naftiko: 1.0.0-alpha2 info: label: IBM Cloud IAM API description: The IBM Cloud Identity and Access Management (IAM) API enables you to manage IAM access tokens, API keys, service IDs, trusted profiles, and access policies. Use this API to authenticate identities, authorize access to IBM Cloud resources, and manage the full lifecycle of identity and policy objects within your IBM Cloud account. tags: - Ibm - API created: '2026-05-06' modified: '2026-05-06' capability: consumes: - type: http namespace: ibm baseUri: https://iam.cloud.ibm.com description: IBM Cloud IAM API HTTP API. authentication: type: bearer token: '{{IBM_TOKEN}}' resources: - name: identity-token path: /identity/token operations: - name: createaccesstoken method: POST description: Create an IAM access token outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-apikeys path: /v1/apikeys operations: - name: listapikeys method: GET description: List API keys inputParameters: - name: account_id in: query type: string description: The account ID of the API keys to query. - name: iam_id in: query type: string description: The IAM ID associated with the API keys. - name: pagesize in: query type: integer description: Number of results per page. - name: pagetoken in: query type: string description: Page token from a previous request for pagination. - name: scope in: query type: string description: Scope of the query, either account or iam_id. - name: type in: query type: string description: Filter by API key type. - name: sort in: query type: string description: Field to sort by. - name: order in: query type: string description: Sort order. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createapikey method: POST description: Create an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-apikeys-details path: /v1/apikeys/details operations: - name: getapikeysdetails method: GET description: Get API key details by value inputParameters: - name: IAM-ApiKey in: header type: string description: The API key value to look up. - name: include_history in: query type: boolean description: Include activity history of the API key. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-apikeys-id path: /v1/apikeys/{id} operations: - name: getapikey method: GET description: Get an API key inputParameters: - name: include_history in: query type: boolean description: Include the history of the API key. - name: include_activity in: query type: boolean description: Include the activity of the API key. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateapikey method: PUT description: Update an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteapikey method: DELETE description: Delete an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-apikeys-id-lock path: /v1/apikeys/{id}/lock operations: - name: lockapikey method: POST description: Lock an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: unlockapikey method: DELETE description: Unlock an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-apikeys-id-disable path: /v1/apikeys/{id}/disable operations: - name: disableapikey method: POST description: Disable an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: enableapikey method: DELETE description: Enable an API key outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-serviceids path: /v1/serviceids/ operations: - name: listserviceids method: GET description: List service IDs inputParameters: - name: account_id in: query type: string description: The account ID of the service IDs to query. - name: name in: query type: string description: Filter service IDs by name. - name: pagesize in: query type: integer description: Number of results per page. - name: pagetoken in: query type: string description: Page token from a previous request for pagination. - name: sort in: query type: string description: Field to sort results by. - name: order in: query type: string description: Sort order. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createserviceid method: POST description: Create a service ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-serviceids-id path: /v1/serviceids/{id} operations: - name: getserviceid method: GET description: Get a service ID inputParameters: - name: include_history in: query type: boolean description: Include the history of the service ID. - name: include_activity in: query type: boolean description: Include the activity of the service ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateserviceid method: PUT description: Update a service ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteserviceid method: DELETE description: Delete a service ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-serviceids-id-lock path: /v1/serviceids/{id}/lock operations: - name: lockserviceid method: POST description: Lock a service ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: unlockserviceid method: DELETE description: Unlock a service ID outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-profiles path: /v1/profiles operations: - name: listprofiles method: GET description: List trusted profiles inputParameters: - name: account_id in: query type: string required: true description: The account ID to list trusted profiles for. - name: name in: query type: string description: Filter profiles by name. - name: pagesize in: query type: integer description: Number of results per page. - name: pagetoken in: query type: string description: Page token from a previous request. - name: sort in: query type: string description: Field to sort by. - name: order in: query type: string description: Sort order. - name: include_history in: query type: boolean description: Include the history of the profiles. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createprofile method: POST description: Create a trusted profile outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-profiles-profile-id path: /v1/profiles/{profile-id} operations: - name: getprofile method: GET description: Get a trusted profile inputParameters: - name: include_activity in: query type: boolean description: Include the activity of the profile. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateprofile method: PUT description: Update a trusted profile outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteprofile method: DELETE description: Delete a trusted profile outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-profiles-profile-id-rules path: /v1/profiles/{profile-id}/rules operations: - name: listclaimrules method: GET description: List claim rules for a trusted profile outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createclaimrule method: POST description: Create a claim rule outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-profiles-profile-id-rules-rule-id path: /v1/profiles/{profile-id}/rules/{rule-id} operations: - name: getclaimrule method: GET description: Get a claim rule outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updateclaimrule method: PUT description: Update a claim rule outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleteclaimrule method: DELETE description: Delete a claim rule outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-policies path: /v1/policies operations: - name: listpolicies method: GET description: List access policies inputParameters: - name: account_id in: query type: string required: true description: The account ID to list policies for. - name: iam_id in: query type: string description: Filter by the IAM ID of the subject. - name: access_group_id in: query type: string description: Filter by access group ID. - name: type in: query type: string description: Filter by policy type. - name: service_type in: query type: string description: Filter by service type. - name: state in: query type: string description: Filter by policy state. - name: limit in: query type: integer description: Maximum number of policies to return. - name: start in: query type: string description: Pagination start token. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createpolicy method: POST description: Create an access policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v1-policies-policy-id path: /v1/policies/{policy_id} operations: - name: getpolicy method: GET description: Get an access policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: replacepolicy method: PUT description: Replace an access policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deletepolicy method: DELETE description: Delete an access policy outputRawFormat: json outputParameters: - name: result type: object value: $. - name: updatepolicystate method: PATCH description: Update policy state outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v2-roles path: /v2/roles operations: - name: listroles method: GET description: List IAM roles inputParameters: - name: account_id in: query type: string description: The account ID to list custom roles for. - name: service_name in: query type: string description: Filter roles by the service they apply to. - name: source_service_name in: query type: string description: Filter by the source service name for authorization policies. - name: policy_type in: query type: string description: Filter by policy type. - name: service_group_id in: query type: string description: Filter by the service group ID. outputRawFormat: json outputParameters: - name: result type: object value: $. - name: createrole method: POST description: Create a custom role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: v2-roles-role-id path: /v2/roles/{role_id} operations: - name: getrole method: GET description: Get a role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: replacerole method: PUT description: Replace a custom role outputRawFormat: json outputParameters: - name: result type: object value: $. - name: deleterole method: DELETE description: Delete a custom role outputRawFormat: json outputParameters: - name: result type: object value: $. exposes: - type: rest port: 8080 namespace: ibm-rest description: REST adapter for IBM Cloud IAM API. resources: - path: /identity/token name: createaccesstoken operations: - method: POST name: createaccesstoken description: Create an IAM access token call: ibm.createaccesstoken outputParameters: - type: object mapping: $. - path: /v1/apikeys name: listapikeys operations: - method: GET name: listapikeys description: List API keys call: ibm.listapikeys outputParameters: - type: object mapping: $. - path: /v1/apikeys name: createapikey operations: - method: POST name: createapikey description: Create an API key call: ibm.createapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/details name: getapikeysdetails operations: - method: GET name: getapikeysdetails description: Get API key details by value call: ibm.getapikeysdetails outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id} name: getapikey operations: - method: GET name: getapikey description: Get an API key call: ibm.getapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id} name: updateapikey operations: - method: PUT name: updateapikey description: Update an API key call: ibm.updateapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id} name: deleteapikey operations: - method: DELETE name: deleteapikey description: Delete an API key call: ibm.deleteapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id}/lock name: lockapikey operations: - method: POST name: lockapikey description: Lock an API key call: ibm.lockapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id}/lock name: unlockapikey operations: - method: DELETE name: unlockapikey description: Unlock an API key call: ibm.unlockapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id}/disable name: disableapikey operations: - method: POST name: disableapikey description: Disable an API key call: ibm.disableapikey outputParameters: - type: object mapping: $. - path: /v1/apikeys/{id}/disable name: enableapikey operations: - method: DELETE name: enableapikey description: Enable an API key call: ibm.enableapikey outputParameters: - type: object mapping: $. - path: /v1/serviceids/ name: listserviceids operations: - method: GET name: listserviceids description: List service IDs call: ibm.listserviceids outputParameters: - type: object mapping: $. - path: /v1/serviceids/ name: createserviceid operations: - method: POST name: createserviceid description: Create a service ID call: ibm.createserviceid outputParameters: - type: object mapping: $. - path: /v1/serviceids/{id} name: getserviceid operations: - method: GET name: getserviceid description: Get a service ID call: ibm.getserviceid outputParameters: - type: object mapping: $. - path: /v1/serviceids/{id} name: updateserviceid operations: - method: PUT name: updateserviceid description: Update a service ID call: ibm.updateserviceid outputParameters: - type: object mapping: $. - path: /v1/serviceids/{id} name: deleteserviceid operations: - method: DELETE name: deleteserviceid description: Delete a service ID call: ibm.deleteserviceid outputParameters: - type: object mapping: $. - path: /v1/serviceids/{id}/lock name: lockserviceid operations: - method: POST name: lockserviceid description: Lock a service ID call: ibm.lockserviceid outputParameters: - type: object mapping: $. - path: /v1/serviceids/{id}/lock name: unlockserviceid operations: - method: DELETE name: unlockserviceid description: Unlock a service ID call: ibm.unlockserviceid outputParameters: - type: object mapping: $. - path: /v1/profiles name: listprofiles operations: - method: GET name: listprofiles description: List trusted profiles call: ibm.listprofiles outputParameters: - type: object mapping: $. - path: /v1/profiles name: createprofile operations: - method: POST name: createprofile description: Create a trusted profile call: ibm.createprofile outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id} name: getprofile operations: - method: GET name: getprofile description: Get a trusted profile call: ibm.getprofile outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id} name: updateprofile operations: - method: PUT name: updateprofile description: Update a trusted profile call: ibm.updateprofile outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id} name: deleteprofile operations: - method: DELETE name: deleteprofile description: Delete a trusted profile call: ibm.deleteprofile outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id}/rules name: listclaimrules operations: - method: GET name: listclaimrules description: List claim rules for a trusted profile call: ibm.listclaimrules outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id}/rules name: createclaimrule operations: - method: POST name: createclaimrule description: Create a claim rule call: ibm.createclaimrule outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id}/rules/{rule-id} name: getclaimrule operations: - method: GET name: getclaimrule description: Get a claim rule call: ibm.getclaimrule outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id}/rules/{rule-id} name: updateclaimrule operations: - method: PUT name: updateclaimrule description: Update a claim rule call: ibm.updateclaimrule outputParameters: - type: object mapping: $. - path: /v1/profiles/{profile-id}/rules/{rule-id} name: deleteclaimrule operations: - method: DELETE name: deleteclaimrule description: Delete a claim rule call: ibm.deleteclaimrule outputParameters: - type: object mapping: $. - path: /v1/policies name: listpolicies operations: - method: GET name: listpolicies description: List access policies call: ibm.listpolicies outputParameters: - type: object mapping: $. - path: /v1/policies name: createpolicy operations: - method: POST name: createpolicy description: Create an access policy call: ibm.createpolicy outputParameters: - type: object mapping: $. - path: /v1/policies/{policy_id} name: getpolicy operations: - method: GET name: getpolicy description: Get an access policy call: ibm.getpolicy outputParameters: - type: object mapping: $. - path: /v1/policies/{policy_id} name: replacepolicy operations: - method: PUT name: replacepolicy description: Replace an access policy call: ibm.replacepolicy outputParameters: - type: object mapping: $. - path: /v1/policies/{policy_id} name: deletepolicy operations: - method: DELETE name: deletepolicy description: Delete an access policy call: ibm.deletepolicy outputParameters: - type: object mapping: $. - path: /v1/policies/{policy_id} name: updatepolicystate operations: - method: PATCH name: updatepolicystate description: Update policy state call: ibm.updatepolicystate outputParameters: - type: object mapping: $. - path: /v2/roles name: listroles operations: - method: GET name: listroles description: List IAM roles call: ibm.listroles outputParameters: - type: object mapping: $. - path: /v2/roles name: createrole operations: - method: POST name: createrole description: Create a custom role call: ibm.createrole outputParameters: - type: object mapping: $. - path: /v2/roles/{role_id} name: getrole operations: - method: GET name: getrole description: Get a role call: ibm.getrole outputParameters: - type: object mapping: $. - path: /v2/roles/{role_id} name: replacerole operations: - method: PUT name: replacerole description: Replace a custom role call: ibm.replacerole outputParameters: - type: object mapping: $. - path: /v2/roles/{role_id} name: deleterole operations: - method: DELETE name: deleterole description: Delete a custom role call: ibm.deleterole outputParameters: - type: object mapping: $. - type: mcp port: 9090 namespace: ibm-mcp transport: http description: MCP adapter for IBM Cloud IAM API for AI agent use. tools: - name: createaccesstoken description: Create an IAM access token hints: readOnly: false destructive: false idempotent: false call: ibm.createaccesstoken outputParameters: - type: object mapping: $. - name: listapikeys description: List API keys hints: readOnly: true destructive: false idempotent: true call: ibm.listapikeys with: account_id: tools.account_id iam_id: tools.iam_id pagesize: tools.pagesize pagetoken: tools.pagetoken scope: tools.scope type: tools.type sort: tools.sort order: tools.order inputParameters: - name: account_id type: string description: The account ID of the API keys to query. - name: iam_id type: string description: The IAM ID associated with the API keys. - name: pagesize type: integer description: Number of results per page. - name: pagetoken type: string description: Page token from a previous request for pagination. - name: scope type: string description: Scope of the query, either account or iam_id. - name: type type: string description: Filter by API key type. - name: sort type: string description: Field to sort by. - name: order type: string description: Sort order. outputParameters: - type: object mapping: $. - name: createapikey description: Create an API key hints: readOnly: false destructive: false idempotent: false call: ibm.createapikey outputParameters: - type: object mapping: $. - name: getapikeysdetails description: Get API key details by value hints: readOnly: true destructive: false idempotent: true call: ibm.getapikeysdetails with: include_history: tools.include_history inputParameters: - name: include_history type: boolean description: Include activity history of the API key. outputParameters: - type: object mapping: $. - name: getapikey description: Get an API key hints: readOnly: true destructive: false idempotent: true call: ibm.getapikey with: include_history: tools.include_history include_activity: tools.include_activity inputParameters: - name: include_history type: boolean description: Include the history of the API key. - name: include_activity type: boolean description: Include the activity of the API key. outputParameters: - type: object mapping: $. - name: updateapikey description: Update an API key hints: readOnly: false destructive: false idempotent: true call: ibm.updateapikey outputParameters: - type: object mapping: $. - name: deleteapikey description: Delete an API key hints: readOnly: false destructive: true idempotent: true call: ibm.deleteapikey outputParameters: - type: object mapping: $. - name: lockapikey description: Lock an API key hints: readOnly: false destructive: false idempotent: false call: ibm.lockapikey outputParameters: - type: object mapping: $. - name: unlockapikey description: Unlock an API key hints: readOnly: false destructive: true idempotent: true call: ibm.unlockapikey outputParameters: - type: object mapping: $. - name: disableapikey description: Disable an API key hints: readOnly: false destructive: false idempotent: false call: ibm.disableapikey outputParameters: - type: object mapping: $. - name: enableapikey description: Enable an API key hints: readOnly: false destructive: true idempotent: true call: ibm.enableapikey outputParameters: - type: object mapping: $. - name: listserviceids description: List service IDs hints: readOnly: true destructive: false idempotent: true call: ibm.listserviceids with: account_id: tools.account_id name: tools.name pagesize: tools.pagesize pagetoken: tools.pagetoken sort: tools.sort order: tools.order inputParameters: - name: account_id type: string description: The account ID of the service IDs to query. - name: name type: string description: Filter service IDs by name. - name: pagesize type: integer description: Number of results per page. - name: pagetoken type: string description: Page token from a previous request for pagination. - name: sort type: string description: Field to sort results by. - name: order type: string description: Sort order. outputParameters: - type: object mapping: $. - name: createserviceid description: Create a service ID hints: readOnly: false destructive: false idempotent: false call: ibm.createserviceid outputParameters: - type: object mapping: $. - name: getserviceid description: Get a service ID hints: readOnly: true destructive: false idempotent: true call: ibm.getserviceid with: include_history: tools.include_history include_activity: tools.include_activity inputParameters: - name: include_history type: boolean description: Include the history of the service ID. - name: include_activity type: boolean description: Include the activity of the service ID. outputParameters: - type: object mapping: $. - name: updateserviceid description: Update a service ID hints: readOnly: false destructive: false idempotent: true call: ibm.updateserviceid outputParameters: - type: object mapping: $. - name: deleteserviceid description: Delete a service ID hints: readOnly: false destructive: true idempotent: true call: ibm.deleteserviceid outputParameters: - type: object mapping: $. - name: lockserviceid description: Lock a service ID hints: readOnly: false destructive: false idempotent: false call: ibm.lockserviceid outputParameters: - type: object mapping: $. - name: unlockserviceid description: Unlock a service ID hints: readOnly: false destructive: true idempotent: true call: ibm.unlockserviceid outputParameters: - type: object mapping: $. - name: listprofiles description: List trusted profiles hints: readOnly: true destructive: false idempotent: true call: ibm.listprofiles with: account_id: tools.account_id name: tools.name pagesize: tools.pagesize pagetoken: tools.pagetoken sort: tools.sort order: tools.order include_history: tools.include_history inputParameters: - name: account_id type: string description: The account ID to list trusted profiles for. required: true - name: name type: string description: Filter profiles by name. - name: pagesize type: integer description: Number of results per page. - name: pagetoken type: string description: Page token from a previous request. - name: sort type: string description: Field to sort by. - name: order type: string description: Sort order. - name: include_history type: boolean description: Include the history of the profiles. outputParameters: - type: object mapping: $. - name: createprofile description: Create a trusted profile hints: readOnly: false destructive: false idempotent: false call: ibm.createprofile outputParameters: - type: object mapping: $. - name: getprofile description: Get a trusted profile hints: readOnly: true destructive: false idempotent: true call: ibm.getprofile with: include_activity: tools.include_activity inputParameters: - name: include_activity type: boolean description: Include the activity of the profile. outputParameters: - type: object mapping: $. - name: updateprofile description: Update a trusted profile hints: readOnly: false destructive: false idempotent: true call: ibm.updateprofile outputParameters: - type: object mapping: $. - name: deleteprofile description: Delete a trusted profile hints: readOnly: false destructive: true idempotent: true call: ibm.deleteprofile outputParameters: - type: object mapping: $. - name: listclaimrules description: List claim rules for a trusted profile hints: readOnly: true destructive: false idempotent: true call: ibm.listclaimrules outputParameters: - type: object mapping: $. - name: createclaimrule description: Create a claim rule hints: readOnly: false destructive: false idempotent: false call: ibm.createclaimrule outputParameters: - type: object mapping: $. - name: getclaimrule description: Get a claim rule hints: readOnly: true destructive: false idempotent: true call: ibm.getclaimrule outputParameters: - type: object mapping: $. - name: updateclaimrule description: Update a claim rule hints: readOnly: false destructive: false idempotent: true call: ibm.updateclaimrule outputParameters: - type: object mapping: $. - name: deleteclaimrule description: Delete a claim rule hints: readOnly: false destructive: true idempotent: true call: ibm.deleteclaimrule outputParameters: - type: object mapping: $. - name: listpolicies description: List access policies hints: readOnly: true destructive: false idempotent: true call: ibm.listpolicies with: account_id: tools.account_id iam_id: tools.iam_id access_group_id: tools.access_group_id type: tools.type service_type: tools.service_type state: tools.state limit: tools.limit start: tools.start inputParameters: - name: account_id type: string description: The account ID to list policies for. required: true - name: iam_id type: string description: Filter by the IAM ID of the subject. - name: access_group_id type: string description: Filter by access group ID. - name: type type: string description: Filter by policy type. - name: service_type type: string description: Filter by service type. - name: state type: string description: Filter by policy state. - name: limit type: integer description: Maximum number of policies to return. - name: start type: string description: Pagination start token. outputParameters: - type: object mapping: $. - name: createpolicy description: Create an access policy hints: readOnly: false destructive: false idempotent: false call: ibm.createpolicy outputParameters: - type: object mapping: $. - name: getpolicy description: Get an access policy hints: readOnly: true destructive: false idempotent: true call: ibm.getpolicy outputParameters: - type: object mapping: $. - name: replacepolicy description: Replace an access policy hints: readOnly: false destructive: false idempotent: true call: ibm.replacepolicy outputParameters: - type: object mapping: $. - name: deletepolicy description: Delete an access policy hints: readOnly: false destructive: true idempotent: true call: ibm.deletepolicy outputParameters: - type: object mapping: $. - name: updatepolicystate description: Update policy state hints: readOnly: false destructive: false idempotent: false call: ibm.updatepolicystate outputParameters: - type: object mapping: $. - name: listroles description: List IAM roles hints: readOnly: true destructive: false idempotent: true call: ibm.listroles with: account_id: tools.account_id service_name: tools.service_name source_service_name: tools.source_service_name policy_type: tools.policy_type service_group_id: tools.service_group_id inputParameters: - name: account_id type: string description: The account ID to list custom roles for. - name: service_name type: string description: Filter roles by the service they apply to. - name: source_service_name type: string description: Filter by the source service name for authorization policies. - name: policy_type type: string description: Filter by policy type. - name: service_group_id type: string description: Filter by the service group ID. outputParameters: - type: object mapping: $. - name: createrole description: Create a custom role hints: readOnly: false destructive: false idempotent: false call: ibm.createrole outputParameters: - type: object mapping: $. - name: getrole description: Get a role hints: readOnly: true destructive: false idempotent: true call: ibm.getrole outputParameters: - type: object mapping: $. - name: replacerole description: Replace a custom role hints: readOnly: false destructive: false idempotent: true call: ibm.replacerole outputParameters: - type: object mapping: $. - name: deleterole description: Delete a custom role hints: readOnly: false destructive: true idempotent: true call: ibm.deleterole outputParameters: - type: object mapping: $. binds: - namespace: env keys: IBM_TOKEN: IBM_TOKEN