Package com.oracle.bmc.identity

Class IdentityClient

    • Field Detail

      • SERVICE

        public static final Service SERVICE
        Service instance for Identity.

      • clientCommonLibraryVersion

        public final String clientCommonLibraryVersion
        Compatible SDK version, provided by the codegen.

      • minimumClientCommonLibraryVersionFromClient

        public final Optional<String> minimumClientCommonLibraryVersionFromClient
        Minimum compatible SDK version, maybe provided by the codegen.

    • Method Detail

      • setRegion

        public void setRegion​(Region region)
        Description copied from interface: Identity
        Sets the region to call (ex, Region.US_PHOENIX_1).

        Note, this will call setEndpoint after resolving the endpoint. If the service is not available in this Region, however, an IllegalArgumentException will be raised.

        Specified by:
        setRegion in interface Identity
        Parameters:
        region - The region of the service.

      • setRegion

        public void setRegion​(String regionId)
        Description copied from interface: Identity
        Sets the region to call (ex, ‘us-phoenix-1’).

        Note, this will first try to map the region ID to a known Region and call setRegion.

        If no known Region could be determined, it will create an endpoint based on the default endpoint format (Region.formatDefaultRegionEndpoint(Service, String) and then call setEndpoint.

        Specified by:
        setRegion in interface Identity
        Parameters:
        regionId - The public region ID.

      • activateDomain

        public ActivateDomainResponse activateDomain​(ActivateDomainRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Activates a deactivated identity domain.

        You can only activate identity domains that your user account is not a part of.

        After you send the request, the `lifecycleDetails` of the identity domain is set to ACTIVATING. When the operation completes, the `lifecycleDetails` is set to null and the `lifecycleState` of the identity domain is set to ACTIVE.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        activateDomain in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • activateMfaTotpDevice

        public ActivateMfaTotpDeviceResponse activateMfaTotpDevice​(ActivateMfaTotpDeviceRequest request)
        Description copied from interface: Identity
        Activates the specified MFA TOTP device for the user.

        Activation requires manual interaction with the Console.

        Specified by:
        activateMfaTotpDevice in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • addUserToGroup

        public AddUserToGroupResponse addUserToGroup​(AddUserToGroupRequest request)
        Description copied from interface: Identity
        Adds the specified user to the specified group and returns a UserGroupMembership object with its own OCID.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        Specified by:
        addUserToGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • assembleEffectiveTagSet

        public AssembleEffectiveTagSetResponse assembleEffectiveTagSet​(AssembleEffectiveTagSetRequest request)
        Description copied from interface: Identity
        Assembles tag defaults in the specified compartment and any parent compartments to determine the tags to apply.

        Tag defaults from parent compartments do not override tag defaults referencing the same tag in a compartment lower down the hierarchy. This set of tag defaults includes all tag defaults from the current compartment back to the root compartment.

        Specified by:
        assembleEffectiveTagSet in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • bulkDeleteResources

        public BulkDeleteResourcesResponse bulkDeleteResources​(BulkDeleteResourcesRequest request)
        Description copied from interface: Identity
        Deletes multiple resources in the compartment.

        All resources must be in the same compartment. You must have the appropriate permissions to delete the resources in the request. This API can only be invoked from the tenancy’s home region. This operation creates a WorkRequest. Use the getWorkRequest API to monitor the status of the bulk action.

        Specified by:
        bulkDeleteResources in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • bulkDeleteTags

        public BulkDeleteTagsResponse bulkDeleteTags​(BulkDeleteTagsRequest request)
        Description copied from interface: Identity
        Deletes the specified tag key definitions.

        This operation triggers a process that removes the tags from all resources in your tenancy. The tag key definitions must be within the same tag namespace.

        The following actions happen immediately:

        If the tag is a cost-tracking tag, the tag no longer counts against your 10 cost-tracking tags limit, even if you do not disable the tag before running this operation. * If the tag is used with dynamic groups, the rules that contain the tag are no longer evaluated against the tag.

        After you start this operation, the state of the tag changes to DELETING, and tag removal from resources begins. This process can take up to 48 hours depending on the number of resources that are tagged and the regions in which those resources reside.

        When all tags have been removed, the state changes to DELETED. You cannot restore a deleted tag. After the tag state changes to DELETED, you can use the same tag name again.

        After you start this operation, you cannot start either the deleteTag or the cascadeDeleteTagNamespace operation until this process completes.

        In order to delete tags, you must first retire the tags. Use updateTag to retire a tag.

        Specified by:
        bulkDeleteTags in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • bulkEditTags

        public BulkEditTagsResponse bulkEditTags​(BulkEditTagsRequest request)
        Description copied from interface: Identity
        Edits the specified list of tag key definitions for the selected resources.

        This operation triggers a process that edits the tags on all selected resources. The possible actions are:

        Add a defined tag when the tag does not already exist on the resource. * Update the value for a defined tag when the tag is present on the resource. * Add a defined tag when it does not already exist on the resource or update the value for a defined tag when the tag is present on the resource. * Remove a defined tag from a resource. The tag is removed from the resource regardless of the tag value.

        See bulkEditOperationDetails for more information.

        The edits can include a combination of operations and tag sets. However, multiple operations cannot apply to one key definition in the same request. For example, if one request adds `tag set-1` to a resource and sets a tag value to `tag set-2`, `tag set-1` and `tag set-2` cannot have any common tag definitions.

        Specified by:
        bulkEditTags in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • bulkMoveResources

        public BulkMoveResourcesResponse bulkMoveResources​(BulkMoveResourcesRequest request)
        Description copied from interface: Identity
        Moves multiple resources from one compartment to another.

        All resources must be in the same compartment. This API can only be invoked from the tenancy’s home region. To move resources, you must have the appropriate permissions to move the resource in both the source and target compartments. This operation creates a WorkRequest. Use the getWorkRequest API to monitor the status of the bulk action.

        Specified by:
        bulkMoveResources in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • cascadeDeleteTagNamespace

        public CascadeDeleteTagNamespaceResponse cascadeDeleteTagNamespace​(CascadeDeleteTagNamespaceRequest request)
        Description copied from interface: Identity
        Deletes the specified tag namespace.

        This operation triggers a process that removes all of the tags defined in the specified tag namespace from all resources in your tenancy and then deletes the tag namespace.

        After you start the delete operation:

        New tag key definitions cannot be created under the namespace. * The state of the tag namespace changes to DELETING. * Tag removal from the resources begins.

        This process can take up to 48 hours depending on the number of tag definitions in the namespace, the number of resources that are tagged, and the locations of the regions in which those resources reside.

        After all tags are removed, the state changes to DELETED. You cannot restore a deleted tag namespace. After the deleted tag namespace changes its state to DELETED, you can use the name of the deleted tag namespace again.

        After you start this operation, you cannot start either the deleteTag or the bulkDeleteTags operation until this process completes.

        To delete a tag namespace, you must first retire it. Use updateTagNamespace to retire a tag namespace.

        Specified by:
        cascadeDeleteTagNamespace in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • changeDomainCompartment

        public ChangeDomainCompartmentResponse changeDomainCompartment​(ChangeDomainCompartmentRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Moves the identity domain to a different compartment in the tenancy.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        changeDomainCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • changeDomainLicenseType

        public ChangeDomainLicenseTypeResponse changeDomainLicenseType​(ChangeDomainLicenseTypeRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Changes the license type of the given identity domain.

        The identity domain’s lifecycleState must be set to ACTIVE and the requested licenseType must be allowed. To retrieve the allowed licenseType for the identity domain, use listAllowedDomainLicenseTypes.

        After you send your request, the `lifecycleDetails` of this identity domain is set to UPDATING. When the update of the identity domain completes, then the `lifecycleDetails` is set to null.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        changeDomainLicenseType in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • changeTagNamespaceCompartment

        public ChangeTagNamespaceCompartmentResponse changeTagNamespaceCompartment​(ChangeTagNamespaceCompartmentRequest request)
        Description copied from interface: Identity
        Moves the specified tag namespace to the specified compartment within the same tenancy.

        To move the tag namespace, you must have the manage tag-namespaces permission on both compartments. For more information about IAM policies, see [Details for IAM](https://docs.oracle.com/iaas/Content/Identity/policyreference/iampolicyreference.htm).

        Moving a tag namespace moves all the tag key definitions contained in the tag namespace.

        Specified by:
        changeTagNamespaceCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createAuthToken

        public CreateAuthTokenResponse createAuthToken​(CreateAuthTokenRequest request)
        Description copied from interface: Identity
        Creates a new auth token for the specified user.

        For information about what auth tokens are for, see Managing User Credentials.

        You must specify a *description* for the auth token (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateAuthToken.

        Every user has permission to create an auth token for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create an auth token for any user, including themselves.

        Specified by:
        createAuthToken in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createCompartment

        public CreateCompartmentResponse createCompartment​(CreateCompartmentRequest request)
        Description copied from interface: Identity
        Creates a new compartment in the specified compartment.

        Specify the parent compartment's OCID as the compartment ID in the request object. Remember that the tenancy is simply the root compartment. For information about OCIDs, see [Resource Identifiers](https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm).

        You must also specify a *name* for the compartment, which must be unique across all compartments in your tenancy. You can use this name or the OCID when writing policies that apply to the compartment. For more information about policies, see [How Policies Work](https://docs.oracle.com/iaas/Content/Identity/policieshow/how-policies-work.htm).

        You must also specify a *description* for the compartment (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateCompartment.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        Specified by:
        createCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createCustomerSecretKey

        public CreateCustomerSecretKeyResponse createCustomerSecretKey​(CreateCustomerSecretKeyRequest request)
        Description copied from interface: Identity
        Creates a new secret key for the specified user.

        Secret keys are used for authentication with the Object Storage Service’s Amazon S3 compatible API. The secret key consists of an Access Key/Secret Key pair. For information, see Managing User Credentials.

        You must specify a *description* for the secret key (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateCustomerSecretKey.

        Every user has permission to create a secret key for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create a secret key for any user, including themselves.

        Specified by:
        createCustomerSecretKey in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createDomain

        public CreateDomainResponse createDomain​(CreateDomainRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Creates a new identity domain in the tenancy with the identity domain home in homeRegion.

        After you send your request, the temporary lifecycleState of this identity domain is set to CREATING and lifecycleDetails to UPDATING. When creation of the identity domain completes, this identity domain’s lifecycleState is set to ACTIVE and lifecycleDetails to null.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        After creating an `identity domain`, first make sure its `lifecycleState` changes from CREATING to ACTIVE before you use it.

        Specified by:
        createDomain in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createDynamicGroup

        public CreateDynamicGroupResponse createDynamicGroup​(CreateDynamicGroupRequest request)
        Description copied from interface: Identity
        Creates a new dynamic group in your tenancy.

        You must specify your tenancy's OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see [Resource Identifiers](https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm).

        You must also specify a *name* for the dynamic group, which must be unique across all dynamic groups in your tenancy, and cannot be changed. Note that this name has to be also unique across all groups in your tenancy. You can use this name or the OCID when writing policies that apply to the dynamic group. For more information about policies, see [How Policies Work](https://docs.oracle.com/iaas/Content/Identity/policieshow/how-policies-work.htm).

        You must also specify a *description* for the dynamic group (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateDynamicGroup.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        Specified by:
        createDynamicGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createGroup

        public CreateGroupResponse createGroup​(CreateGroupRequest request)
        Description copied from interface: Identity
        Creates a new group in your tenancy.

        You must specify your tenancy's OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see [Resource Identifiers](https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm).

        You must also specify a *name* for the group, which must be unique across all groups in your tenancy and cannot be changed. You can use this name or the OCID when writing policies that apply to the group. For more information about policies, see [How Policies Work](https://docs.oracle.com/iaas/Content/Identity/policieshow/how-policies-work.htm).

        You must also specify a *description* for the group (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateGroup.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        After creating the group, you need to put users in it and write policies for it. See addUserToGroup and createPolicy.

        Specified by:
        createGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createIdentityProvider

        public CreateIdentityProviderResponse createIdentityProvider​(CreateIdentityProviderRequest request)
        Description copied from interface: Identity
        Deprecated. For more information, see Deprecated IAM Service APIs.

        Creates a new identity provider in your tenancy. For more information, see [Identity Providers and Federation](https://docs.oracle.com/iaas/Content/Identity/Concepts/federation.htm).

        You must specify your tenancy's OCID as the compartment ID in the request object. Remember that the tenancy is simply the root compartment. For information about OCIDs, see [Resource Identifiers](https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm).

        You must also specify a *name* for the `IdentityProvider`, which must be unique across all `IdentityProvider` objects in your tenancy and cannot be changed.

        You must also specify a *description* for the `IdentityProvider` (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateIdentityProvider.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        Specified by:
        createIdentityProvider in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createMfaTotpDevice

        public CreateMfaTotpDeviceResponse createMfaTotpDevice​(CreateMfaTotpDeviceRequest request)
        Description copied from interface: Identity
        Creates a new MFA TOTP device for the user.

        A user can have one MFA TOTP device.

        Specified by:
        createMfaTotpDevice in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createNetworkSource

        public CreateNetworkSourceResponse createNetworkSource​(CreateNetworkSourceRequest request)
        Description copied from interface: Identity
        Creates a new network source in your tenancy.

        You must specify your tenancy's OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see [Resource Identifiers](https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm).

        You must also specify a *name* for the network source, which must be unique across all network sources in your tenancy, and cannot be changed. You can use this name or the OCID when writing policies that apply to the network source. For more information about policies, see [How Policies Work](https://docs.oracle.com/iaas/Content/Identity/policieshow/how-policies-work.htm).

        You must also specify a *description* for the network source (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateNetworkSource.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        After your network resource is created, you can use it in policy to restrict access to only requests made from an allowed IP address specified in your network source. For more information, see [Managing Network Sources](https://docs.oracle.com/iaas/Content/Identity/Tasks/managingnetworksources.htm).

        Specified by:
        createNetworkSource in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createOrResetUIPassword

        public CreateOrResetUIPasswordResponse createOrResetUIPassword​(CreateOrResetUIPasswordRequest request)
        Description copied from interface: Identity
        Creates a new Console one-time password for the specified user.

        For more information about user credentials, see User Credentials.

        Use this operation after creating a new user, or if a user forgets their password. The new one-time password is returned to you in the response, and you must securely deliver it to the user. They'll be prompted to change this password the next time they sign in to the Console. If they don't change it within 7 days, the password will expire and you'll need to create a new one-time password for the user.

        (For tenancies that support identity domains) Resetting a user's password generates a reset password email with a link that the user must follow to reset their password. If the user does not reset their password before the link expires, you'll need to reset the user's password again.

        *Note:** The user's Console login is the unique name you specified when you created the user (see createUser).

        Specified by:
        createOrResetUIPassword in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createPolicy

        public CreatePolicyResponse createPolicy​(CreatePolicyRequest request)
        Description copied from interface: Identity
        Creates a new policy in the specified compartment (either the tenancy or another of your compartments).

        If you’re new to policies, see Get Started with Policies.

        You must specify a *name* for the policy, which must be unique across all policies in your tenancy and cannot be changed.

        You must also specify a *description* for the policy (although it can be an empty string). It does not have to be unique, and you can change it anytime with updatePolicy.

        You must specify one or more policy statements in the statements array. For information about writing policies, see [How Policies Work](https://docs.oracle.com/iaas/Content/Identity/policieshow/how-policies-work.htm) and [Common Policies](https://docs.oracle.com/iaas/Content/Identity/policiescommon/commonpolicies.htm).

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        New policies take effect typically within 10 seconds.

        Specified by:
        createPolicy in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createSmtpCredential

        public CreateSmtpCredentialResponse createSmtpCredential​(CreateSmtpCredentialRequest request)
        Description copied from interface: Identity
        Creates a new SMTP credential for the specified user.

        An SMTP credential has an SMTP user name and an SMTP password. You must specify a description for the SMTP credential (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateSmtpCredential.

        Specified by:
        createSmtpCredential in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createSwiftPassword

        public CreateSwiftPasswordResponse createSwiftPassword​(CreateSwiftPasswordRequest request)
        Description copied from interface: Identity
        **Deprecated.

        Use createAuthToken instead.**

        Creates a new Swift password for the specified user. For information about what Swift passwords are for, see [Managing User Credentials](https://docs.oracle.com/iaas/Content/Identity/Tasks/managingcredentials.htm).

        You must specify a *description* for the Swift password (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateSwiftPassword.

        Every user has permission to create a Swift password for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to create a Swift password for any user, including themselves.

        Specified by:
        createSwiftPassword in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createTag

        public CreateTagResponse createTag​(CreateTagRequest request)
        Description copied from interface: Identity
        Creates a new tag in the specified tag namespace.

        The tag requires either the OCID or the name of the tag namespace that will contain this tag definition.

        You must specify a *name* for the tag, which must be unique across all tags in the tag namespace and cannot be changed. The name can contain any ASCII character except the space (_) or period (.) characters. Names are case insensitive. That means, for example, \"myTag\" and \"mytag\" are not allowed in the same namespace. If you specify a name that's already in use in the tag namespace, a 409 error is returned.

        The tag must have a *description*. It does not have to be unique, and you can change it with updateTag.

        The tag must have a value type, which is specified with a validator. Tags can use either a static value or a list of possible values. Static values are entered by a user applying the tag to a resource. Lists are created by you and the user must apply a value from the list. Lists are validiated.

        If no `validator` is set, the user applying the tag to a resource can type in a static value or leave the tag value empty. * If a `validator` is set, the user applying the tag to a resource must select from a list of values that you supply with enumTagDefinitionValidator.

        Specified by:
        createTag in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createTagDefault

        public CreateTagDefaultResponse createTagDefault​(CreateTagDefaultRequest request)
        Description copied from interface: Identity
        Creates a new tag default in the specified compartment for the specified tag definition.

        If you specify that a value is required, a value is set during resource creation (either by the user creating the resource or another tag defualt). If no value is set, resource creation is blocked.

        If the `isRequired` flag is set to \"true\", the value is set during resource creation. * If the `isRequired` flag is set to \"false\", the value you enter is set during resource creation.

        Specified by:
        createTagDefault in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createTagNamespace

        public CreateTagNamespaceResponse createTagNamespace​(CreateTagNamespaceRequest request)
        Description copied from interface: Identity
        Creates a new tag namespace in the specified compartment.

        You must specify the compartment ID in the request object (remember that the tenancy is simply the root compartment).

        You must also specify a *name* for the namespace, which must be unique across all namespaces in your tenancy and cannot be changed. The name can contain any ASCII character except the space (_) or period (.). Names are case insensitive. That means, for example, \"myNamespace\" and \"mynamespace\" are not allowed in the same tenancy. Once you created a namespace, you cannot change the name. If you specify a name that's already in use in the tenancy, a 409 error is returned.

        You must also specify a *description* for the namespace. It does not have to be unique, and you can change it with updateTagNamespace.

        Specified by:
        createTagNamespace in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • createUser

        public CreateUserResponse createUser​(CreateUserRequest request)
        Description copied from interface: Identity
        Creates a new user in your tenancy.

        For conceptual information about users, your tenancy, and other IAM Service components, see Overview of IAM.

        You must specify your tenancy's OCID as the compartment ID in the request object (remember that the tenancy is simply the root compartment). Notice that IAM resources (users, groups, compartments, and some policies) reside within the tenancy itself, unlike cloud resources such as compute instances, which typically reside within compartments inside the tenancy. For information about OCIDs, see [Resource Identifiers](https://docs.oracle.com/iaas/Content/General/Concepts/identifiers.htm).

        You must also specify a *name* for the user, which must be unique across all users in your tenancy and cannot be changed. Allowed characters: No spaces. Only letters, numerals, hyphens, periods, underscores, +, and @. If you specify a name that's already in use, you'll get a 409 error. This name will be the user's login to the Console. You might want to pick a name that your company's own identity system (e.g., Active Directory, LDAP, etc.) already uses. If you delete a user and then create a new user with the same name, they'll be considered different users because they have different OCIDs.

        You must also specify a *description* for the user (although it can be an empty string). It does not have to be unique, and you can change it anytime with updateUser. You can use the field to provide the user's full name, a description, a nickname, or other information to generally identify the user.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        A new user has no permissions until you place the user in one or more groups (see addUserToGroup). If the user needs to access the Console, you need to provide the user a password (see createOrResetUIPassword). If the user needs to access the Oracle Cloud Infrastructure REST API, you need to upload a public API signing key for that user (see [Required Keys and OCIDs](https://docs.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm) and also uploadApiKey).

        *Important:** Make sure to inform the new user which compartment(s) they have access to.

        Specified by:
        createUser in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deactivateDomain

        public DeactivateDomainResponse deactivateDomain​(DeactivateDomainRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Deactivates the specified identity domain.

        Identity domains must be in an ACTIVE lifecycleState and have no active apps present in the domain or underlying Identity Cloud Service stripe. You cannot deactivate the default identity domain.

        After you send your request, the `lifecycleDetails` of this identity domain is set to DEACTIVATING. When the operation completes, then the `lifecycleDetails` is set to null and the `lifecycleState` is set to INACTIVE.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        deactivateDomain in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteApiKey

        public DeleteApiKeyResponse deleteApiKey​(DeleteApiKeyRequest request)
        Description copied from interface: Identity
        Deletes the specified API signing key for the specified user.

        Every user has permission to use this operation to delete a key for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to delete a key for any user, including themselves.

        Specified by:
        deleteApiKey in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteAuthToken

        public DeleteAuthTokenResponse deleteAuthToken​(DeleteAuthTokenRequest request)
        Description copied from interface: Identity
        Deletes the specified auth token for the specified user.
        Specified by:
        deleteAuthToken in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteCompartment

        public DeleteCompartmentResponse deleteCompartment​(DeleteCompartmentRequest request)
        Description copied from interface: Identity
        Deletes the specified compartment.

        The compartment must be empty.

        Specified by:
        deleteCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteDomain

        public DeleteDomainResponse deleteDomain​(DeleteDomainRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Deletes an identity domain.

        The identity domain must have no active apps present in the underlying IDCS stripe. You must also deactivate the identity domain, rendering the lifecycleState of the identity domain INACTIVE. Furthermore, as the authenticated user performing the operation, you cannot be a member of the identity domain you are deleting. Lastly, you cannot delete the default identity domain. A tenancy must always have at least the default identity domain.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        deleteDomain in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteGroup

        public DeleteGroupResponse deleteGroup​(DeleteGroupRequest request)
        Description copied from interface: Identity
        Deletes the specified group.

        The group must be empty.

        Specified by:
        deleteGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deletePolicy

        public DeletePolicyResponse deletePolicy​(DeletePolicyRequest request)
        Description copied from interface: Identity
        Deletes the specified policy.

        The deletion takes effect typically within 10 seconds.

        Specified by:
        deletePolicy in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteTag

        public DeleteTagResponse deleteTag​(DeleteTagRequest request)
        Description copied from interface: Identity
        Deletes the specified tag definition.

        This operation triggers a process that removes the tag from all resources in your tenancy.

        These things happen immediately: * If the tag was a cost-tracking tag, it no longer counts against your 10 cost-tracking tags limit, whether you first disabled it or not. * If the tag was used with dynamic groups, none of the rules that contain the tag will be evaluated against the tag.

        When you start the delete operation, the state of the tag changes to DELETING and tag removal from resources begins. This can take up to 48 hours depending on the number of resources that were tagged as well as the regions in which those resources reside.

        When all tags have been removed, the state changes to DELETED. You cannot restore a deleted tag. Once the deleted tag changes its state to DELETED, you can use the same tag name again.

        After you start this operation, you cannot start either the bulkDeleteTags or the cascadeDeleteTagNamespace operation until this process completes.

        To delete a tag, you must first retire it. Use updateTag to retire a tag.

        Specified by:
        deleteTag in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteTagNamespace

        public DeleteTagNamespaceResponse deleteTagNamespace​(DeleteTagNamespaceRequest request)
        Description copied from interface: Identity
        Deletes the specified tag namespace.

        Only an empty tag namespace can be deleted with this operation. To use this operation to delete a tag namespace that contains tag definitions, first delete all of its tag definitions.

        Use cascadeDeleteTagNamespace to delete a tag namespace along with all of the tag definitions contained within that namespace.

        Use deleteTag to delete a tag definition.

        Specified by:
        deleteTagNamespace in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • deleteUser

        public DeleteUserResponse deleteUser​(DeleteUserRequest request)
        Description copied from interface: Identity
        Deletes the specified user.

        The user must not be in any groups.

        Specified by:
        deleteUser in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • enableReplicationToRegion

        public EnableReplicationToRegionResponse enableReplicationToRegion​(EnableReplicationToRegionRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Replicates the identity domain to a new region (provided that the region is the tenancy home region or other region that the tenancy subscribes to).

        You can only replicate identity domains that are in an ACTIVE lifecycleState and not currently updating or already replicating. You also can only trigger the replication of secondary identity domains. The default identity domain is automatically replicated to all regions that the tenancy subscribes to.

        After you send the request, the `state` of the identity domain in the replica region is set to ENABLING_REPLICATION. When the operation completes, the `state` is set to REPLICATION_ENABLED.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        enableReplicationToRegion in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getAuthenticationPolicy

        public GetAuthenticationPolicyResponse getAuthenticationPolicy​(GetAuthenticationPolicyRequest request)
        Description copied from interface: Identity
        Gets the authentication policy for the given tenancy.

        You must specify your tenant’s OCID as the value for the compartment ID (remember that the tenancy is simply the root compartment).

        Specified by:
        getAuthenticationPolicy in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getCompartment

        public GetCompartmentResponse getCompartment​(GetCompartmentRequest request)
        Description copied from interface: Identity
        Gets the specified compartment’s information.

        This operation does not return a list of all the resources inside the compartment. There is no single API operation that does that. Compartments can contain multiple types of resources (instances, block storage volumes, etc.). To find out what's in a compartment, you must call the \"List\" operation for each resource type and specify the compartment's OCID as a query parameter in the request. For example, call the listInstances operation in the Cloud Compute Service or the listVolumes operation in Cloud Block Storage.

        Specified by:
        getCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getDomain

        public GetDomainResponse getDomain​(GetDomainRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Gets the specified identity domain’s information.
        Specified by:
        getDomain in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getDynamicGroup

        public GetDynamicGroupResponse getDynamicGroup​(GetDynamicGroupRequest request)
        Description copied from interface: Identity
        Gets the specified dynamic group’s information.
        Specified by:
        getDynamicGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getGroup

        public GetGroupResponse getGroup​(GetGroupRequest request)
        Description copied from interface: Identity
        Gets the specified group’s information.

        This operation does not return a list of all the users in the group. To do that, use listUserGroupMemberships and provide the group's OCID as a query parameter in the request.

        Specified by:
        getGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getIamWorkRequest

        public GetIamWorkRequestResponse getIamWorkRequest​(GetIamWorkRequestRequest request)
        Description copied from interface: Identity
        Gets the details of a specified IAM work request.

        The workRequestID is returned in the opc-workrequest-id header for any asynchronous operation in the Identity and Access Management service.

        Specified by:
        getIamWorkRequest in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getMfaTotpDevice

        public GetMfaTotpDeviceResponse getMfaTotpDevice​(GetMfaTotpDeviceRequest request)
        Description copied from interface: Identity
        Get the specified MFA TOTP device for the specified user.
        Specified by:
        getMfaTotpDevice in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getNetworkSource

        public GetNetworkSourceResponse getNetworkSource​(GetNetworkSourceRequest request)
        Description copied from interface: Identity
        Gets the specified network source’s information.
        Specified by:
        getNetworkSource in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getPolicy

        public GetPolicyResponse getPolicy​(GetPolicyRequest request)
        Description copied from interface: Identity
        Gets the specified policy’s information.
        Specified by:
        getPolicy in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getTag

        public GetTagResponse getTag​(GetTagRequest request)
        Description copied from interface: Identity
        Gets the specified tag’s information.
        Specified by:
        getTag in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getTagDefault

        public GetTagDefaultResponse getTagDefault​(GetTagDefaultRequest request)
        Description copied from interface: Identity
        Retrieves the specified tag default.
        Specified by:
        getTagDefault in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getTagNamespace

        public GetTagNamespaceResponse getTagNamespace​(GetTagNamespaceRequest request)
        Description copied from interface: Identity
        Gets the specified tag namespace’s information.
        Specified by:
        getTagNamespace in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getTaggingWorkRequest

        public GetTaggingWorkRequestResponse getTaggingWorkRequest​(GetTaggingWorkRequestRequest request)
        Description copied from interface: Identity
        Gets details on a specified work request.

        The workRequestID is returned in the opc-workrequest-id header for any asynchronous operation in tagging service.

        Specified by:
        getTaggingWorkRequest in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getTenancy

        public GetTenancyResponse getTenancy​(GetTenancyRequest request)
        Description copied from interface: Identity
        Get the specified tenancy’s information.
        Specified by:
        getTenancy in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getUser

        public GetUserResponse getUser​(GetUserRequest request)
        Description copied from interface: Identity
        Gets the specified user’s information.
        Specified by:
        getUser in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getUserUIPasswordInformation

        public GetUserUIPasswordInformationResponse getUserUIPasswordInformation​(GetUserUIPasswordInformationRequest request)
        Description copied from interface: Identity
        Gets the specified user’s console password information.

        The returned object contains the user’s OCID, but not the password itself. The actual password is returned only when created or reset.

        Specified by:
        getUserUIPasswordInformation in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getWorkRequest

        public GetWorkRequestResponse getWorkRequest​(GetWorkRequestRequest request)
        Description copied from interface: Identity
        Gets details on a specified work request.

        The workRequestID is returned in the opc-workrequest-id header for any asynchronous operation in the compartment service.

        Specified by:
        getWorkRequest in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • importStandardTags

        public ImportStandardTagsResponse importStandardTags​(ImportStandardTagsRequest request)
        Description copied from interface: Identity
        OCI will release Tag Namespaces that our customers can import.

        These Tag Namespaces will provide Tags for our customers and Partners to provide consistency and enable data reporting.

        Specified by:
        importStandardTags in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listAllowedDomainLicenseTypes

        public ListAllowedDomainLicenseTypesResponse listAllowedDomainLicenseTypes​(ListAllowedDomainLicenseTypesRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Lists the license types for identity domains supported by Oracle Cloud Infrastructure.

        (License types are also referred to as domain types.)

        If `currentLicenseTypeName` is provided, then the request returns license types that the identity domain with the specified license type name can change to. Otherwise, the request returns all valid license types currently supported.

        Specified by:
        listAllowedDomainLicenseTypes in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listApiKeys

        public ListApiKeysResponse listApiKeys​(ListApiKeysRequest request)
        Description copied from interface: Identity
        Lists the API signing keys for the specified user.

        A user can have a maximum of three keys.

        Every user has permission to use this API call for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability.

        Specified by:
        listApiKeys in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listAuthTokens

        public ListAuthTokensResponse listAuthTokens​(ListAuthTokensRequest request)
        Description copied from interface: Identity
        Lists the auth tokens for the specified user.

        The returned object contains the token’s OCID, but not the token itself. The actual token is returned only upon creation.

        Specified by:
        listAuthTokens in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listAvailabilityDomains

        public ListAvailabilityDomainsResponse listAvailabilityDomains​(ListAvailabilityDomainsRequest request)
        Description copied from interface: Identity
        Lists the availability domains in your tenancy.

        Specify the OCID of either the tenancy or another of your compartments as the value for the compartment ID (remember that the tenancy is simply the root compartment). See Where to Get the Tenancy’s OCID and User’s OCID. Note that the order of the results returned can change if availability domains are added or removed; therefore, do not create a dependency on the list order.

        Specified by:
        listAvailabilityDomains in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listBulkActionResourceTypes

        public ListBulkActionResourceTypesResponse listBulkActionResourceTypes​(ListBulkActionResourceTypesRequest request)
        Description copied from interface: Identity
        Lists the resource-types supported by compartment bulk actions.

        Use this API to help you provide the correct resource-type information to the bulkDeleteResources and bulkMoveResources operations. The returned list of resource-types provides the appropriate resource-type names to use with the bulk action operations along with the type of identifying information you’ll need to provide for each resource-type. Most resource-types just require an OCID to identify a specific resource, but some resource-types, such as buckets, require you to provide other identifying information.

        Specified by:
        listBulkActionResourceTypes in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listCompartments

        public ListCompartmentsResponse listCompartments​(ListCompartmentsRequest request)
        Description copied from interface: Identity
        Lists the compartments in a specified compartment.

        The members of the list returned depends on the values set for several parameters.

        With the exception of the tenancy (root compartment), the ListCompartments operation returns only the first-level child compartments in the parent compartment specified in `compartmentId`. The list does not include any subcompartments of the child compartments (grandchildren).

        The parameter `accessLevel` specifies whether to return only those compartments for which the requestor has INSPECT permissions on at least one resource directly or indirectly (the resource can be in a subcompartment).

        The parameter `compartmentIdInSubtree` applies only when you perform ListCompartments on the tenancy (root compartment). When set to true, the entire hierarchy of compartments can be returned. To get a full list of all compartments and subcompartments in the tenancy (root compartment), set the parameter `compartmentIdInSubtree` to true and `accessLevel` to ANY.

        See [Where to Get the Tenancy's OCID and User's OCID](https://docs.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five).

        Specified by:
        listCompartments in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listCustomerSecretKeys

        public ListCustomerSecretKeysResponse listCustomerSecretKeys​(ListCustomerSecretKeysRequest request)
        Description copied from interface: Identity
        Lists the secret keys for the specified user.

        The returned object contains the secret key’s OCID, but not the secret key itself. The actual secret key is returned only upon creation.

        Specified by:
        listCustomerSecretKeys in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listDbCredentials

        public ListDbCredentialsResponse listDbCredentials​(ListDbCredentialsRequest request)
        Description copied from interface: Identity
        Lists the DB credentials for the specified user.

        The returned object contains the credential’s OCID

        Specified by:
        listDbCredentials in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listDomains

        public ListDomainsResponse listDomains​(ListDomainsRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Lists all identity domains within a tenancy.
        Specified by:
        listDomains in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listIamWorkRequestErrors

        public ListIamWorkRequestErrorsResponse listIamWorkRequestErrors​(ListIamWorkRequestErrorsRequest request)
        Description copied from interface: Identity
        Gets error details for a specified IAM work request.

        The workRequestID is returned in the opc-workrequest-id header for any asynchronous operation in the Identity and Access Management service.

        Specified by:
        listIamWorkRequestErrors in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listIamWorkRequestLogs

        public ListIamWorkRequestLogsResponse listIamWorkRequestLogs​(ListIamWorkRequestLogsRequest request)
        Description copied from interface: Identity
        Gets logs for a specified IAM work request.

        The workRequestID is returned in the opc-workrequest-id header for any asynchronous operation in the Identity and Access Management service.

        Specified by:
        listIamWorkRequestLogs in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listIamWorkRequests

        public ListIamWorkRequestsResponse listIamWorkRequests​(ListIamWorkRequestsRequest request)
        Description copied from interface: Identity
        Lists the IAM work requests in compartment.

        The workRequestID is returned in the opc-workrequest-id header for any asynchronous operation in the Identity and Access Management service.

        Specified by:
        listIamWorkRequests in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listIdentityProviders

        public ListIdentityProvidersResponse listIdentityProviders​(ListIdentityProvidersRequest request)
        Description copied from interface: Identity
        Deprecated. For more information, see Deprecated IAM Service APIs.

        Lists all the identity providers in your tenancy. You must specify the identity provider type (e.g., `SAML2` for identity providers using the SAML2.0 protocol). You must specify your tenancy's OCID as the value for the compartment ID (remember that the tenancy is simply the root compartment). See [Where to Get the Tenancy's OCID and User's OCID](https://docs.oracle.com/iaas/Content/API/Concepts/apisigningkey.htm#five).

        Specified by:
        listIdentityProviders in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listMfaTotpDevices

        public ListMfaTotpDevicesResponse listMfaTotpDevices​(ListMfaTotpDevicesRequest request)
        Description copied from interface: Identity
        Lists the MFA TOTP devices for the specified user.

        The returned object contains the device’s OCID, but not the seed. The seed is returned only upon creation or when the IAM service regenerates the MFA seed for the device.

        Specified by:
        listMfaTotpDevices in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listPolicies

        public ListPoliciesResponse listPolicies​(ListPoliciesRequest request)
        Description copied from interface: Identity
        Lists the policies in the specified compartment (either the tenancy or another of your compartments).

        See Where to Get the Tenancy’s OCID and User’s OCID.

        To determine which policies apply to a particular group or compartment, you must view the individual statements inside all your policies. There isn't a way to automatically obtain that information via the API.

        Specified by:
        listPolicies in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listRegions

        public ListRegionsResponse listRegions​(ListRegionsRequest request)
        Description copied from interface: Identity
        Lists all the regions offered by Oracle Cloud Infrastructure.
        Specified by:
        listRegions in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listSmtpCredentials

        public ListSmtpCredentialsResponse listSmtpCredentials​(ListSmtpCredentialsRequest request)
        Description copied from interface: Identity
        Lists the SMTP credentials for the specified user.

        The returned object contains the credential’s OCID, the SMTP user name but not the SMTP password. The SMTP password is returned only upon creation.

        Specified by:
        listSmtpCredentials in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listSwiftPasswords

        public ListSwiftPasswordsResponse listSwiftPasswords​(ListSwiftPasswordsRequest request)
        Description copied from interface: Identity
        **Deprecated.

        Use listAuthTokens instead.**

        Lists the Swift passwords for the specified user. The returned object contains the password's OCID, but not the password itself. The actual password is returned only upon creation.

        Specified by:
        listSwiftPasswords in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listTagDefaults

        public ListTagDefaultsResponse listTagDefaults​(ListTagDefaultsRequest request)
        Description copied from interface: Identity
        Lists the tag defaults for tag definitions in the specified compartment.
        Specified by:
        listTagDefaults in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listTagNamespaces

        public ListTagNamespacesResponse listTagNamespaces​(ListTagNamespacesRequest request)
        Description copied from interface: Identity
        Lists the tag namespaces in the specified compartment.
        Specified by:
        listTagNamespaces in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listTags

        public ListTagsResponse listTags​(ListTagsRequest request)
        Description copied from interface: Identity
        Lists the tag definitions in the specified tag namespace.
        Specified by:
        listTags in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • listUserGroupMemberships

        public ListUserGroupMembershipsResponse listUserGroupMemberships​(ListUserGroupMembershipsRequest request)
        Description copied from interface: Identity
        Lists the UserGroupMembership objects in your tenancy.

        You must specify your tenancy’s OCID as the value for the compartment ID (see Where to Get the Tenancy’s OCID and User’s OCID). You must also then filter the list in one of these ways:

        - You can limit the results to just the memberships for a given user by specifying a `userId`. - Similarly, you can limit the results to just the memberships for a given group by specifying a `groupId`. - You can set both the `userId` and `groupId` to determine if the specified user is in the specified group. If the answer is no, the response is an empty list. - Although`userId` and `groupId` are not individually required, you must set one of them.

        Specified by:
        listUserGroupMemberships in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • moveCompartment

        public MoveCompartmentResponse moveCompartment​(MoveCompartmentRequest request)
        Description copied from interface: Identity
        Move the compartment to a different parent compartment in the same tenancy.

        When you move a compartment, all its contents (subcompartments and resources) are moved with it. Note that the CompartmentId that you specify in the path is the compartment that you want to move.

        *IMPORTANT**: After you move a compartment to a new parent compartment, the access policies of the new parent take effect and the policies of the previous parent no longer apply. Ensure that you are aware of the implications for the compartment contents before you move it. For more information, see [Moving a Compartment](https://docs.oracle.com/iaas/Content/Identity/compartments/managingcompartments.htm#MoveCompartment).

        Specified by:
        moveCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • removeUserFromGroup

        public RemoveUserFromGroupResponse removeUserFromGroup​(RemoveUserFromGroupRequest request)
        Description copied from interface: Identity
        Removes a user from a group by deleting the corresponding UserGroupMembership.
        Specified by:
        removeUserFromGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • resetIdpScimClient

        public ResetIdpScimClientResponse resetIdpScimClient​(ResetIdpScimClientRequest request)
        Description copied from interface: Identity
        Resets the OAuth2 client credentials for the SCIM client associated with this identity provider.
        Specified by:
        resetIdpScimClient in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateAuthToken

        public UpdateAuthTokenResponse updateAuthToken​(UpdateAuthTokenRequest request)
        Description copied from interface: Identity
        Updates the specified auth token’s description.
        Specified by:
        updateAuthToken in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateCompartment

        public UpdateCompartmentResponse updateCompartment​(UpdateCompartmentRequest request)
        Description copied from interface: Identity
        Updates the specified compartment’s description or name.

        You can’t update the root compartment.

        Specified by:
        updateCompartment in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateDomain

        public UpdateDomainResponse updateDomain​(UpdateDomainRequest request)
        Description copied from interface: Identity
        (For tenancies that support identity domains) Updates identity domain information and the associated Identity Cloud Service (IDCS) stripe.

        To track the progress of the request, submitting an HTTP GET on the /iamWorkRequests/{iamWorkRequestsId} endpoint retrieves the operation's status.

        Specified by:
        updateDomain in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateGroup

        public UpdateGroupResponse updateGroup​(UpdateGroupRequest request)
        Description copied from interface: Identity
        Updates the specified group.
        Specified by:
        updateGroup in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updatePolicy

        public UpdatePolicyResponse updatePolicy​(UpdatePolicyRequest request)
        Description copied from interface: Identity
        Updates the specified policy.

        You can update the description or the policy statements themselves.

        Policy changes take effect typically within 10 seconds.

        Specified by:
        updatePolicy in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateTag

        public UpdateTagResponse updateTag​(UpdateTagRequest request)
        Description copied from interface: Identity
        Updates the specified tag definition.

        Setting `validator` determines the value type. Tags can use either a static value or a list of possible values. Static values are entered by a user applying the tag to a resource. Lists are created by you and the user must apply a value from the list. On update, any values in a list that were previously set do not change, but new values must pass validation. Values already applied to a resource do not change.

        You cannot remove list values that appear in a TagDefault. To remove a list value that appears in a TagDefault, first update the TagDefault to use a different value.

        Specified by:
        updateTag in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateTagDefault

        public UpdateTagDefaultResponse updateTagDefault​(UpdateTagDefaultRequest request)
        Description copied from interface: Identity
        Updates the specified tag default.

        If you specify that a value is required, a value is set during resource creation (either by the user creating the resource or another tag defualt). If no value is set, resource creation is blocked.

        If the `isRequired` flag is set to \"true\", the value is set during resource creation. * If the `isRequired` flag is set to \"false\", the value you enter is set during resource creation.

        Specified by:
        updateTagDefault in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateTagNamespace

        public UpdateTagNamespaceResponse updateTagNamespace​(UpdateTagNamespaceRequest request)
        Description copied from interface: Identity
        Updates the the specified tag namespace.

        You can’t update the namespace name.

        Updating `isRetired` to 'true' retires the namespace and all the tag definitions in the namespace. Reactivating a namespace (changing `isRetired` from 'true' to 'false') does not reactivate tag definitions. To reactivate the tag definitions, you must reactivate each one individually *after* you reactivate the namespace, using updateTag. For more information about retiring tag namespaces, see [Retiring Key Definitions and Namespace Definitions](https://docs.oracle.com/iaas/Content/Tagging/Tasks/managingtagsandtagnamespaces.htm#retiringkeys).

        You can't add a namespace with the same name as a retired namespace in the same tenancy.

        Specified by:
        updateTagNamespace in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateUser

        public UpdateUserResponse updateUser​(UpdateUserRequest request)
        Description copied from interface: Identity
        Updates the description of the specified user.
        Specified by:
        updateUser in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • updateUserState

        public UpdateUserStateResponse updateUserState​(UpdateUserStateRequest request)
        Description copied from interface: Identity
        Updates the state of the specified user.
        Specified by:
        updateUserState in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • uploadApiKey

        public UploadApiKeyResponse uploadApiKey​(UploadApiKeyRequest request)
        Description copied from interface: Identity
        Uploads an API signing key for the specified user.

        Every user has permission to use this operation to upload a key for *their own user ID*. An administrator in your organization does not need to write a policy to give users this ability. To compare, administrators who have permission to the tenancy can use this operation to upload a key for any user, including themselves.

        *Important:** Even though you have permission to upload an API key, you might not yet have permission to do much else. If you try calling an operation unrelated to your own credential management (e.g., `ListUsers`, `LaunchInstance`) and receive an \"unauthorized\" error, check with an administrator to confirm which IAM Service group(s) you're in and what access you have. Also confirm you're working in the correct compartment.

        After you send your request, the new object's `lifecycleState` will temporarily be CREATING. Before using the object, first make sure its `lifecycleState` has changed to ACTIVE.

        Specified by:
        uploadApiKey in interface Identity
        Parameters:
        request - The request object containing the details to send
        Returns:
        A response object containing details about the completed operation

      • getWaiters

        public IdentityWaiters getWaiters()
        Description copied from interface: Identity
        Gets the pre-configured waiters available for resources for this service.
        Specified by:
        getWaiters in interface Identity
        Returns:
        The service waiters.

      • getPaginators

        public IdentityPaginators getPaginators()
        Description copied from interface: Identity
        Gets the pre-configured paginators available for list operations in this service which may return multiple pages of data.

        These paginators provide an Iterable interface so that service responses, or resources/records, can be iterated through without having to manually deal with pagination and page tokens.

        Specified by:
        getPaginators in interface Identity
        Returns:
        The service paginators.

      • useRealmSpecificEndpointTemplate

        public void useRealmSpecificEndpointTemplate​(boolean useOfRealmSpecificEndpointTemplateEnabled)
        This method should be used to enable or disable the use of realm-specific endpoint template.

        The default value is null. To enable the use of endpoint template defined for the realm in use, set the flag to true To disable the use of endpoint template defined for the realm in use, set the flag to false

        Parameters:
        useOfRealmSpecificEndpointTemplateEnabled - This flag can be set to true or false to enable or disable the use of realm-specific endpoint template respectively

      • populateServiceParametersInEndpoint

        public final void populateServiceParametersInEndpoint​(String endpoint,
                                                      Map<String,​Object> requiredParametersMap)
        Populate the parameters in the endpoint with its corresponding value and update the base endpoint.

        The value will be populated iff the parameter in endpoint is a required request path parameter or a required request query parameter. If not, the parameter in the endpoint will be ignored and left blank.

        Parameters:
        endpoint - The endpoint template in use
        requiredParametersMap - Map of parameter name as key and value set in request path or query parameter as value

      • updateBaseEndpoint

        public final void updateBaseEndpoint​(String endpoint)
        This method should be used for parameterized endpoint templates only.

        This does not include {region} and {secondLevelDomain} parameters.

        Parameters:
        endpoint - The updated endpoint to use

      • setEndpoint

        public final void setEndpoint​(String endpoint)

      • getEndpoint

        public final String getEndpoint()

      • refreshClient

        public final void refreshClient()
        Rebuild the backing HttpClient.

        This will call ClientConfigurators again, and can be used to e.g. refresh the SSL certificate.

      • getClientCommonLibraryVersion

        public String getClientCommonLibraryVersion()

      • getMinimumClientCommonLibraryVersionFromClient

        public Optional<String> getMinimumClientCommonLibraryVersionFromClient()