vcfa_iam

VCF Automation — IAM (CSP gateway-side identity).

The CSP gateway exposes org-level identity primitives: organizations, users, and the role bindings between them. This client targets the role-binding surface (the “IAM configuration” most operators care about); see saltext.vcf.clients.vcfa_custom_role for role definitions.

Endpoints:

  • GET    /csp/gateway/am/api/loggedin/user/orgs — orgs the caller can see

  • GET    /csp/gateway/am/api/orgs/{orgId} — org metadata

  • GET    /csp/gateway/am/api/orgs/{orgId}/users — org users

  • GET    /csp/gateway/am/api/orgs/{orgId}/users/{userId}/roles — a user’s roles

  • PATCH  /csp/gateway/am/api/orgs/{orgId}/users/{userId}/roles — add/remove bindings

saltext.vcf.clients.vcfa_iam.list_orgs(opts, profile=None)[source]

Return the orgs visible to the authenticated caller.

saltext.vcf.clients.vcfa_iam.get_user_roles(opts, org_id, user_id, profile=None)[source]

Return the role-binding list for user_id in org_id.

saltext.vcf.clients.vcfa_iam.patch_user_roles(opts, org_id, user_id, *, add=None, remove=None, profile=None)[source]

Mutate role bindings via the CSP patch endpoint.

add and remove are lists of {name, resource} role references. Either or both may be supplied; an empty patch is rejected by the server.