Updating a Mapping

Function

This API is provided for the administrator to update a mapping.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

URI

PATCH /v3/OS-FEDERATION/mappings/{id}

**Table 1** URI parameters
Parameter	Mandatory	Type	Description
id	Yes	String	ID of the mapping to be updated.

Request Parameters

**Table 2** Parameters in the request header
Parameter	Mandatory	Type	Description
Content-Type	Yes	String	Fill application/json;charset=utf8 in this field.
X-Auth-Token	Yes	String	Access token issued to a user to bear its identity and permissions. For details about the permissions required by the token, see Actions.

**Table 3** Parameters in the request body
Parameter	Mandatory	Type	Description
mapping	Yes	Object	Mapping information.

**Table 4** mapping
Parameter	Mandatory	Type	Description
rules	Yes	Array of objects	Rule used to map federated users to local users.

**Table 5** mapping.rules
Parameter	Mandatory	Type	Description
local	Yes	Array of RulesLocal objects	Federated user information on the cloud platform. user indicates the name of a federated user on the cloud platform. group indicates the group to which a federated user belongs on the cloud platform.
remote	Yes	Array of objects	Federated user information in the IdP system. If SAML is used, this field is an expression consisting of assertion attributes and operators, and the value of this field is determined by the assertion. If OIDC protocol is used, the value of this field is determined by the ID token.

**Table 6** mappings.rules.local
Parameter	Mandatory	Type	Description
user	No	user object	Name of a federated user on the cloud platform.
group	No	group object	User group to which a federated user belongs on the cloud platform.
groups	No	String	User groups to which a federated user belongs on the cloud platform.

**Table 7** mappings.rules.local.user
Parameter	Mandatory	Type	Description
name	Yes	string	Name of a federated user on the cloud platform.

**Table 8** mappings.rules.local.group
Parameter	Mandatory	Type	Description
name	Yes	string	User group to which a federated user belongs on the cloud platform.

**Table 9** mapping.rules.remote
Parameter	Mandatory	Type	Description
type	Yes	String	IdP assertion.
any_one_of	No	Array of strings	The rule is matched only if the specified strings appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.
not_any_of	No	Array of strings	The rule is matched only if the specified strings do not appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.

Response Parameters

**Table 10** Parameters in the response body
Parameter	Type	Description
mapping	Object	Mapping information.

**Table 11** mapping
Parameter	Type	Description
id	String	Mapping ID.
links	Object	Mapping resource link information.
rules	Array of objects	Rule used to map federated users to local users.

**Table 12** mapping.links
Parameter	Type	Description
self	String	Resource link.

**Table 13** mappings.rules
Parameter	Type	Description
local	Array of objects	Federated user information on the cloud platform. user indicates the name of a federated user, and group indicates the group to which the federated user belongs.
remote	Array of objects	Federated user information in the IdP system. If SAML is used, this field is an expression consisting of assertion attributes and operators, and the value of this field is determined by the assertion. If OIDC protocol is used, the value of this field is determined by the ID token.

**Table 14** mappings.rules.local
Parameter	Type	Description
user	user object	Name of a federated user on the cloud platform.
group	group object	User group to which a federated user belongs on the cloud platform.
groups	String	User groups to which a federated user belongs on the cloud platform.

**Table 15** mappings.rules.local.user
Parameter	Type	Description
name	string	Name of a federated user on the cloud platform.

**Table 16** mappings.rules.local.group
Parameter	Type	Description
name	string	User group to which a federated user belongs on the cloud platform.

**Table 17** mapping.rules.remote
Parameter	Type	Description
type	String	IdP assertion (SAML) or ID token (OIDC)
any_one_of	Array of strings	The rule is matched only if the specified strings appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. In a remote array, any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.
not_any_of	Array of strings	The rule is matched only if the specified strings do not appear in the attribute type. The condition result is Boolean rather than the argument that is passed as input. any_one_of and not_any_of are mutually exclusive and cannot be set at the same time.

Example Request

Request for updating a mapping

PATCH https://iam.myhuaweicloud.com/v3/OS-FEDERATION/mappings/{id}

{
    "mapping": {
        "rules": [
            {
                "local": [
                    {
                        "user": {
                            "name": "LocalUser"
                        }
                    },
                    {
                        "group": {
                            "name": "LocalGroup"
                        }
                    }
                ],
                "remote": [
                    {
                        "type": "UserName"
                    },
                    {
                        "type": "orgPersonType",
                        "not_any_of": [
                            "Contractor",
                            "Guest"
                        ]
                    }
                ]
            }
        ]
    }
}

Example Response

Status code: 200

The request is successful.

{
    "mapping": {
        "rules": [
            {
                "local": [
                    {
                        "user": {
                            "name": "LocalUser"
                        }
                    },
                    {
                        "group": {
                            "name": "LocalGroup"
                        }
                    }
                ],
                "remote": [
                    {
                        "type": "UserName"
                    },
                    {
                        "type": "orgPersonType",
                        "not_any_of": [
                            "Contractor",
                            "Guest"
                        ]
                    }
                ]
            }
        ],
        "id": "ACME",
        "links": {
            "self": "https://iam.myhuaweicloud.com/v3/OS-FEDERATION/mappings/ACME"
        }
    }
}

Status Codes

Status Code	Description
200	The request is successful.
400	Invalid parameters.
401	Authentication failed.
403	Access denied.
404	The requested resource cannot be found.
405	The method specified in the request is not allowed for the requested resource.
409	A resource conflict occurs.
413	The request entity is too large.
500	Internal server error.
503	Service unavailable.