wxc_sdk.scim.groups package
- class wxc_sdk.scim.groups.ScimGroup(*, schemas: list[str] | None = None, displayName: str | None = None, id: str | None = None, externalId: str | None = None, members: list[ScimGroupMember] | None = None, meta: GroupMeta | None = None, webex_group: WebexGroup | None = None, **extra_data: Any)[source]
Bases:
ApiModel- schemas: list[str] | None
Input JSON schemas.
- display_name: str | None
A human-readable name for the group.
- id: str | None
A unique identifier for the group.
- external_id: str | None
An identifier for the resource as defined by the provisioning client.
- members: list[ScimGroupMember] | None
A list of members of this group.
- webex_group: WebexGroup | None
The Cisco extention of SCIM 2
- class wxc_sdk.scim.groups.ScimGroupMember(*, type: str | None = None, value: str | None = None, display: str | None = None, ref: str | None = None, **extra_data: Any)[source]
Bases:
ApiModel- type: str | None
A label indicating the type of resource, for example user, machine, or group.
- value: str | None
The identifier of the member of this Group.
- display: str | None
A human-readable name for the group member.
- ref: str | None
The URI corresponding to a SCIM resource that is a member of this Group.
- class wxc_sdk.scim.groups.WebexGroup(*, usage: str | None = None, owners: list[WebexGroupOwner] | None = None, managedBy: list[ManagedBy] | None = None, provisionSource: str | None = None, meta: WebexGroupMeta | None = None, **extra_data: Any)[source]
Bases:
ApiModel- usage: str | None
The identifier of this group.
- owners: list[WebexGroupOwner] | None
The owners of this group.
- provision_source: str | None
The identifier of the source.
- meta: WebexGroupMeta | None
Response metadata.
- class wxc_sdk.scim.groups.WebexGroupMeta(*, organizationId: str | None = None, **extra_data: Any)[source]
Bases:
ApiModel- organization_id: str | None
The ID of the organization to which this group belongs.
- class wxc_sdk.scim.groups.GroupMemberObject(*, value: str | None = None, type: str | None = None, **extra_data: Any)[source]
Bases:
ApiModel- value: str | None
The identifier of the member of this Group.
- type: str | None
A label indicating the type of resource, for example user, machine, or group.
- class wxc_sdk.scim.groups.GroupMemberResponse(*, schemas: list[str] | None = None, displayName: str | None = None, memberSize: int | None = None, itemsPerPage: int | None = None, startIndex: int | None = None, members: list[ScimGroupMember] = <factory>, **extra_data: Any)[source]
Bases:
ApiModel- schemas: list[str] | None
Input JSON schemas.
- display_name: str | None
A human-readable name for the group.
- member_size: int | None
Total number of groups in search results.
- items_per_page: int | None
The total number of items in a paged result.
- start_index: int | None
Start at the one-based offset in the list of matching groups.
- members: list[ScimGroupMember]
A list of members of this group.
- class wxc_sdk.scim.groups.ManagedBy(*, orgId: str | None = None, type: str | None = None, id: str | None = None, role: str | None = None, **extra_data: Any)[source]
Bases:
ApiModel- org_id: str | None
The Organization identifier of the resource.
- type: str | None
The resource type.
- id: str | None
The identifier of the resource.
- role: str | None
The delegated role.
- class wxc_sdk.scim.groups.GroupMeta(*, resourceType: MetaObjectResourceType | None = None, created: datetime | None = None, lastModified: datetime | None = None, version: str | None = None, location: str | None = None, **extra_data: Any)[source]
Bases:
ApiModel- resource_type: MetaObjectResourceType | None
- created: datetime | None
The date and time the group was created.
- last_modified: datetime | None
The date and time the group was last changed.
- version: str | None
The version of the group.
- location: str | None
The resource itself.
- class wxc_sdk.scim.groups.MetaObjectResourceType(*values)[source]
Bases:
str,SafeEnumAn enumeration.
- group = 'Group'
- user = 'User'
- class wxc_sdk.scim.groups.WebexGroupOwner(*, value: str | None = None, **extra_data: Any)[source]
Bases:
ApiModel- value: str | None
The identifier of the owner of this group.
- class wxc_sdk.scim.groups.SCIM2GroupsApi(*, session: RestSession, base: str = None)[source]
Bases:
ScimApiChildSCIM 2 Groups
Implementation of the SCIM 2.0 group part for group management in a standards based manner. Please also see the SCIM Specification. The schema and API design follows the standard SCIM 2.0 definition with detailed in SCIM 2.0 schema and `SCIM 2.0 Protocol
- create(org_id: str, group: ScimGroup) ScimGroup[source]
Create a group
Create a new group for a given organization. The group may optionally be created with group members.
Authorization
OAuth token returned by Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
The following administrators can use this API:
id_full_admin
id_group_admin
Usage:
The input JSON must conform to one of the following schemas:
urn:ietf:params:scim:schemas:core:2.0:Group
urn:scim:schemas:extension:cisco:webexidentity:2.0:Group
Unrecognized schemas (ID/section) are ignored.
Read-only attributes provided as input values are ignored.
- details(org_id: str, group_id: str, excluded_attributes: str = None) ScimGroup[source]
Get a group
Retrieve details for a group, by ID.
Optionally, members can be retrieved with this request. The maximum number of members returned is 500.
Authorization
OAuth token rendered by Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
identity:people_read
The following administrators can use this API:
id_full_admin
id_group_admin
id_readonly_admin
id_device_admin
- Parameters:
org_id (str) – The ID of the organization to which this group belongs. If not specified, the organization ID from the OAuth token is used.
group_id (str) – A unique identifier for the group.
excluded_attributes (str) – Attributes to be excluded from the return.
- Return type:
- search(org_id: str, filter: str = None, excluded_attributes: str = None, attributes: str = None, start_index: int = None, count: int = None, sort_by: str = None, sort_order: str = None, include_members: bool = None, member_type: str = None) SearchGroupResponse[source]
Search groups
Retrieve a list of groups in the organization.
Long result sets are split into pages.
Authorization
An OAuth token rendered by Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
identity:people_read
The following administrators can use this API:
id_full_admin
id_group_admin
id_readonly_admin
id_device_admin
- Parameters:
org_id (str) – The ID of the organization to which this group belongs. If not specified, the organization ID from the OAuth token is used.
filter (str) –
The url encoded filter. The example content is ‘displayName Eq “group1@example.com” or displayName Eq “group2@example.com”’.
For more filter patterns, see https://datatracker.ietf.org/doc/html/rfc7644#section-3.4.2.2. If the value is empty, the API returns all groups under the organization.
excluded_attributes (str) – Attributes to be excluded from the return.
attributes (str) – The attributes to return.
start_index (int) – An integer indicating the 1-based index of the first query result. The default is 1.
count (int) – An integer indicating the desired maximum number of query results per page. The default is 100.
sort_by (str) – A string indicating the attribute whose value be used to order the returned responses. Now we only allow displayName, id, meta.lastModified to sort.
sort_order (str) – A string indicating the order in which the sortBy parameter is applied. Allowed values are ascending and descending.
include_members (bool) – Default “false”. If false, no members returned.
member_type (str) – Filter the members by member type. Sample data: user, machine, group.
- Return type:
- search_all(org_id: str, filter: str = None, excluded_attributes: str = None, attributes: str = None, count: int = None, sort_by: str = None, sort_order: str = None, include_members: bool = None, member_type: str = None) Generator[ScimGroup, None, None][source]
Same operation as search() but returns a generator of ScimGroups instead of paginated resources
See
SCIM2GroupsApi.search()for parameter documentation- Parameters:
org_id
filter
excluded_attributes
attributes
count
sort_by
sort_order
include_members
member_type
- Returns:
- members(org_id: str, group_id: str, start_index: int = None, count: int = None, member_type: str = None) GroupMemberResponse[source]
Get Group Members
Returns the members of a group.
The default maximum number of members returned is 500.
Control parameters are available to page through the members and to control the size of the results.
Long result sets are split into pages.
Note
Location groups are different from SCIM groups. You cannot search for identities in a location via groups.
Authorization
OAuth token returned by the Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
identity:people_read
The following administrators can use this API:
id_full_admin
id_group_admin
id_readonly_admin
id_device_admin
- Parameters:
org_id (str) – The ID of the organization to which this group belongs. If not specified, the organization ID from the OAuth token is used.
group_id (str) – A unique identifier for the group.
start_index (int) – The index to start for group pagination.
count (int) – Non-negative integer that specifies the desired number of search results per page. The maximum value for the count is 500.
member_type (str) – Filter the members by member type. Sample data: user, machine, group.
- Return type:
- members_all(org_id: str, group_id: str, start_index: int = None, count: int = None, member_type: str = None) Generator[ScimGroupMember, None, None][source]
Same operation as members() but returns a generator of ScimGroupMembers instead of paginated resources
See
SCIM2GroupsApi.members()for parameter documentation- Parameters:
org_id
group_id
start_index
count
member_type
- Returns:
- update(org_id: str, group: ScimGroup) ScimGroup[source]
Update a group with PUT
Replace the contents of the Group.
Authorization
OAuth token returned by Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
The following administrators can use this API:
id_full_admin
id_group_admin
Usage:
The input JSON must conform to one of the following schemas:
urn:ietf:params:scim:schemas:core:2.0:Group
urn:scim:schemas:extension:cisco:webexidentity:2.0:Group
Unrecognized schemas (ID/section) are ignored.
Read-only attributes provided as input values are ignored.
The group id is not changed.
All attributes are cleaned up if a new value is not provided by the client.
The values, meta and created are not changed.
- Parameters:
org_id (str) – The ID of the organization to which this group belongs. If not specified, the organization ID from the OAuth token is used.
- Return type:
- patch(org_id: str, group_id: str, schemas: list[str] = None, operations: list[PatchUserOperation] = None) ScimGroup[source]
Update a group with PATCH
Update group attributes with PATCH.
Authorization
OAuth token returned by Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
The following administrators can use this API:
id_full_admin
id_group_admin
Usage:
The input JSON must conform to one of the following schemas:
urn:ietf:params:scim:schemas:core:2.0:Group
urn:scim:schemas:extension:cisco:webexidentity:2.0:Group
Unrecognized schemas (ID/section) are ignored.
Read-only attributes provided as input values are ignored.
Each operation on an attribute must be compatible with the attribute’s mutability.
5. Each PATCH operation represents a single action to be applied to the same SCIM resource specified by the request URI. Operations are applied sequentially in the order they appear in the array. Each operation in the sequence is applied to the target resource; the resulting resource becomes the target of the next operation. Evaluation continues until all operations are successfully applied or until an error condition is encountered.
Add operations:
The add operation is used to add a new attribute value to an existing resource. The operation must contain a value member whose content specifies the value to be added. The value may be a quoted value, or it may be a JSON object containing the sub-attributes of the complex attribute specified in the operation’s path. The result of the add operation depends upon the target location indicated by path references:
If omitted, the target location is assumed to be the resource itself. The value parameter contains a set of attributes to be added to the resource.
If the target location does not exist, the attribute and value are added.
If the target location specifies a complex attribute, a set of sub-attributes shall be specified in the value parameter.
If the target location specifies a multi-valued attribute, a new value is added to the attribute.
If the target location specifies a single-valued attribute, the existing value is replaced.
If the target location specifies an attribute that does not exist (has no value), the attribute is added with the new value.
If the target location exists, the value is replaced.
If the target location already contains the value specified, no changes should be made to the resource.
Replace operations:
The replace operation replaces the value at the target location specified by the path. The operation performs the following functions, depending on the target location specified by path:
If the path parameter is omitted, the target is assumed to be the resource itself. In this case, the value attribute shall contain a list of one or more attributes that are to be replaced.
If the target location is a single-value attribute, the value of the attribute is replaced.
If the target location is a multi-valued attribute and no filter is specified, the attribute and all values are replaced.
If the target location path specifies an attribute that does not exist, the service provider shall treat the operation as an “add”.
If the target location specifies a complex attribute, a set of sub-attributes SHALL be specified in the value parameter, which replaces any existing values or adds where an attribute did not previously exist. Sub-attributes that are not specified in the value parameters are left unchanged.
If the target location is a multi-valued attribute and a value selection (“valuePath”) filter is specified that matches one or more values of the multi-valued attribute, then all matching record values will be replaced.
If the target location is a complex multi-valued attribute with a value selection filter (“valuePath”) and a specific sub-attribute (e.g., “addresses[type eq “work”].streetAddress”), the matching sub-attribute of all matching records is replaced.
If the target location is a multi-valued attribute for which a value selection filter (“valuePath”) has been supplied and no record match was made, the service provider will indicate the failure by returning HTTP status code 400 and a scimType error code of noTarget.
Remove operations:
The remove operation removes the value at the target location specified by the required attribute path. The operation performs the following functions, depending on the target location specified by path:
If path is unspecified, the operation fails with HTTP status code 400 and a “scimType” error code of “noTarget”.
If the target location is a single-value attribute, the attribute and its associated value is removed, and the attribute will be considered unassigned.
If the target location is a multi-valued attribute and no filter is specified, the attribute and all values are removed, and the attribute SHALL be considered unassigned.
If the target location is a multi-valued attribute and a complex filter is specified comparing a value, the values matched by the filter are removed. If no other values remain after the removal of the selected values, the multi-valued attribute will be considered unassigned.
If the target location is a complex multi-valued attribute and a complex filter is specified based on the attribute`s sub-attributes, the matching records are removed. Sub-attributes whose values have been removed will be considered unassigned. If the complex multi-valued attribute has no remaining records, the attribute will be considered unassigned.
- Parameters:
org_id (str) – The ID of the organization to which this group belongs. If not specified, the organization ID from the OAuth token is used.
group_id (str) – A unique identifier for the group.
schemas (list[str]) – Input JSON schemas.
operations (list[PatchGroupOperations]) – A list of patch operations.
- Return type:
- delete(org_id: str, group_id: str) None[source]
Delete a group
Remove a group from the system.
Authorization
OAuth token rendered by Identity Broker.
One of the following OAuth scopes is required:
identity:people_rw
The following administrators can use this API:
id_full_admin
id_group_admin
- Parameters:
org_id (str) – The ID of the organization to which this group belongs. If not specified, the organization ID from the OAuth token is used.
group_id (str) – A unique identifier for the group.
- Return type:
None
- base = 'identity/scim'
- class wxc_sdk.scim.groups.SearchGroupResponse(*, schemas: list[str] | None = None, totalResults: int | None = None, itemsPerPage: int | None = None, startIndex: int | None = None, Resources: list[ScimGroup] | None = None, **extra_data: Any)[source]
Bases:
ApiModel- schemas: list[str] | None
Input JSON schemas.
- total_results: int | None
Total number of groups in search results.
- items_per_page: int | None
The total number of items in a paged result.
- start_index: int | None
Start at the one-based offset in the list of matching contacts.