdentityDataPlane::DataplaneClient

Inherits:

Object

• Object
• OCI::IdentityDataPlane::DataplaneClient

Defined in:

lib/oci/identity_data_plane/dataplane_client.rb

Overview

APIs for managing identity data plane services. For example, use this API to create a scoped-access security token. To manage identity domains (for example, creating or deleting an identity domain) or to manage resources (for example, users and groups) within the default identity domain, see IAM API.

Instance Attribute Summary

• #api_client ⇒ OCI::ApiClient readonly

  Client used to make HTTP requests.

• #endpoint ⇒ String readonly

  Fully qualified endpoint URL.

• #region ⇒ String

  The region, which will usually correspond to a value in Regions::REGION_ENUM.

• #retry_config ⇒ OCI::Retry::RetryConfig readonly

  The default retry configuration to apply to all operations in this service client.

Instance Method Summary

• #generate_scoped_access_token(generate_scoped_access_token_details, opts = {}) ⇒ Response

  Based on the calling Principal and the input payload, derive the claims, and generate a scoped-access token for specific resources.

• #generate_user_security_token(generate_user_security_token_details, opts = {}) ⇒ Response

  Exchanges a valid user token-based signature (API key and UPST) for a short-lived UPST of the authenticated user principal.

• #initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ DataplaneClient constructor

  Creates a new DataplaneClient.

• #logger ⇒ Logger

  The logger for this client.

Constructor Details

#initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil) ⇒ DataplaneClient

Creates a new DataplaneClient. Notes: If a config is not specified, then the global OCI.config will be used.

This client is not thread-safe

Either a region or an endpoint must be specified. If an endpoint is specified, it will be used instead of the region. A region may be specified in the config or via or the region parameter. If specified in both, then the region parameter will be used.

Parameters:

• config (Config) (defaults to: nil) —

  A Config object.

• region (String) (defaults to: nil) —

  A region used to determine the service endpoint. This will usually correspond to a value in Regions::REGION_ENUM, but may be an arbitrary string.

• endpoint (String) (defaults to: nil) —

  The fully qualified endpoint URL

• signer (OCI::BaseSigner) (defaults to: nil) —

  A signer implementation which can be used by this client. If this is not provided then a signer will be constructed via the provided config. One use case of this parameter is instance principals authentication, so that the instance principals signer can be provided to the client

• proxy_settings (OCI::ApiClientProxySettings) (defaults to: nil) —

  If your environment requires you to use a proxy server for outgoing HTTP requests the details for the proxy can be provided in this parameter

• retry_config (OCI::Retry::RetryConfig) (defaults to: nil) —

  The retry configuration for this service client. This represents the default retry configuration to apply across all operations. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 55

def initialize(config: nil, region: nil, endpoint: nil, signer: nil, proxy_settings: nil, retry_config: nil)
  # If the signer is an InstancePrincipalsSecurityTokenSigner or SecurityTokenSigner and no config was supplied (they are self-sufficient signers)
  # then create a dummy config to pass to the ApiClient constructor. If customers wish to create a client which uses instance principals
  # and has config (either populated programmatically or loaded from a file), they must construct that config themselves and then
  # pass it to this constructor.
  #
  # If there is no signer (or the signer is not an instance principals signer) and no config was supplied, this is not valid
  # so try and load the config from the default file.
  config = OCI::Config.validate_and_build_config_with_signer(config, signer)

  signer = OCI::Signer.config_file_auth_builder(config) if signer.nil?

  @api_client = OCI::ApiClient.new(config, signer, proxy_settings: proxy_settings)
  @retry_config = retry_config

  if endpoint
    @endpoint = endpoint + '/v1'
  else
    region ||= config.region
    region ||= signer.region if signer.respond_to?(:region)
    self.region = region
  end
  logger.info "DataplaneClient endpoint set to '#{@endpoint}'." if logger
end

Instance Attribute Details

#api_client ⇒ OCI::ApiClient (readonly)

Client used to make HTTP requests.

Returns:

• (OCI::ApiClient)

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 15

def api_client
  @api_client
end

#endpoint ⇒ String (readonly)

Fully qualified endpoint URL

Returns:

• (String)

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 19

def endpoint
  @endpoint
end

#region ⇒ String

The region, which will usually correspond to a value in Regions::REGION_ENUM.

Returns:

• (String)

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 29

def region
  @region
end

#retry_config ⇒ OCI::Retry::RetryConfig (readonly)

The default retry configuration to apply to all operations in this service client. This can be overridden on a per-operation basis. The default retry configuration value is nil, which means that an operation will not perform any retries

Returns:

• (OCI::Retry::RetryConfig)

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 25

def retry_config
  @retry_config
end

Instance Method Details

#generate_scoped_access_token(generate_scoped_access_token_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use generate_scoped_access_token API.

Based on the calling Principal and the input payload, derive the claims, and generate a scoped-access token for specific resources. For example, set scope to urn:oracle:db::id::<compartment-id> for access to a database in a compartment.

Parameters:

• generate_scoped_access_token_details (OCI::IdentityDataPlane::Models::GenerateScopedAccessTokenDetails) —

  Scoped access token request

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

Returns:

• (Response) —

  A Response object with data of type SecurityToken

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 112

def generate_scoped_access_token(generate_scoped_access_token_details, opts = {})
  logger.debug 'Calling operation DataplaneClient#generate_scoped_access_token.' if logger

  raise "Missing the required parameter 'generate_scoped_access_token_details' when calling generate_scoped_access_token." if generate_scoped_access_token_details.nil?

  path = '/actions/generateScopedAccessToken'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(generate_scoped_access_token_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'DataplaneClient#generate_scoped_access_token') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::IdentityDataPlane::Models::SecurityToken'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#generate_user_security_token(generate_user_security_token_details, opts = {}) ⇒ Response

Note:

Click here to see an example of how to use generate_user_security_token API.

Exchanges a valid user token-based signature (API key and UPST) for a short-lived UPST of the authenticated user principal. When not specified, the user session duration is set to a default of 60 minutes in all realms. Resulting UPSTs are refreshable while the user session has not expired.

Parameters:

• generate_user_security_token_details (OCI::IdentityDataPlane::Models::GenerateUserSecurityTokenDetails) —

  The key-value pair object storing the token exchange request parameters required to obtain a UPST for self.

• opts (Hash) (defaults to: {}) —

  the optional parameters

Options Hash (opts):

• :retry_config (OCI::Retry::RetryConfig) —

  The retry configuration to apply to this operation. If no key is provided then the service-level retry configuration defined by #retry_config will be used. If an explicit nil value is provided then the operation will not retry

• :opc_request_id (String) —

  Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.

Returns:

• (Response) —

  A Response object with data of type SecurityToken

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 170

def generate_user_security_token(generate_user_security_token_details, opts = {})
  logger.debug 'Calling operation DataplaneClient#generate_user_security_token.' if logger

  raise "Missing the required parameter 'generate_user_security_token_details' when calling generate_user_security_token." if generate_user_security_token_details.nil?

  path = '/token/upst/actions/GenerateUpst'
  operation_signing_strategy = :standard

  # rubocop:disable Style/NegatedIf
  # Query Params
  query_params = {}

  # Header Params
  header_params = {}
  header_params[:accept] = 'application/json'
  header_params[:'content-type'] = 'application/json'
  header_params[:'opc-request-id'] = opts[:opc_request_id] if opts[:opc_request_id]
  # rubocop:enable Style/NegatedIf

  post_body = @api_client.object_to_http_body(generate_user_security_token_details)

  # rubocop:disable Metrics/BlockLength
  OCI::Retry.make_retrying_call(applicable_retry_config(opts), call_name: 'DataplaneClient#generate_user_security_token') do
    @api_client.call_api(
      :POST,
      path,
      endpoint,
      header_params: header_params,
      query_params: query_params,
      operation_signing_strategy: operation_signing_strategy,
      body: post_body,
      return_type: 'OCI::IdentityDataPlane::Models::SecurityToken'
    )
  end
  # rubocop:enable Metrics/BlockLength
end

#logger ⇒ Logger

Returns The logger for this client. May be nil.

Returns:

• (Logger) —

  The logger for this client. May be nil.

# File 'lib/oci/identity_data_plane/dataplane_client.rb', line 94

def logger
  @api_client.config.logger
end