/**
 * (C) Copyright IBM Corp. 2025.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
/// <reference types="node" />
import { IncomingHttpHeaders, OutgoingHttpHeaders } from 'http';
import { BaseService, UserOptions } from 'ibm-cloud-sdk-core';
/**
 * The IAM Access Groups API allows for the management of access groups (Create, Read, Update, Delete) as well as the
 * management of memberships and rules within the group container.
 *
 * API Version: 2.0
 */
declare class IamAccessGroupsV2 extends BaseService {
    static DEFAULT_SERVICE_URL: string;
    static DEFAULT_SERVICE_NAME: string;
    /*************************
     * Factory method
     ************************/
    /**
     * Constructs an instance of IamAccessGroupsV2 with passed in options and external configuration.
     *
     * @param {UserOptions} [options] - The parameters to send to the service.
     * @param {string} [options.serviceName] - The name of the service to configure
     * @param {Authenticator} [options.authenticator] - The Authenticator object used to authenticate requests to the service
     * @param {string} [options.serviceUrl] - The base URL for the service
     * @returns {IamAccessGroupsV2}
     */
    static newInstance(options: UserOptions): IamAccessGroupsV2;
    /**
     * Construct a IamAccessGroupsV2 object.
     *
     * @param {Object} options - Options for the service.
     * @param {string} [options.serviceUrl] - The base URL for the service
     * @param {OutgoingHttpHeaders} [options.headers] - Default headers that shall be included with every request to the service.
     * @param {Authenticator} options.authenticator - The Authenticator object used to authenticate requests to the service
     * @constructor
     * @returns {IamAccessGroupsV2}
     */
    constructor(options: UserOptions);
    /*************************
     * accessGroupOperations
     ************************/
    /**
     * Create an access group.
     *
     * Create a new access group to assign multiple users and service ids to multiple policies. The group will be created
     * in the account specified by the `account_id` parameter. The group name is a required field, but a description is
     * optional. Because the group's name does not have to be unique, it is possible to create multiple groups with the
     * same name.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
     * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
     * account_id must match the account of the Authorization token.
     * @param {string} params.name - Give the access group a unique name that doesn't conflict with an existing access
     * group in the account. This field is case-insensitive and has a limit of 100 characters.
     * @param {string} [params.description] - Assign an optional description for the access group. This field has a limit
     * of 250 characters.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>}
     */
    createAccessGroup(params: IamAccessGroupsV2.CreateAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>;
    /**
     * List access groups.
     *
     * This API lists access groups within an account. Parameters for pagination and sorting can be used to filter the
     * results. The `account_id` query parameter determines which account to retrieve groups from. Only the groups you
     * have access to are returned (either because of a policy on a specific group or account level access (admin, editor,
     * or viewer)). There may be more groups in the account that aren't shown if you lack the aforementioned permissions.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
     * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
     * account_id must match the account of the Authorization token.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {string} [params.iamId] - Return groups for member ID (IBMid, service ID or trusted profile ID).
     * @param {string} [params.search] - Use search to filter access groups list by id, name or description.
     * * `search=id:<ACCESS_GROUP_ID>` - To list access groups by id
     * * `search=name:<ACCESS_GROUP_NAME>` - To list access groups by name
     * * `search=description:<ACCESS_GROUP_DESC>` - To list access groups by description.
     * @param {string} [params.membershipType] - Membership type need to be specified along with iam_id and must be either
     * `static`, `dynamic` or `all`. If membership type is `static`, members explicitly added to the group will be shown.
     * If membership type is `dynamic`, members accessing the access group at the moment via dynamic rules will be shown.
     * If membership type is `all`, both static and dynamic members will be shown.
     * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
     * @param {number} [params.offset] - The offset of the first result item to be returned.
     * @param {string} [params.sort] - Sort the results by id, name, description, or is_federated flag.
     * @param {boolean} [params.showFederated] - If show_federated is true, each group listed will return an is_federated
     * value that is set to true if rules exist for the group.
     * @param {boolean} [params.hidePublicAccess] - If hide_public_access is true, do not include the Public Access Group
     * in the results.
     * @param {boolean} [params.showCrn] - If show_crn is true, group CRN will be included in the response.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupsList>>}
     */
    listAccessGroups(params: IamAccessGroupsV2.ListAccessGroupsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupsList>>;
    /**
     * Get an access group.
     *
     * Retrieve an access group by its `access_group_id`. Only the groups data is returned (group name, description,
     * account_id, ...), not membership or rule information. A revision number is returned in the `ETag` header, which is
     * needed when updating the access group.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {boolean} [params.showFederated] - If show_federated is true, the group will return an is_federated value
     * that is set to true if rules exist for the group.
     * @param {boolean} [params.showCrn] - If show_crn is true, group CRN will be included in the response.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>}
     */
    getAccessGroup(params: IamAccessGroupsV2.GetAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>;
    /**
     * Update an access group.
     *
     * Update the group name or description of an existing access group using this API. An `If-Match` header must be
     * populated with the group's most recent revision number (which can be acquired in the `Get an access group` API).
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} params.ifMatch - The current revision number of the group being updated. This can be found in the
     * Create/Get access group response ETag header.
     * @param {string} [params.name] - Give the access group a unique name that doesn't conflict with an existing access
     * group in the account. This field is case-insensitive and has a limit of 100 characters.
     * @param {string} [params.description] - Assign an optional description for the access group. This field has a limit
     * of 250 characters.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>}
     */
    updateAccessGroup(params: IamAccessGroupsV2.UpdateAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Group>>;
    /**
     * Delete an access group.
     *
     * This API is used for deleting an access group. If the access group has no members or rules associated with it, the
     * group and its policies will be deleted. However, if rules or members do exist, set the `force` parameter to true to
     * delete the group as well as its associated members, rules, and policies.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {boolean} [params.force] - If force is true, delete the group as well as its associated members and rules.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    deleteAccessGroup(params: IamAccessGroupsV2.DeleteAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /*************************
     * membershipOperations
     ************************/
    /**
     * Check membership in an access group.
     *
     * This HEAD operation determines if a given `iam_id` is present in a group either explicitly or via dynamic rules. No
     * response body is returned with this request. If the membership exists, a `204 - No Content` status code is
     * returned. If the membership or the group does not exist, a `404 - Not Found` status code is returned.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} params.iamId - The IAM identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    isMemberOfAccessGroup(params: IamAccessGroupsV2.IsMemberOfAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /**
     * Add members to an access group.
     *
     * Use this API to add users (`IBMid-...`), service IDs (`iam-ServiceId-...`) or trusted profiles (`iam-Profile-...`)
     * to an access group. Any member added gains access to resources defined in the group's policies. To revoke a given
     * members's access, simply remove them from the group. There is no limit to the number of members one group can have,
     * but each `iam_id` can only be added to 50 groups. Additionally, this API request payload can add up to 50 members
     * per call.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {AddGroupMembersRequestMembersItem[]} [params.members] - An array of member objects to add to an access
     * group.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddGroupMembersResponse>>}
     */
    addMembersToAccessGroup(params: IamAccessGroupsV2.AddMembersToAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddGroupMembersResponse>>;
    /**
     * List access group members.
     *
     * List all members of a given group using this API. Parameters for pagination and sorting can be used to filter the
     * results. The most useful query parameter may be the `verbose` flag. If `verbose=true`, user, service ID and trusted
     * profile names will be retrieved for each `iam_id`. If performance is a concern, leave the `verbose` parameter off
     * so that name information does not get retrieved.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {string} [params.membershipType] - Filters members by membership type. Filter by `static`, `dynamic` or
     * `all`. `static` lists the members explicitly added to the access group, and `dynamic` lists the members that are
     * part of the access group at that time via dynamic rules. `all` lists both static and dynamic members.
     * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
     * @param {number} [params.offset] - The offset of the first result item to be returned.
     * @param {string} [params.type] - Filter the results by member type.
     * @param {boolean} [params.verbose] - Return user's email and name for each user ID or the name for each service ID
     * or trusted profile.
     * @param {string} [params.sort] - If verbose is true, sort the results by id, name, or email.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupMembersList>>}
     */
    listAccessGroupMembers(params: IamAccessGroupsV2.ListAccessGroupMembersParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.GroupMembersList>>;
    /**
     * Delete member from an access group.
     *
     * Remove one member from a group using this API. If the operation is successful, only a `204 - No Content` response
     * with no body is returned. However, if any error occurs, the standard error format will be returned. Dynamic member
     * cannot be deleted using this API. Dynamic rules needs to be adjusted to delete dynamic members.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} params.iamId - The IAM identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    removeMemberFromAccessGroup(params: IamAccessGroupsV2.RemoveMemberFromAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /**
     * Delete members from an access group.
     *
     * Remove multiple members from a group using this API. On a successful call, this API will always return 207. It is
     * the caller's responsibility to iterate across the body to determine successful deletion of each member. This API
     * request payload can delete up to 50 members per call. This API doesnt delete dynamic members accessing the access
     * group via dynamic rules.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string[]} [params.members] - The `iam_id`s to remove from the access group. This field has a limit of 50
     * `iam_id`s.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteGroupBulkMembersResponse>>}
     */
    removeMembersFromAccessGroup(params: IamAccessGroupsV2.RemoveMembersFromAccessGroupParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteGroupBulkMembersResponse>>;
    /**
     * Delete member from all access groups.
     *
     * This API removes a given member from every group they are a member of within the specified account. By using one
     * operation, you can revoke one member's access to all access groups in the account. If a partial failure occurs on
     * deletion, the response will be shown in the body.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
     * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
     * account_id must match the account of the Authorization token.
     * @param {string} params.iamId - The IAM identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteFromAllGroupsResponse>>}
     */
    removeMemberFromAllAccessGroups(params: IamAccessGroupsV2.RemoveMemberFromAllAccessGroupsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.DeleteFromAllGroupsResponse>>;
    /**
     * Add member to multiple access groups.
     *
     * This API will add a member to multiple access groups in an account. The limit of how many groups that can be in the
     * request is 50. The response is a list of results that show if adding the member to each group was successful or
     * not.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
     * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
     * account_id must match the account of the Authorization token.
     * @param {string} params.iamId - The IAM identifier.
     * @param {string} [params.type] - The type of the member, must be either "user", "service" or "profile".
     * @param {string[]} [params.groups] - The ids of the access groups a given member is to be added to.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddMembershipMultipleGroupsResponse>>}
     */
    addMemberToMultipleAccessGroups(params: IamAccessGroupsV2.AddMemberToMultipleAccessGroupsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AddMembershipMultipleGroupsResponse>>;
    /*************************
     * ruleOperations
     ************************/
    /**
     * Create rule for an access group.
     *
     * Rules can be used to dynamically add users to an access group. If a user's SAML assertions match the rule's
     * conditions during login, the user will be dynamically added to the group. The duration of the user's access to the
     * group is determined by the `expiration` field. After access expires, the user will need to log in again to regain
     * access. Note that the condition's value field must be a stringified JSON value. [Consult this documentation for
     * further explanation of dynamic rules.](/docs/account?topic=account-rules).
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time
     * period expires. Users must log back in to refresh their access group membership.
     * @param {string} params.realmName - The URL of the identity provider (IdP).
     * @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access
     * group membership.
     * @param {string} [params.name] - The name of the dynaimic rule.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>}
     */
    addAccessGroupRule(params: IamAccessGroupsV2.AddAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>;
    /**
     * List access group rules.
     *
     * This API lists all rules in a given access group. Because only a few rules are created on each group, there is no
     * pagination or sorting support on this API.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.RulesList>>}
     */
    listAccessGroupRules(params: IamAccessGroupsV2.ListAccessGroupRulesParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.RulesList>>;
    /**
     * Get an access group rule.
     *
     * Retrieve a rule from an access group. A revision number is returned in the `ETag` header, which is needed when
     * updating the rule.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} params.ruleId - The rule to get.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>}
     */
    getAccessGroupRule(params: IamAccessGroupsV2.GetAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>;
    /**
     * Replace an access group rule.
     *
     * Update the body of an existing rule using this API. An `If-Match` header must be populated with the rule's most
     * recent revision number (which can be acquired in the `Get an access group rule` API).
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} params.ruleId - The rule to get.
     * @param {string} params.ifMatch - The current revision number of the rule being updated. This can be found in the
     * Get Rule response ETag header.
     * @param {number} params.expiration - Session duration in hours. Access group membership is revoked after this time
     * period expires. Users must log back in to refresh their access group membership.
     * @param {string} params.realmName - The URL of the identity provider (IdP).
     * @param {RuleConditions[]} params.conditions - A list of conditions that identities must satisfy to gain access
     * group membership.
     * @param {string} [params.name] - The name of the dynaimic rule.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>}
     */
    replaceAccessGroupRule(params: IamAccessGroupsV2.ReplaceAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.Rule>>;
    /**
     * Delete an access group rule.
     *
     * Remove one rule from a group using this API. If the operation is successful, only a `204 - No Content` response
     * with no body is returned. However, if any error occurs, the standard error format will be returned.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accessGroupId - The access group identifier.
     * @param {string} params.ruleId - The rule to get.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    removeAccessGroupRule(params: IamAccessGroupsV2.RemoveAccessGroupRuleParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /*************************
     * accountSettings
     ************************/
    /**
     * Get account settings.
     *
     * Retrieve the access groups settings for a specific account.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
     * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
     * account_id must match the account of the Authorization token.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>}
     */
    getAccountSettings(params: IamAccessGroupsV2.GetAccountSettingsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>;
    /**
     * Update account settings.
     *
     * Update the access groups settings for a specific account. Note: When the `public_access_enabled` setting is set to
     * false, all policies within the account attached to the Public Access group will be deleted. Only set
     * `public_access_enabled` to false if you are sure that you want those policies to be removed.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Account ID of the API keys(s) to query. If a service IAM ID is specified in
     * iam_id then account_id must match the account of the IAM ID. If a user IAM ID is specified in iam_id then then
     * account_id must match the account of the Authorization token.
     * @param {boolean} [params.publicAccessEnabled] - This flag controls the public access feature within the account. It
     * is set to true by default. Note: When this flag is set to false, all policies within the account attached to the
     * Public Access group will be deleted.
     * @param {string} [params.transactionId] - An optional transaction ID can be passed to your request, which can be
     * useful for tracking calls through multiple services by using one identifier. The header key must be set to
     * Transaction-Id and the value is anything that you choose. If no transaction ID is passed in, then a random ID is
     * generated.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>}
     */
    updateAccountSettings(params: IamAccessGroupsV2.UpdateAccountSettingsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.AccountSettings>>;
    /*************************
     * templateOperations
     ************************/
    /**
     * Create template.
     *
     * Create an access group template. Make sure that the template is generic enough to apply to multiple different child
     * accounts. Before you can assign an access group template to child accounts, you must commit it so that no further
     * changes can be made to the version.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.name - Give the access group template a unique name that doesn't conflict with an existing
     * access group templates in the account.
     * @param {string} params.accountId - Enterprise account id in which the template will be created.
     * @param {string} [params.description] - Assign an optional description for the access group template.
     * @param {AccessGroupRequest} [params.group] - Access Group Component.
     * @param {PolicyTemplates[]} [params.policyTemplateReferences] - Existing policy templates that you can reference to
     * assign access in the Access group input component.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateResponse>>}
     */
    createTemplate(params: IamAccessGroupsV2.CreateTemplateParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateResponse>>;
    /**
     * List templates.
     *
     * List the access group templates in an enterprise account.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Enterprise account ID.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
     * @param {number} [params.offset] - The offset of the first result item to be returned.
     * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a
     * concern, leave the `verbose` parameter off so that details are not retrieved.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplatesResponse>>}
     */
    listTemplates(params: IamAccessGroupsV2.ListTemplatesParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplatesResponse>>;
    /**
     * Create template version.
     *
     * Create a new version of an access group template.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template that you want to create a new version of.
     * @param {string} [params.name] - This is an optional field. If the field is included it will change the name value
     * for all existing versions of the template..
     * @param {string} [params.description] - Assign an optional description for the access group template version.
     * @param {AccessGroupRequest} [params.group] - Access Group Component.
     * @param {PolicyTemplates[]} [params.policyTemplateReferences] - The policy templates associated with the template
     * version.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>}
     */
    createTemplateVersion(params: IamAccessGroupsV2.CreateTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>;
    /**
     * List template versions.
     *
     * List all the versions of an access group template.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template that you want to list all versions of.
     * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
     * @param {number} [params.offset] - The offset of the first result item to be returned.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateVersionsResponse>>}
     */
    listTemplateVersions(params: IamAccessGroupsV2.ListTemplateVersionsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateVersionsResponse>>;
    /**
     * Get template version.
     *
     * Get a specific version of a template.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template to get a specific version of.
     * @param {string} params.versionNum - Version number.
     * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a
     * concern, leave the `verbose` parameter off so that details are not retrieved.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>}
     */
    getTemplateVersion(params: IamAccessGroupsV2.GetTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>;
    /**
     * Update template version.
     *
     * Update a template version. You can only update a version that isn't committed. Create a new version if you need to
     * update a committed version.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template.
     * @param {string} params.versionNum - Version number of the template.
     * @param {string} params.ifMatch - ETag value of the template version document.
     * @param {string} [params.name] - This is an optional field. If the field is included it will change the name value
     * for all existing versions of the template..
     * @param {string} [params.description] - Assign an optional description for the access group template version.
     * @param {AccessGroupRequest} [params.group] - Access Group Component.
     * @param {PolicyTemplates[]} [params.policyTemplateReferences] - The policy templates associated with the template
     * version.
     * @param {string} [params.transactionId] - transaction id in header.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>}
     */
    updateTemplateVersion(params: IamAccessGroupsV2.UpdateTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>;
    /**
     * Delete template version.
     *
     * Delete a template version. You must remove all assignments for a template version before you can delete it.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template to delete.
     * @param {string} params.versionNum - version number in path.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    deleteTemplateVersion(params: IamAccessGroupsV2.DeleteTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /**
     * Commit a template.
     *
     * Commit a template version. You must do this before you can assign a template version to child accounts. After you
     * commit the template version, you can't make any further changes.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template to commit.
     * @param {string} params.versionNum - version number in path.
     * @param {string} params.ifMatch - ETag value of the template version document.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    commitTemplate(params: IamAccessGroupsV2.CommitTemplateParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /**
     * Get latest template version.
     *
     * Get the latest version of a template.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - ID of the template to get a specific version of.
     * @param {boolean} [params.verbose] - If `verbose=true`, IAM resource details are returned. If performance is a
     * concern, leave the `verbose` parameter off so that details are not retrieved.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>}
     */
    getLatestTemplateVersion(params: IamAccessGroupsV2.GetLatestTemplateVersionParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateVersionResponse>>;
    /**
     * Delete template.
     *
     * Endpoint to delete a template. All access assigned by that template is deleted from all of the accounts where the
     * template was assigned.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - template id parameter.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    deleteTemplate(params: IamAccessGroupsV2.DeleteTemplateParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
    /*************************
     * templateAssignmentOperations
     ************************/
    /**
     * Create assignment.
     *
     * Assign a template version to accounts that have enabled enterprise-managed IAM. You can specify individual
     * accounts, or an entire account group to assign the template to all current and future child accounts of that
     * account group.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.templateId - The unique identifier of the template to be assigned.
     * @param {string} params.templateVersion - The version number of the template to be assigned.
     * @param {string} params.targetType - The type of the entity to which the template should be assigned, e.g.
     * 'Account', 'AccountGroup', etc.
     * @param {string} params.target - The unique identifier of the entity to which the template should be assigned.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentResponse>>}
     */
    createAssignment(params: IamAccessGroupsV2.CreateAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentResponse>>;
    /**
     * List assignments.
     *
     * List template assignments from an enterprise account.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.accountId - Enterprise account ID.
     * @param {string} [params.templateId] - Filter results by Template Id.
     * @param {string} [params.templateVersion] - Filter results by Template Version.
     * @param {string} [params.target] - Filter results by the assignment target.
     * @param {string} [params.status] - Filter results by the assignment status.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {number} [params.limit] - Return up to this limit of results where limit is between 0 and 100.
     * @param {number} [params.offset] - The offset of the first result item to be returned.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateAssignmentResponse>>}
     */
    listAssignments(params: IamAccessGroupsV2.ListAssignmentsParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.ListTemplateAssignmentResponse>>;
    /**
     * Get assignment.
     *
     * Get a specific template assignment.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.assignmentId - Assignment ID.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {boolean} [params.verbose] - Returns resources access group template assigned, possible values `true` or
     * `false`.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>}
     */
    getAssignment(params: IamAccessGroupsV2.GetAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>;
    /**
     * Update Assignment.
     *
     * Endpoint to update template assignment.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.assignmentId - ID of the Assignment Record.
     * @param {string} params.ifMatch - Version of the Assignment to be updated. Specify the version that you retrieved
     * when reading the Assignment. This value helps identifying parallel usage of this API. Pass * to indicate to update
     * any version available. This might result in stale updates.
     * @param {string} params.templateVersion - Template version which shall be applied to the assignment.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>}
     */
    updateAssignment(params: IamAccessGroupsV2.UpdateAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.TemplateAssignmentVerboseResponse>>;
    /**
     * Delete assignment.
     *
     * Delete an access group template assignment.
     *
     * @param {Object} params - The parameters to send to the service.
     * @param {string} params.assignmentId - assignment id path parameter.
     * @param {string} [params.transactionId] - An optional transaction id for the request.
     * @param {OutgoingHttpHeaders} [params.headers] - Custom request headers
     * @returns {Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>}
     */
    deleteAssignment(params: IamAccessGroupsV2.DeleteAssignmentParams): Promise<IamAccessGroupsV2.Response<IamAccessGroupsV2.EmptyObject>>;
}
/*************************
 * interfaces
 ************************/
declare namespace IamAccessGroupsV2 {
    /** An operation response. */
    interface Response<T = any> {
        result: T;
        status: number;
        statusText: string;
        headers: IncomingHttpHeaders;
    }
    /** The callback for a service request. */
    type Callback<T> = (error: any, response?: Response<T>) => void;
    /** The body of a service request that returns no response data. */
    interface EmptyObject {
    }
    /** A standard JS object, defined to avoid the limitations of `Object` and `object` */
    interface JsonObject {
        [key: string]: any;
    }
    /*************************
     * request interfaces
     ************************/
    /** Parameters for the `createAccessGroup` operation. */
    interface CreateAccessGroupParams {
        /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must
         *  match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the
         *  account of the Authorization token.
         */
        accountId: string;
        /** Give the access group a unique name that doesn't conflict with an existing access group in the account. This
         *  field is case-insensitive and has a limit of 100 characters.
         */
        name: string;
        /** Assign an optional description for the access group. This field has a limit of 250 characters. */
        description?: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `listAccessGroups` operation. */
    interface ListAccessGroupsParams {
        /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must
         *  match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the
         *  account of the Authorization token.
         */
        accountId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        /** Return groups for member ID (IBMid, service ID or trusted profile ID). */
        iamId?: string;
        /** Use search to filter access groups list by id, name or description.
         *  * `search=id:<ACCESS_GROUP_ID>` - To list access groups by id
         *  * `search=name:<ACCESS_GROUP_NAME>` - To list access groups by name
         *  * `search=description:<ACCESS_GROUP_DESC>` - To list access groups by description.
         */
        search?: string;
        /** Membership type need to be specified along with iam_id and must be either `static`, `dynamic` or `all`. If
         *  membership type is `static`, members explicitly added to the group will be shown. If membership type is
         *  `dynamic`, members accessing the access group at the moment via dynamic rules will be shown. If membership type
         *  is `all`, both static and dynamic members will be shown.
         */
        membershipType?: string;
        /** Return up to this limit of results where limit is between 0 and 100. */
        limit?: number;
        /** The offset of the first result item to be returned. */
        offset?: number;
        /** Sort the results by id, name, description, or is_federated flag. */
        sort?: string;
        /** If show_federated is true, each group listed will return an is_federated value that is set to true if rules
         *  exist for the group.
         */
        showFederated?: boolean;
        /** If hide_public_access is true, do not include the Public Access Group in the results. */
        hidePublicAccess?: boolean;
        /** If show_crn is true, group CRN will be included in the response. */
        showCrn?: boolean;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `getAccessGroup` operation. */
    interface GetAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        /** If show_federated is true, the group will return an is_federated value that is set to true if rules exist
         *  for the group.
         */
        showFederated?: boolean;
        /** If show_crn is true, group CRN will be included in the response. */
        showCrn?: boolean;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `updateAccessGroup` operation. */
    interface UpdateAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The current revision number of the group being updated. This can be found in the Create/Get access group
         *  response ETag header.
         */
        ifMatch: string;
        /** Give the access group a unique name that doesn't conflict with an existing access group in the account. This
         *  field is case-insensitive and has a limit of 100 characters.
         */
        name?: string;
        /** Assign an optional description for the access group. This field has a limit of 250 characters. */
        description?: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `deleteAccessGroup` operation. */
    interface DeleteAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        /** If force is true, delete the group as well as its associated members and rules. */
        force?: boolean;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `isMemberOfAccessGroup` operation. */
    interface IsMemberOfAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The IAM identifier. */
        iamId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `addMembersToAccessGroup` operation. */
    interface AddMembersToAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** An array of member objects to add to an access group. */
        members?: AddGroupMembersRequestMembersItem[];
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `listAccessGroupMembers` operation. */
    interface ListAccessGroupMembersParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        /** Filters members by membership type. Filter by `static`, `dynamic` or `all`. `static` lists the members
         *  explicitly added to the access group, and `dynamic` lists the members that are part of the access group at that
         *  time via dynamic rules. `all` lists both static and dynamic members.
         */
        membershipType?: string;
        /** Return up to this limit of results where limit is between 0 and 100. */
        limit?: number;
        /** The offset of the first result item to be returned. */
        offset?: number;
        /** Filter the results by member type. */
        type?: string;
        /** Return user's email and name for each user ID or the name for each service ID or trusted profile. */
        verbose?: boolean;
        /** If verbose is true, sort the results by id, name, or email. */
        sort?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `removeMemberFromAccessGroup` operation. */
    interface RemoveMemberFromAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The IAM identifier. */
        iamId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `removeMembersFromAccessGroup` operation. */
    interface RemoveMembersFromAccessGroupParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The `iam_id`s to remove from the access group. This field has a limit of 50 `iam_id`s. */
        members?: string[];
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `removeMemberFromAllAccessGroups` operation. */
    interface RemoveMemberFromAllAccessGroupsParams {
        /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must
         *  match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the
         *  account of the Authorization token.
         */
        accountId: string;
        /** The IAM identifier. */
        iamId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `addMemberToMultipleAccessGroups` operation. */
    interface AddMemberToMultipleAccessGroupsParams {
        /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must
         *  match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the
         *  account of the Authorization token.
         */
        accountId: string;
        /** The IAM identifier. */
        iamId: string;
        /** The type of the member, must be either "user", "service" or "profile". */
        type?: string;
        /** The ids of the access groups a given member is to be added to. */
        groups?: string[];
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `addAccessGroupRule` operation. */
    interface AddAccessGroupRuleParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log
         *  back in to refresh their access group membership.
         */
        expiration: number;
        /** The URL of the identity provider (IdP). */
        realmName: string;
        /** A list of conditions that identities must satisfy to gain access group membership. */
        conditions: RuleConditions[];
        /** The name of the dynaimic rule. */
        name?: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `listAccessGroupRules` operation. */
    interface ListAccessGroupRulesParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `getAccessGroupRule` operation. */
    interface GetAccessGroupRuleParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The rule to get. */
        ruleId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `replaceAccessGroupRule` operation. */
    interface ReplaceAccessGroupRuleParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The rule to get. */
        ruleId: string;
        /** The current revision number of the rule being updated. This can be found in the Get Rule response ETag
         *  header.
         */
        ifMatch: string;
        /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log
         *  back in to refresh their access group membership.
         */
        expiration: number;
        /** The URL of the identity provider (IdP). */
        realmName: string;
        /** A list of conditions that identities must satisfy to gain access group membership. */
        conditions: RuleConditions[];
        /** The name of the dynaimic rule. */
        name?: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `removeAccessGroupRule` operation. */
    interface RemoveAccessGroupRuleParams {
        /** The access group identifier. */
        accessGroupId: string;
        /** The rule to get. */
        ruleId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `getAccountSettings` operation. */
    interface GetAccountSettingsParams {
        /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must
         *  match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the
         *  account of the Authorization token.
         */
        accountId: string;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `updateAccountSettings` operation. */
    interface UpdateAccountSettingsParams {
        /** Account ID of the API keys(s) to query. If a service IAM ID is specified in iam_id then account_id must
         *  match the account of the IAM ID. If a user IAM ID is specified in iam_id then then account_id must match the
         *  account of the Authorization token.
         */
        accountId: string;
        /** This flag controls the public access feature within the account. It is set to true by default. Note: When
         *  this flag is set to false, all policies within the account attached to the Public Access group will be deleted.
         */
        publicAccessEnabled?: boolean;
        /** An optional transaction ID can be passed to your request, which can be useful for tracking calls through
         *  multiple services by using one identifier. The header key must be set to Transaction-Id and the value is
         *  anything that you choose. If no transaction ID is passed in, then a random ID is generated.
         */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `createTemplate` operation. */
    interface CreateTemplateParams {
        /** Give the access group template a unique name that doesn't conflict with an existing access group templates
         *  in the account.
         */
        name: string;
        /** Enterprise account id in which the template will be created. */
        accountId: string;
        /** Assign an optional description for the access group template. */
        description?: string;
        /** Access Group Component. */
        group?: AccessGroupRequest;
        /** Existing policy templates that you can reference to assign access in the Access group input component. */
        policyTemplateReferences?: PolicyTemplates[];
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `listTemplates` operation. */
    interface ListTemplatesParams {
        /** Enterprise account ID. */
        accountId: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        /** Return up to this limit of results where limit is between 0 and 100. */
        limit?: number;
        /** The offset of the first result item to be returned. */
        offset?: number;
        /** If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose`
         *  parameter off so that details are not retrieved.
         */
        verbose?: boolean;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `createTemplateVersion` operation. */
    interface CreateTemplateVersionParams {
        /** ID of the template that you want to create a new version of. */
        templateId: string;
        /** This is an optional field. If the field is included it will change the name value for all existing versions
         *  of the template..
         */
        name?: string;
        /** Assign an optional description for the access group template version. */
        description?: string;
        /** Access Group Component. */
        group?: AccessGroupRequest;
        /** The policy templates associated with the template version. */
        policyTemplateReferences?: PolicyTemplates[];
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `listTemplateVersions` operation. */
    interface ListTemplateVersionsParams {
        /** ID of the template that you want to list all versions of. */
        templateId: string;
        /** Return up to this limit of results where limit is between 0 and 100. */
        limit?: number;
        /** The offset of the first result item to be returned. */
        offset?: number;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `getTemplateVersion` operation. */
    interface GetTemplateVersionParams {
        /** ID of the template to get a specific version of. */
        templateId: string;
        /** Version number. */
        versionNum: string;
        /** If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose`
         *  parameter off so that details are not retrieved.
         */
        verbose?: boolean;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `updateTemplateVersion` operation. */
    interface UpdateTemplateVersionParams {
        /** ID of the template. */
        templateId: string;
        /** Version number of the template. */
        versionNum: string;
        /** ETag value of the template version document. */
        ifMatch: string;
        /** This is an optional field. If the field is included it will change the name value for all existing versions
         *  of the template..
         */
        name?: string;
        /** Assign an optional description for the access group template version. */
        description?: string;
        /** Access Group Component. */
        group?: AccessGroupRequest;
        /** The policy templates associated with the template version. */
        policyTemplateReferences?: PolicyTemplates[];
        /** transaction id in header. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `deleteTemplateVersion` operation. */
    interface DeleteTemplateVersionParams {
        /** ID of the template to delete. */
        templateId: string;
        /** version number in path. */
        versionNum: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `commitTemplate` operation. */
    interface CommitTemplateParams {
        /** ID of the template to commit. */
        templateId: string;
        /** version number in path. */
        versionNum: string;
        /** ETag value of the template version document. */
        ifMatch: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `getLatestTemplateVersion` operation. */
    interface GetLatestTemplateVersionParams {
        /** ID of the template to get a specific version of. */
        templateId: string;
        /** If `verbose=true`, IAM resource details are returned. If performance is a concern, leave the `verbose`
         *  parameter off so that details are not retrieved.
         */
        verbose?: boolean;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `deleteTemplate` operation. */
    interface DeleteTemplateParams {
        /** template id parameter. */
        templateId: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `createAssignment` operation. */
    interface CreateAssignmentParams {
        /** The unique identifier of the template to be assigned. */
        templateId: string;
        /** The version number of the template to be assigned. */
        templateVersion: string;
        /** The type of the entity to which the template should be assigned, e.g. 'Account', 'AccountGroup', etc. */
        targetType: CreateAssignmentConstants.TargetType | string;
        /** The unique identifier of the entity to which the template should be assigned. */
        target: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Constants for the `createAssignment` operation. */
    namespace CreateAssignmentConstants {
        /** The type of the entity to which the template should be assigned, e.g. 'Account', 'AccountGroup', etc. */
        enum TargetType {
            ACCOUNT = "Account",
            ACCOUNTGROUP = "AccountGroup"
        }
    }
    /** Parameters for the `listAssignments` operation. */
    interface ListAssignmentsParams {
        /** Enterprise account ID. */
        accountId: string;
        /** Filter results by Template Id. */
        templateId?: string;
        /** Filter results by Template Version. */
        templateVersion?: string;
        /** Filter results by the assignment target. */
        target?: string;
        /** Filter results by the assignment status. */
        status?: ListAssignmentsConstants.Status | string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        /** Return up to this limit of results where limit is between 0 and 100. */
        limit?: number;
        /** The offset of the first result item to be returned. */
        offset?: number;
        headers?: OutgoingHttpHeaders;
    }
    /** Constants for the `listAssignments` operation. */
    namespace ListAssignmentsConstants {
        /** Filter results by the assignment status. */
        enum Status {
            ACCEPTED = "accepted",
            IN_PROGRESS = "in_progress",
            SUCCEEDED = "succeeded",
            FAILED = "failed"
        }
    }
    /** Parameters for the `getAssignment` operation. */
    interface GetAssignmentParams {
        /** Assignment ID. */
        assignmentId: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        /** Returns resources access group template assigned, possible values `true` or `false`. */
        verbose?: boolean;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `updateAssignment` operation. */
    interface UpdateAssignmentParams {
        /** ID of the Assignment Record. */
        assignmentId: string;
        /** Version of the Assignment to be updated. Specify the version that you retrieved when reading the Assignment.
         *  This value helps identifying parallel usage of this API. Pass * to indicate to update any version available.
         *  This might result in stale updates.
         */
        ifMatch: string;
        /** Template version which shall be applied to the assignment. */
        templateVersion: string;
        headers?: OutgoingHttpHeaders;
    }
    /** Parameters for the `deleteAssignment` operation. */
    interface DeleteAssignmentParams {
        /** assignment id path parameter. */
        assignmentId: string;
        /** An optional transaction id for the request. */
        transactionId?: string;
        headers?: OutgoingHttpHeaders;
    }
    /*************************
     * model interfaces
     ************************/
    /**
     * Control whether or not access group administrators in child accounts can add access policies to the
     * enterprise-managed access group in their account.
     */
    interface AccessActionControls {
        /** Action control for adding access policies to an enterprise-managed access group in a child account. If an
         *  access group administrator in a child account adds a policy, they can always update or remove it. Note that if
         *  conflicts arise between an update to this control in a new version and polices added to the access group by an
         *  administrator in a child account, you must resolve those conflicts in the child account. This prevents breaking
         *  access in the child account. For more information, see [Working with
         *  versions](https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions#new-version-scenarios).
         */
        add?: boolean;
    }
    /**
     * Access Group Component.
     */
    interface AccessGroupRequest {
        /** Give the access group a unique name that doesn't conflict with other templates access group name in the
         *  given account. This is shown in child accounts.
         */
        name: string;
        /** Access group description. This is shown in child accounts. */
        description?: string;
        /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be
         *  invited to the child accounts where the template is assigned.
         */
        members?: Members;
        /** Assertions Input Component. */
        assertions?: Assertions;
        /** Access group action controls component. */
        action_controls?: GroupActionControls;
    }
    /**
     * Access Group Component.
     */
    interface AccessGroupResponse {
        /** Give the access group a unique name that doesn't conflict with other templates access group name in the
         *  given account. This is shown in child accounts.
         */
        name: string;
        /** Access group description. This is shown in child accounts. */
        description?: string;
        /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be
         *  invited to the child accounts where the template is assigned.
         */
        members?: Members;
        /** Assertions Input Component. */
        assertions?: Assertions;
        /** Access group action controls component. */
        action_controls?: GroupActionControls;
    }
    /**
     * The access groups settings for a specific account.
     */
    interface AccountSettings {
        /** The account id of the settings being shown. */
        account_id?: string;
        /** The timestamp the settings were last edited at. */
        last_modified_at?: string;
        /** The `iam_id` of the entity that last modified the settings. */
        last_modified_by_id?: string;
        /** This flag controls the public access feature within the account. It is set to true by default. Note: When
         *  this flag is set to false, all policies within the account attached to the Public Access group will be deleted.
         */
        public_access_enabled?: boolean;
    }
    /**
     * AddGroupMembersRequestMembersItem.
     */
    interface AddGroupMembersRequestMembersItem {
        /** The IBMid, service ID or trusted profile ID of the member. */
        iam_id: string;
        /** The type of the member, must be either "user", "service" or "profile". */
        type: string;
    }
    /**
     * The members added to an access group.
     */
    interface AddGroupMembersResponse {
        /** The members added to an access group. */
        members?: AddGroupMembersResponseMembersItem[];
    }
    /**
     * AddGroupMembersResponseMembersItem.
     */
    interface AddGroupMembersResponseMembersItem {
        /** The IBMid or Service Id of the member. */
        iam_id?: string;
        /** The member type - either `user`, `service` or `profile`. */
        type?: string;
        /** The timestamp of when the membership was created. */
        created_at?: string;
        /** The `iam_id` of the entity that created the membership. */
        created_by_id?: string;
        /** The outcome of the operation on this `iam_id`. */
        status_code?: number;
        /** A transaction-id that can be used for debugging purposes. */
        trace?: string;
        /** A list of errors that occurred when trying to add members to a group. */
        errors?: Error[];
    }
    /**
     * The response from the add member to multiple access groups request.
     */
    interface AddMembershipMultipleGroupsResponse {
        /** The iam_id of a member. */
        iam_id?: string;
        /** The list of access groups a member was added to. */
        groups?: AddMembershipMultipleGroupsResponseGroupsItem[];
    }
    /**
     * AddMembershipMultipleGroupsResponseGroupsItem.
     */
    interface AddMembershipMultipleGroupsResponseGroupsItem {
        /** The access group that the member is to be added to. */
        access_group_id?: string;
        /** The outcome of the add membership operation on this `access_group_id`. */
        status_code?: number;
        /** A transaction-id that can be used for debugging purposes. */
        trace?: string;
        /** List of errors encountered when adding member to access group. */
        errors?: Error[];
    }
    /**
     * Assertions Input Component.
     */
    interface Assertions {
        /** Dynamic rules to automatically add federated users to access groups based on specific identity attributes. */
        rules?: AssertionsRule[];
        /** Control whether or not access group administrators in child accounts can add, remove, and update dynamic
         *  rules for the enterprise-managed access group in their account. The inner level RuleActionControls override
         *  these `remove` and `update` action controls.
         */
        action_controls?: AssertionsActionControls;
    }
    /**
     * Control whether or not access group administrators in child accounts can add, remove, and update dynamic rules for
     * the enterprise-managed access group in their account. The inner level RuleActionControls override these `remove`
     * and `update` action controls.
     */
    interface AssertionsActionControls {
        /** Action control for adding dynamic rules to an enterprise-managed access group. If an access group
         *  administrator in a child account adds a dynamic rule, they can always update or remove it. Note that if
         *  conflicts arise between an update to this control and rules added or updated by an administrator in the child
         *  account, you must resolve those conflicts in the child account. This prevents breaking access that the rules
         *  might grant in the child account. For more information, see [Working with versions].
         */
        add?: boolean;
        /** Action control for removing enterprise-managed dynamic rules in an enterprise-managed access group. Note
         *  that if a rule is removed from an enterprise-managed access group by an administrator in a child account and and
         *  you reassign the template, the rule is reinstated.
         */
        remove?: boolean;
    }
    /**
     * Rule Input component.
     */
    interface AssertionsRule {
        /** Dynamic rule name. */
        name?: string;
        /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log
         *  back in to refresh their access group membership.
         */
        expiration?: number;
        /** The identity provider (IdP) URL. */
        realm_name?: string;
        /** Conditions of membership. You can think of this as a key:value pair. */
        conditions?: Conditions[];
        /** Control whether or not access group administrators in child accounts can update and remove this dynamic rule
         *  in the enterprise-managed access group in their account.This overrides outer level AssertionsActionControls.
         */
        action_controls?: RuleActionControls;
    }
    /**
     * Assignment Resource Access Group.
     */
    interface AssignmentResourceAccessGroup {
        /** Assignment resource entry. */
        group: AssignmentResourceEntry;
        /** List of member resources of the group. */
        members: AssignmentResourceEntry[];
        /** List of rules associated with the group. */
        rules: AssignmentResourceEntry[];
    }
    /**
     * Assignment resource entry.
     */
    interface AssignmentResourceEntry {
        /** Assignment Resource Entry Id. */
        id: string;
        /** Optional name of the resource. */
        name?: string;
        /** Optional version of the resource. */
        version?: string;
        /** Resource in assignment resource entry. */
        resource: string;
        /** Error in assignment resource entry. */
        error: string;
        /** Optional operation on the resource. */
        operation?: string;
        /** Status of assignment resource entry. */
        status: string;
    }
    /**
     * Condition Input component.
     */
    interface Conditions {
        /** The key in the key:value pair. */
        claim?: string;
        /** Compares the claim and the value. */
        operator?: string;
        /** The value in the key:value pair. */
        value?: string;
    }
    /**
     * The response from the delete member from access groups request.
     */
    interface DeleteFromAllGroupsResponse {
        /** The `iam_id` of the member to removed from groups. */
        iam_id?: string;
        /** The groups the member was removed from. */
        groups?: DeleteFromAllGroupsResponseGroupsItem[];
    }
    /**
     * DeleteFromAllGroupsResponseGroupsItem.
     */
    interface DeleteFromAllGroupsResponseGroupsItem {
        /** The access group that the member is to be deleted from. */
        access_group_id?: string;
        /** The outcome of the delete operation on this `access_group_id`. */
        status_code?: number;
        /** A transaction-id that can be used for debugging purposes. */
        trace?: string;
        /** A list of errors that occurred when trying to remove a member from groups. */
        errors?: Error[];
    }
    /**
     * The access group id and the members removed from it.
     */
    interface DeleteGroupBulkMembersResponse {
        /** The access group id. */
        access_group_id?: string;
        /** The `iam_id`s removed from the access group. */
        members?: DeleteGroupBulkMembersResponseMembersItem[];
    }
    /**
     * DeleteGroupBulkMembersResponseMembersItem.
     */
    interface DeleteGroupBulkMembersResponseMembersItem {
        /** The `iam_id` to be deleted. */
        iam_id?: string;
        /** A transaction-id that can be used for debugging purposes. */
        trace?: string;
        /** The outcome of the delete membership operation on this `access_group_id`. */
        status_code?: number;
        /** A list of errors that occurred when trying to remove a member from groups. */
        errors?: Error[];
    }
    /**
     * Error contains the code and message for an error returned to the user code is a string identifying the problem,
     * examples "missing_field", "reserved_value" message is a string explaining the solution to the problem that was
     * encountered.
     */
    interface Error {
        /** A human-readable error code represented by a snake case string. */
        code?: string;
        /** A specific error message that details the issue or an action to take. */
        message?: string;
    }
    /**
     * An IAM access group.
     */
    interface Group {
        /** The group's access group ID. */
        id?: string;
        /** The group's name. */
        name?: string;
        /** The group's description - if defined. */
        description?: string;
        /** The account id where the group was created. */
        account_id?: string;
        /** The timestamp of when the group was created. */
        created_at?: string;
        /** The `iam_id` of the entity that created the group. */
        created_by_id?: string;
        /** The timestamp of when the group was last edited. */
        last_modified_at?: string;
        /** The `iam_id` of the entity that last modified the group name or description. */
        last_modified_by_id?: string;
        /** A url to the given group resource. */
        href?: string;
        /** This is set to true if rules exist for the group. */
        is_federated?: boolean;
    }
    /**
     * Access group action controls component.
     */
    interface GroupActionControls {
        /** Control whether or not access group administrators in child accounts can add access policies to the
         *  enterprise-managed access group in their account.
         */
        access?: AccessActionControls;
    }
    /**
     * The members of a group.
     */
    interface GroupMembersList {
        /** Limit on how many items can be returned. */
        limit: number;
        /** The offset of the first item returned in the result set. */
        offset: number;
        /** The total number of items that match the query. */
        total_count: number;
        /** A link object. */
        first?: HrefStruct;
        /** A link object. */
        previous?: HrefStruct;
        /** A link object. */
        next?: HrefStruct;
        /** A link object. */
        last?: HrefStruct;
        /** The members of an access group. */
        members?: ListGroupMembersResponseMember[];
    }
    /**
     * Response output for template.
     */
    interface GroupTemplate {
        /** The ID of the access group template. */
        id: string;
        /** The name of the access group template. */
        name: string;
        /** The description of the access group template. */
        description: string;
        /** The version of the access group template. */
        version: string;
        /** A boolean indicating whether the access group template is committed. You must commit a template before you
         *  can assign it to child accounts.
         */
        committed: boolean;
        /** Access Group Component. */
        group: AccessGroupResponse;
        /** References to policy templates assigned to the access group template. */
        policy_template_references: PolicyTemplates[];
        /** The URL of the access group template resource. */
        href: string;
        /** The date and time when the access group template was created. */
        created_at: string;
        /** The ID of the user who created the access group template. */
        created_by_id: string;
        /** The date and time when the access group template was last modified. */
        last_modified_at: string;
        /** The ID of the user who last modified the access group template. */
        last_modified_by_id: string;
    }
    /**
     * The list of access groups returned as part of a response.
     */
    interface GroupsList {
        /** Limit on how many items can be returned. */
        limit: number;
        /** The offset of the first item returned in the result set. */
        offset: number;
        /** The total number of items that match the query. */
        total_count: number;
        /** A link object. */
        first?: HrefStruct;
        /** A link object. */
        previous?: HrefStruct;
        /** A link object. */
        next?: HrefStruct;
        /** A link object. */
        last?: HrefStruct;
        /** An array of access groups. */
        groups?: Group[];
    }
    /**
     * A link object.
     */
    interface HrefStruct {
        /** A string containing the link’s URL. */
        href?: string;
    }
    /**
     * A single member of an access group in a list.
     */
    interface ListGroupMembersResponseMember {
        /** The IBMid or Service Id of the member. */
        iam_id?: string;
        /** The member type - either `user`, `service` or `profile`. */
        type?: string;
        /** The membership type - either `static` or `dynamic`. */
        membership_type?: string;
        /** The user's or service id's name. */
        name?: string;
        /** If the member type is user, this is the user's email. */
        email?: string;
        /** If the member type is service, this is the service id's description. */
        description?: string;
        /** A url to the given member resource. */
        href?: string;
        /** The timestamp the membership was created at. */
        created_at?: string;
        /** The `iam_id` of the entity that created the membership. */
        created_by_id?: string;
    }
    /**
     * Response object containing a list of template assignments.
     */
    interface ListTemplateAssignmentResponse {
        /** Maximum number of items returned in the response. */
        limit: number;
        /** Index of the first item returned in the response. */
        offset: number;
        /** Total number of items matching the query. */
        total_count: number;
        /** A link object. */
        first: HrefStruct;
        /** A link object. */
        last: HrefStruct;
        /** List of template assignments. */
        assignments: TemplateAssignmentResponse[];
    }
    /**
     * Response object for a single access group template version.
     */
    interface ListTemplateVersionResponse {
        /** The name of the template. */
        name: string;
        /** The description of the template. */
        description: string;
        /** The ID of the account associated with the template. */
        account_id: string;
        /** The version number of the template. */
        version: string;
        /** A boolean indicating whether the template is committed or not. */
        committed: boolean;
        /** Access Group Component. */
        group: AccessGroupResponse;
        /** A list of policy templates associated with the template. */
        policy_template_references: PolicyTemplates[];
        /** The URL to the template resource. */
        href: string;
        /** The date and time the template was created. */
        created_at: string;
        /** The ID of the user who created the template. */
        created_by_id: string;
        /** The date and time the template was last modified. */
        last_modified_at: string;
        /** The ID of the user who last modified the template. */
        last_modified_by_id: string;
    }
    /**
     * Response object for listing template versions.
     */
    interface ListTemplateVersionsResponse {
        /** The maximum number of IAM resources to return. */
        limit: number;
        /** The offset of the first IAM resource in the list. */
        offset: number;
        /** The total number of IAM resources in the list. */
        total_count: number;
        /** A link object. */
        first: HrefStruct;
        /** A link object. */
        previous?: HrefStruct;
        /** A link object. */
        next?: HrefStruct;
        /** A link object. */
        last: HrefStruct;
        /** A list of access group template versions. */
        group_template_versions: ListTemplateVersionResponse[];
    }
    /**
     * Response object for listing templates.
     */
    interface ListTemplatesResponse {
        /** The maximum number of IAM resources to return. */
        limit: number;
        /** The offset of the first IAM resource in the list. */
        offset: number;
        /** The total number of IAM resources in the list. */
        total_count: number;
        /** A link object. */
        first: HrefStruct;
        /** A link object. */
        previous?: HrefStruct;
        /** A link object. */
        next?: HrefStruct;
        /** A link object. */
        last: HrefStruct;
        /** A list of access group templates. */
        group_templates: GroupTemplate[];
    }
    /**
     * Array of enterprise users to add to the template. All enterprise users that you add to the template must be invited
     * to the child accounts where the template is assigned.
     */
    interface Members {
        /** Array of enterprise users to add to the template. All enterprise users that you add to the template must be
         *  invited to the child accounts where the template is assigned.
         */
        users?: string[];
        /** Array of service IDs to add to the template. */
        services?: string[];
        /** Control whether or not access group administrators in child accounts can add and remove members from the
         *  enterprise-managed access group in their account.
         */
        action_controls?: MembersActionControls;
    }
    /**
     * Control whether or not access group administrators in child accounts can add and remove members from the
     * enterprise-managed access group in their account.
     */
    interface MembersActionControls {
        /** Action control for adding child account members to an enterprise-managed access group. If an access group
         *  administrator in a child account adds a member, they can always remove them. Note that if conflicts arise
         *  between an update to this control in a new version and members added by an administrator in the child account,
         *  you must resolve those conflicts in the child account. This prevents breaking access in the child account. For
         *  more information, see [Working with versions]
         *  (https://cloud.ibm.com/docs/secure-enterprise?topic=secure-enterprise-working-with-versions#new-version-scenarios).
         */
        add?: boolean;
        /** Action control for removing enterprise-managed members from an enterprise-managed access group. Note that if
         *  an enterprise member is removed from an enterprise-managed access group in a child account and you reassign the
         *  template, the membership is reinstated.
         */
        remove?: boolean;
    }
    /**
     * Policy Templates Input component.
     */
    interface PolicyTemplates {
        /** Policy template ID. */
        id?: string;
        /** Policy template version. */
        version?: string;
    }
    /**
     * Object containing details of a resource list with target account ID.
     */
    interface ResourceListWithTargetAccountID {
        /** The ID of the entity that the resource list applies to. */
        target?: string;
        /** Assignment Resource Access Group. */
        group?: AssignmentResourceAccessGroup;
        /** List of policy template references for the resource list. */
        policy_template_references?: AssignmentResourceEntry[];
    }
    /**
     * A dynamic rule of an access group.
     */
    interface Rule {
        /** The rule id. */
        id?: string;
        /** The name of the rule. */
        name?: string;
        /** Session duration in hours. Access group membership is revoked after this time period expires. Users must log
         *  back in to refresh their access group membership. Must be between 1 and 24.
         */
        expiration?: number;
        /** The URL of the identity provider. */
        realm_name?: string;
        /** The group id that the dynamic rule is assigned to. */
        access_group_id?: string;
        /** The account id that the group is in. */
        account_id?: string;
        /** A list of conditions that identities must satisfy to gain access group membership. */
        conditions?: RuleConditions[];
        /** The timestamp for when the rule was created. */
        created_at?: string;
        /** The `iam_id` of the entity that created the dynamic rule. */
        created_by_id?: string;
        /** The timestamp for when the dynamic rule was last edited. */
        last_modified_at?: string;
        /** The IAM id that last modified the rule. */
        last_modified_by_id?: string;
    }
    /**
     * Control whether or not access group administrators in child accounts can update and remove this dynamic rule in the
     * enterprise-managed access group in their account.This overrides outer level AssertionsActionControls.
     */
    interface RuleActionControls {
        /** Action control for removing this enterprise-managed dynamic rule. */
        remove?: boolean;
    }
    /**
     * The conditions of a dynamic rule.
     */
    interface RuleConditions {
        /** The claim to evaluate against. This will be found in the `ext` claims of a user's login request. */
        claim: string;
        /** The operation to perform on the claim. */
        operator: RuleConditions.Constants.Operator | string;
        /** The stringified JSON value that the claim is compared to using the operator. */
        value: string;
    }
    namespace RuleConditions {
        namespace Constants {
            /** The operation to perform on the claim. */
            enum Operator {
                EQUALS = "EQUALS",
                EQUALS_IGNORE_CASE = "EQUALS_IGNORE_CASE",
                IN = "IN",
                NOT_EQUALS_IGNORE_CASE = "NOT_EQUALS_IGNORE_CASE",
                NOT_EQUALS = "NOT_EQUALS",
                CONTAINS = "CONTAINS"
            }
        }
    }
    /**
     * A list of dynamic rules attached to the access group.
     */
    interface RulesList {
        /** A list of dynamic rules. */
        rules?: Rule[];
    }
    /**
     * Response object containing the details of a template assignment.
     */
    interface TemplateAssignmentResponse {
        /** The ID of the assignment. */
        id: string;
        /** The ID of the account that the assignment belongs to. */
        account_id: string;
        /** The ID of the template that the assignment is based on. */
        template_id: string;
        /** The version of the template that the assignment is based on. */
        template_version: string;
        /** The type of the entity that the assignment applies to. */
        target_type: TemplateAssignmentResponse.Constants.TargetType | string;
        /** The ID of the entity that the assignment applies to. */
        target: string;
        /** The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). */
        operation: TemplateAssignmentResponse.Constants.Operation | string;
        /** The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). */
        status: TemplateAssignmentResponse.Constants.Status | string;
        /** The URL of the assignment resource. */
        href: string;
        /** The date and time when the assignment was created. */
        created_at: string;
        /** The user or system that created the assignment. */
        created_by_id: string;
        /** The date and time when the assignment was last updated. */
        last_modified_at: string;
        /** The user or system that last updated the assignment. */
        last_modified_by_id: string;
    }
    namespace TemplateAssignmentResponse {
        namespace Constants {
            /** The type of the entity that the assignment applies to. */
            enum TargetType {
                ACCOUNT = "Account",
                ACCOUNTGROUP = "AccountGroup"
            }
            /** The operation that the assignment applies to (e.g. 'assign', 'update', 'remove'). */
            enum Operation {
                ASSIGN = "assign",
                UPDATE = "update",
                REMOVE = "remove"
            }
            /** The status of the assignment (e.g. 'accepted', 'in_progress', 'succeeded', 'failed', 'superseded'). */
            enum Status {
                ACCEPTED = "accepted",
                IN_PROGRESS = "in_progress",
                SUCCEEDED = "succeeded",
                FAILED = "failed",
                SUPERSEDED = "superseded"
            }
        }
    }
    /**
     * Response object containing the details of a template assignment.
     */
    interface TemplateAssignmentVerboseResponse {
        /** The ID of the assignment. */
        id: string;
        /** The ID of the account that the assignment belongs to. */
        account_id: string;
        /** The ID of the template that the assignment is based on. */
        template_id: string;
        /** The version of the template that the assignment is based on. */
        template_version: string;
        /** The type of the entity that the assignment applies to. */
        target_type: string;
        /** The ID of the entity that the assignment applies to. */
        target: string;
        /** The operation that the assignment applies to (e.g. 'create', 'update', 'delete'). */
        operation: string;
        /** The status of the assignment (e.g. 'pending', 'success', 'failure'). */
        status: string;
        /** List of resources for the assignment. */
        resources?: ResourceListWithTargetAccountID[];
        /** The URL of the assignment resource. */
        href: string;
        /** The date and time when the assignment was created. */
        created_at: string;
        /** The user or system that created the assignment. */
        created_by_id: string;
        /** The date and time when the assignment was last updated. */
        last_modified_at: string;
        /** The user or system that last updated the assignment. */
        last_modified_by_id: string;
    }
    /**
     * Response output for template.
     */
    interface TemplateResponse {
        /** The ID of the access group template. */
        id: string;
        /** The name of the access group template. */
        name: string;
        /** The description of the access group template. */
        description: string;
        /** The ID of the account to which the access group template is assigned. */
        account_id: string;
        /** The version of the access group template. */
        version: string;
        /** A boolean indicating whether the access group template is committed. You must commit a template before you
         *  can assign it to child accounts.
         */
        committed: boolean;
        /** Access Group Component. */
        group: AccessGroupResponse;
        /** References to policy templates assigned to the access group template. */
        policy_template_references: PolicyTemplates[];
        /** The URL of the access group template resource. */
        href: string;
        /** The date and time when the access group template was created. */
        created_at: string;
        /** The ID of the user who created the access group template. */
        created_by_id: string;
        /** The date and time when the access group template was last modified. */
        last_modified_at: string;
        /** The ID of the user who last modified the access group template. */
        last_modified_by_id: string;
    }
    /**
     * Response output for template.
     */
    interface TemplateVersionResponse {
        /** The ID of the access group template. */
        id: string;
        /** The name of the access group template. */
        name: string;
        /** The description of the access group template. */
        description: string;
        /** The ID of the account to which the access group template is assigned. */
        account_id: string;
        /** The version of the access group template. */
        version: string;
        /** A boolean indicating whether the access group template is committed. You must commit a template before you
         *  can assign it to child accounts.
         */
        committed: boolean;
        /** Access Group Component. */
        group: AccessGroupResponse;
        /** References to policy templates assigned to the access group template. */
        policy_template_references: PolicyTemplates[];
        /** The URL of the access group template resource. */
        href: string;
        /** The date and time when the access group template was created. */
        created_at: string;
        /** The ID of the user who created the access group template. */
        created_by_id: string;
        /** The date and time when the access group template was last modified. */
        last_modified_at: string;
        /** The ID of the user who last modified the access group template. */
        last_modified_by_id: string;
    }
    /*************************
     * pager classes
     ************************/
    /**
     * AccessGroupsPager can be used to simplify the use of listAccessGroups().
     */
    class AccessGroupsPager {
        protected _hasNext: boolean;
        protected pageContext: any;
        protected client: IamAccessGroupsV2;
        protected params: IamAccessGroupsV2.ListAccessGroupsParams;
        /**
         * Construct a AccessGroupsPager object.
         *
         * @param {IamAccessGroupsV2}  client - The service client instance used to invoke listAccessGroups()
         * @param {Object} params - The parameters to be passed to listAccessGroups()
         * @constructor
         * @returns {AccessGroupsPager}
         */
        constructor(client: IamAccessGroupsV2, params: IamAccessGroupsV2.ListAccessGroupsParams);
        /**
         * Returns true if there are potentially more results to be retrieved by invoking getNext().
         * @returns {boolean}
         */
        hasNext(): boolean;
        /**
         * Returns the next page of results by invoking listAccessGroups().
         * @returns {Promise<IamAccessGroupsV2.Group[]>}
         */
        getNext(): Promise<IamAccessGroupsV2.Group[]>;
        /**
         * Returns all results by invoking listAccessGroups() repeatedly until all pages of results have been retrieved.
         * @returns {Promise<IamAccessGroupsV2.Group[]>}
         */
        getAll(): Promise<IamAccessGroupsV2.Group[]>;
    }
    /**
     * AccessGroupMembersPager can be used to simplify the use of listAccessGroupMembers().
     */
    class AccessGroupMembersPager {
        protected _hasNext: boolean;
        protected pageContext: any;
        protected client: IamAccessGroupsV2;
        protected params: IamAccessGroupsV2.ListAccessGroupMembersParams;
        /**
         * Construct a AccessGroupMembersPager object.
         *
         * @param {IamAccessGroupsV2}  client - The service client instance used to invoke listAccessGroupMembers()
         * @param {Object} params - The parameters to be passed to listAccessGroupMembers()
         * @constructor
         * @returns {AccessGroupMembersPager}
         */
        constructor(client: IamAccessGroupsV2, params: IamAccessGroupsV2.ListAccessGroupMembersParams);
        /**
         * Returns true if there are potentially more results to be retrieved by invoking getNext().
         * @returns {boolean}
         */
        hasNext(): boolean;
        /**
         * Returns the next page of results by invoking listAccessGroupMembers().
         * @returns {Promise<IamAccessGroupsV2.ListGroupMembersResponseMember[]>}
         */
        getNext(): Promise<IamAccessGroupsV2.ListGroupMembersResponseMember[]>;
        /**
         * Returns all results by invoking listAccessGroupMembers() repeatedly until all pages of results have been retrieved.
         * @returns {Promise<IamAccessGroupsV2.ListGroupMembersResponseMember[]>}
         */
        getAll(): Promise<IamAccessGroupsV2.ListGroupMembersResponseMember[]>;
    }
    /**
     * TemplatesPager can be used to simplify the use of listTemplates().
     */
    class TemplatesPager {
        protected _hasNext: boolean;
        protected pageContext: any;
        protected client: IamAccessGroupsV2;
        protected params: IamAccessGroupsV2.ListTemplatesParams;
        /**
         * Construct a TemplatesPager object.
         *
         * @param {IamAccessGroupsV2}  client - The service client instance used to invoke listTemplates()
         * @param {Object} params - The parameters to be passed to listTemplates()
         * @constructor
         * @returns {TemplatesPager}
         */
        constructor(client: IamAccessGroupsV2, params: IamAccessGroupsV2.ListTemplatesParams);
        /**
         * Returns true if there are potentially more results to be retrieved by invoking getNext().
         * @returns {boolean}
         */
        hasNext(): boolean;
        /**
         * Returns the next page of results by invoking listTemplates().
         * @returns {Promise<IamAccessGroupsV2.GroupTemplate[]>}
         */
        getNext(): Promise<IamAccessGroupsV2.GroupTemplate[]>;
        /**
         * Returns all results by invoking listTemplates() repeatedly until all pages of results have been retrieved.
         * @returns {Promise<IamAccessGroupsV2.GroupTemplate[]>}
         */
        getAll(): Promise<IamAccessGroupsV2.GroupTemplate[]>;
    }
    /**
     * TemplateVersionsPager can be used to simplify the use of listTemplateVersions().
     */
    class TemplateVersionsPager {
        protected _hasNext: boolean;
        protected pageContext: any;
        protected client: IamAccessGroupsV2;
        protected params: IamAccessGroupsV2.ListTemplateVersionsParams;
        /**
         * Construct a TemplateVersionsPager object.
         *
         * @param {IamAccessGroupsV2}  client - The service client instance used to invoke listTemplateVersions()
         * @param {Object} params - The parameters to be passed to listTemplateVersions()
         * @constructor
         * @returns {TemplateVersionsPager}
         */
        constructor(client: IamAccessGroupsV2, params: IamAccessGroupsV2.ListTemplateVersionsParams);
        /**
         * Returns true if there are potentially more results to be retrieved by invoking getNext().
         * @returns {boolean}
         */
        hasNext(): boolean;
        /**
         * Returns the next page of results by invoking listTemplateVersions().
         * @returns {Promise<IamAccessGroupsV2.ListTemplateVersionResponse[]>}
         */
        getNext(): Promise<IamAccessGroupsV2.ListTemplateVersionResponse[]>;
        /**
         * Returns all results by invoking listTemplateVersions() repeatedly until all pages of results have been retrieved.
         * @returns {Promise<IamAccessGroupsV2.ListTemplateVersionResponse[]>}
         */
        getAll(): Promise<IamAccessGroupsV2.ListTemplateVersionResponse[]>;
    }
}
export = IamAccessGroupsV2;
