naftiko: 1.0.0-alpha2 info: label: IBM Cloud IAM API — Roles description: 'IBM Cloud IAM API — Roles. 5 operations. Lead operation: List IAM roles. Self-contained Naftiko capability covering one Ibm business surface.' tags: - Ibm - Roles created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: IBM_API_KEY: IBM_API_KEY capability: consumes: - type: http namespace: cloud-iam-roles baseUri: https://iam.cloud.ibm.com description: IBM Cloud IAM API — Roles business capability. Self-contained, no shared references. resources: - name: v2-roles path: /v2/roles operations: - name: listroles method: GET description: List IAM roles outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: account_id in: query type: string description: The account ID to list custom roles for. - name: service_name in: query type: string description: Filter roles by the service they apply to. - name: source_service_name in: query type: string description: Filter by the source service name for authorization policies. - name: policy_type in: query type: string description: Filter by policy type. - name: service_group_id in: query type: string description: Filter by the service group ID. - name: createrole method: POST description: Create a custom role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: v2-roles-role_id path: /v2/roles/{role_id} operations: - name: getrole method: GET description: Get a role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: replacerole method: PUT description: Replace a custom role outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: body in: body type: object description: Request body (JSON). required: true - name: deleterole method: DELETE description: Delete a custom role outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: bearer token: '{{env.IBM_API_KEY}}' exposes: - type: rest namespace: cloud-iam-roles-rest port: 8080 description: REST adapter for IBM Cloud IAM API — Roles. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/v2/roles name: v2-roles description: REST surface for v2-roles. operations: - method: GET name: listroles description: List IAM roles call: cloud-iam-roles.listroles with: account_id: rest.account_id service_name: rest.service_name source_service_name: rest.source_service_name policy_type: rest.policy_type service_group_id: rest.service_group_id outputParameters: - type: object mapping: $. - method: POST name: createrole description: Create a custom role call: cloud-iam-roles.createrole with: body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/roles/{role-id} name: v2-roles-role-id description: REST surface for v2-roles-role_id. operations: - method: GET name: getrole description: Get a role call: cloud-iam-roles.getrole outputParameters: - type: object mapping: $. - method: PUT name: replacerole description: Replace a custom role call: cloud-iam-roles.replacerole with: body: rest.body outputParameters: - type: object mapping: $. - method: DELETE name: deleterole description: Delete a custom role call: cloud-iam-roles.deleterole outputParameters: - type: object mapping: $. - type: mcp namespace: cloud-iam-roles-mcp port: 9090 transport: http description: MCP adapter for IBM Cloud IAM API — Roles. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: list-iam-roles description: List IAM roles hints: readOnly: true destructive: false idempotent: true call: cloud-iam-roles.listroles with: account_id: tools.account_id service_name: tools.service_name source_service_name: tools.source_service_name policy_type: tools.policy_type service_group_id: tools.service_group_id outputParameters: - type: object mapping: $. - name: create-custom-role description: Create a custom role hints: readOnly: false destructive: false idempotent: false call: cloud-iam-roles.createrole with: body: tools.body outputParameters: - type: object mapping: $. - name: get-role description: Get a role hints: readOnly: true destructive: false idempotent: true call: cloud-iam-roles.getrole outputParameters: - type: object mapping: $. - name: replace-custom-role description: Replace a custom role hints: readOnly: false destructive: false idempotent: true call: cloud-iam-roles.replacerole with: body: tools.body outputParameters: - type: object mapping: $. - name: delete-custom-role description: Delete a custom role hints: readOnly: false destructive: true idempotent: true call: cloud-iam-roles.deleterole outputParameters: - type: object mapping: $.