Skip to main contentlogoCreated with Sketch.
  • Start for free

    • Introduction

    Last updated: 2021-04-13

    You can manage your tags in IBM Cloud by using the Global Tagging API. With this API, you can create, delete, search, attach, or detach tags.

    Tags are uniquely identified by a Cloud Resource Naming (CRN) identifier. Tags have a name, which must be unique within a billing account. You can make tags in key:value or label format.

    Types of tags

    The Tagging API supports three types of tag: service, user, and access.

    • Service tags are intended for services that want to attach a tag to a resource in an exclusive way: nobody else can go and detach it. A service tag is a privileged construct that only authorized services can manage. So, a regular user is not authorized to attach and detach service tags on a resource even if they have access to manage tags on the resource itself.

      Service tags are supported only for resources that are onboarded to Global Search and Tagging, which means you cannot attach a service tag to an IMS resource.

    • User tags are added by an authorized user in the account. Any user with the correct access role in an account can list and can delete both service and user tags in the account as long as they are not attached to any resource. Users can delete service tags because the operation is non-disruptive in that the tags aren't attached to any resource.

      The Tagging API supports multiple services assigning a tag prefix at service registration time to avoid conflicts. So, a service tag name always has the form service_prefix:tag_label.

    • Access management tags are used to manage access to resources, and they can be created in advance for use in access policies, which control access to resources where those tags will be attached. Only the account administrator can create access management tags, and they can delete them only when the tags aren't attached to any resources in the account. Only the resource administrator can attach and detach access management tags on the resource itself.

      The name of an access management tag must be in the form of a key:value pair, where value cannot contain the : character.
      Access management tags are supported only for IAM-managed resources, which means you cannot use them to manage access to IMS and Cloud Foundry resources.

    Filtering tags

    Global Search and Tagging stores the different type of tags attached to a resource within a different attribute of the resource document:

    • Service tags are stored within service_tags attribute.
    • User tags are stored within the tags attribute.
    • Access management tags are stored whithin the access_tags attribute.

    So, you can add filters to those attributes when searching for resources.

    For example, the following filter matches all resources tagged with the your_service:your_tag service tag. 

    service_tags: "your_service:your_tag"

    The following filter matches all resources that are tagged with any service tag starting with your_service:. 

    service_tags: "your_service:*"

    The following filter matches all resources that are tagged with the my_tag user tag. 

    tags: "my_tag"

    Finally, the following filter matches all resources that are tagged with the env:public access management tag.

    access_tags: "env:public"

    curl -X POST "https://tags.global-search-tagging.cloud.ibm.com/v3/tags/attach" --header "accept: application/json" --header "content-type: application/json" --header "Authorization: {IAM token}" -d '{"tag_names": ["{tagName}"], "resources": [ { "resource_id": "{resourceCRN" } ] }'

    Replace {IAM token}, {tagName} and {resourceCRN} in this example with the values for your particular API call.

    The code examples on this tab use the client library that is provided for Java.

    Maven

    <dependency>
    <groupId>com.ibm.cloud</groupId>
    <artifactId>platform-services</artifactId>
    <version>0.0.1</version>
</dependency>

    Gradle

    'com.ibm.cloud:platform-services:0.0.1'

    GitHub

    https://github.ibm.com/ibmcloud/platform-services-java-sdk

    The code examples on this tab use the client library that is provided for Node.js.

    Installation

    npm install --save ibm-cloud

    GitHub

    https://github.ibm.com/ibmcloud/platform-services-node-sdk

    The code examples on this tab use the client library that is provided for Python.

    Installation

    To install, use pip or easy_install:

    pip install --upgrade "platform-services>=0.0.1"

    or

    easy_install --upgrade "platform-services>=0.0.1"

    GitHub

    https://github.ibm.com/ibmcloud/platform-services-python-sdk

    There are a few different ways to download and install the Platform Services Go SDK project for use by your Go application:

    1. Go get command

    Use this command to download and install the Platform Services Go SDK project to allow your Go application to use it:

    go get -u github.ibm.com/ibmcloud/platform-services-go-sdk
    1. Go modules

    If your application is using Go modules, you can add a suitable import to your Go application, like this:

    import (
    "github.ibm.com/ibmcloud/platform-services-go-sdk/globaltaggingv1"
)

    Next, run go mod tidy to download and install the new dependency and update your Go application's go.mod file.

    1. Dep dependency manager

    If your application is using the dep dependency management tool, you can add a dependency to your Gopkg.toml file. Here is an example:

    [[constraint]]
  name = "github.ibm.com/ibmcloud/platform-services-go-sdk/globaltaggingv1"
  version = "0.0.1"

    then run 

    dep ensure

    GitHub

    https://github.com/IBM/platform-services-go-sdk

    Endpoint URLs

    The Global Tagging API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests. 

    https://tags.global-search-tagging.cloud.ibm.com

    If you enabled service endpoints in your account, you can send API requests over the IBM Cloud® private network at the following base endpoint URLs. For more information, see Enabling VRF and service endpoints.

    • Global: https://tags.private.global-search-tagging.cloud.ibm.com
    • Dallas: https://tags.private.us-south.global-search-tagging.cloud.ibm.com
    tags.global-search-tagging.cloud.ibm.com

    Tag attach example

    const GlobalTaggingV1 = require('../../dist/global-tagging/v1');
const {IamAuthenticator} = require('ibm-cloud-sdk-core');
const authenticator = new IamAuthenticator({
    apikey: {apikey},
});

const globalTagging = new GlobalTaggingV1(authenticator);

const resourceModel = {
    resource_id: {resourceCRN}
};

const resources = [resourceModel];
const tagNameArray = [{tagName}];
const params = {
    resources: resources,
    tagNames: tagNameArray
};

globalTagging.attachTag(params).then(response => {
    assert(response.status === 200);

    const results = response.result.results;
    assert(Array.isArray(results));
    assert(results[0].isError === false);
}).catch(error => {

});

    Replace {apikey}, {tagName} and {resourceCRN} in this example with the values for your particular API call.

    Tag attach example

    import com.ibm.cloud.sdk.core.http.Response;
import com.ibm.cloud.sdk.core.security.IamAuthenticator;
import com.ibm.cloud.sdk.core.security.JsonWebToken;
import com.ibm.cloud.platform_services.global_tagging.v1.GlobalTagging;
import com.ibm.cloud.platform_services.global_tagging.v1.model.AttachTagOptions;
import com.ibm.cloud.platform_services.global_tagging.v1.model.AttachTagOptions.Builder;

IamAuthenticator authenticator = new IamAuthenticator("{apikey}");
globalTagging = new GlobalTagging("global_tagging", authenticator);

Builder builder = new AttachTagOptions.Builder();
String tagName = "{tagName}";
com.ibm.cloud.platform_services.global_tagging.v1.model.Resource.Builder rBuilder = new Resource.Builder();
rBuilder.resourceId("{resourceCRN}");
Resource resource= rBuilder.build();

builder.addTagNames(tagName);
builder.addResources(resource);
AttachTagOptions ato = builder.build();

Response<TagResults> response = globalTagging.attachTag(ato).execute();

assertEquals(response.getStatusCode(), 200);

TagResults result = response.getResult();
assertFalse( ((TagResultsItem)(result.getResults().get(0))).isIsError().booleanValue() );

    Replace {apikey}, {tagName} and {resourceCRN} in this example with the values for your particular API call.

    Tag attach example

    
from platform_services import GlobalTaggingV1
from ibm_cloud_sdk_core.authenticators import IAMAuthenticator

authenticator = IAMAuthenticator('{apikey}')
global_tagging = GlobalTaggingV1(authenticator=authenticator)

resource = {}
resource['resource_id'] = '{resourceCRN}'
resources = [ resource ]

env = global_tagging.attach_tag('{tagName}', resources)
result = env.get_result()

results = result.get('results')
print(results[0].is_error)

    Replace {apikey}, {tagName} and {resourceCRN} in this example with the values for your particular API call.

    Tag attach example

    import (
  "github.com/IBM/go-sdk-core/v3/core"
    . "github.com/onsi/ginkgo"
    . "github.com/onsi/gomega"
    "github.ibm.com/ibmcloud/platform-services-go-sdk/globaltaggingv1"
    "time"
    "fmt"
    "os" 
)
    authenticator := &core.IamAuthenticator{
  ApiKey: "{apikey}"
    }

    options := &globaltaggingv1.GlobalTaggingV1Options {
        Authenticator: authenticator,
    }

    service, err := globaltaggingv1.NewGlobalTaggingV1(options)
  resource := service.NewResource('{resourceCRN}')
    array := []Resource{*resource}
  attachTagOptions := service.NewAttachTagOptions(array)
    attachTagOptions.SetTagNames([]string{'{tagName}'})

    result, detailedResponse, err := service.AttachTag(attachTagOptions)
)

    Replace {apikey}, {tagName} and {resourceCRN} in this example with the values for your particular API call.

    Authentication

    REST APIs require the user to specify an OAuth2 security token in the header to be authorized by the IBM Cloud IAM service. You can obtain a bearer token using the IBM Cloud command line command ibmcloud iam oauth-tokens. Another way to obtain a bearer token is through an API key. For more information, see Getting an IBM Cloud IAM token by using an API key.

    To call some methods, you'll need to be assigned a role that includes the required IAM action. The role varies by the type of resource that you're tagging. Each API method lists the action that the role must include. Methods that don't list an IAM action can be called by any user in the account. For more information, see Granting users access to tag resources.

    Auditing

    You can monitor API activity within your account by using the IBM Cloud Activity Tracker. Whenever an API method is called, an event is generated that you can then track and audit from within Activity Tracker. The specific event type is listed for each individual method.

    For more information about how to track tagging activity, see Auditing events for account management.

    Error handling

    The resource manager uses standard HTTP response codes to indicate whether a method completed successfully. A 200 type response always indicates success. A 400 type response is a failure, and a 500 type response is an internal system error.

    HTTP error code Description Recovery
    200 Success The request was successful.
    400 Bad Request The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request.
    401 Unauthorized You are not authorized to make this request. Log in to IBM Cloud and try again. If this error persists, contact the account owner to check your permissions.
    404 Not Found The requested resource could not be found.
    409 Conflict The entity is already in the requested state.
    410 Gone The resource is valid but has been removed already in a previous call
    500 Internal Server Error offering_name is currently unavailable. Your request could not be processed. Wait a few minutes and try again.

    Related APIs

    After tagging resources, you can search for them by the tag name or resource groups or building even more complex search strings. For more information about advanced search capabilities that use the Lucene query syntax, see the Global Search and Tagging - Search API.

    Methods

    Get all tags

    Lists all tags in a billing account. Use the attached_to parameter to return the list of tags attached to the specified resource.

    Lists all tags in a billing account. Use the attached_to parameter to return the list of tags attached to the specified resource.

    Lists all tags in a billing account. Use the attached_to parameter to return the list of tags attached to the specified resource.

    Lists all tags in a billing account. Use the attached_to parameter to return the list of tags attached to the specified resource.

    Lists all tags in a billing account. Use the attached_to parameter to return the list of tags attached to the specified resource.

    GET /v3/tags
    (globalTagging *GlobalTaggingV1) ListTags(listTagsOptions *ListTagsOptions) (result *TagList, response *core.DetailedResponse, err error)
    (globalTagging *GlobalTaggingV1) ListTagsWithContext(ctx context.Context, listTagsOptions *ListTagsOptions) (result *TagList, response *core.DetailedResponse, err error)
    ServiceCall<TagList> listTags(ListTagsOptions listTagsOptions)
    listTags(params)
    list_tags(self,
        *,
        impersonate_user: str = None,
        account_id: str = None,
        tag_type: str = None,
        full_data: bool = None,
        providers: List[str] = None,
        attached_to: str = None,
        offset: int = None,
        limit: int = None,
        timeout: int = None,
        order_by_name: str = None,
        attached_only: bool = None,
        **kwargs
    ) -> DetailedResponse

    Request

    Instantiate the ListTagsOptions struct and set the fields to provide parameter values for the ListTags method.

    Use the ListTagsOptions.Builder to create a ListTagsOptions object that contains the parameter values for the listTags method.

    Custom Headers

    • X-IMS-Auth-Token
      string

      The infrastructure authentication token, which can be used for searching the infrastructure tags. It is deprecated in favor of IAM authentication token.

      Constraints: Value must match regular expression ^Basic .*$

    Query Parameters

    • impersonate_user
      string

      The user on whose behalf the get operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^.*-.*$

    • account_id
      string

      The ID of the billing account to list the tags for. If it is not set, then it is taken from the authorization token. This parameter is required if tag_type is set to service.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    • tag_type
      string

      The type of the tag you want to list. Supported values are user, service and access.

      Allowable values: [user,service,access]

      Default: user

    • full_data
      boolean

      If set to true, this query returns the provider, ghost, ims or ghost,ims, where the tag exists and the number of attached resources.

      Default: false

    • providers
      string[]

      Select a provider. Supported values are ghost and ims. To list GhoST tags and infrastructure tags use ghost,ims. service and access tags can only be attached to GhoST onboarded resources, so you should not set this parameter when listing them.

      Allowable values: [ghost,ims]

      Default: ["ghost"]

    • attached_to
      string

      If you want to return only the list of tags attached to a specified resource, pass the ID of the resource on this parameter. For GhoST onboarded resources, the resource ID is the CRN; for IMS resources, it is the IMS ID. When using this parameter, you must specify the appropriate provider (ims or ghost).

      Constraints: Value must match regular expression ^crn:v1(:[a-zA-Z0-9 \-\._~\*\+,;=!$&'\(\)\/\?#\[\]@]*){8}$|^[0-9]+$

    • offset
      integer

      The offset is the index of the item from which you want to start returning data from.

      Constraints: value ≥ 0

      Default: 0

    • limit
      integer

      The number of tags to return.

      Constraints: 1 ≤ value ≤ 1000

      Default: 100

    • timeout
      integer

      The search timeout bounds the search request to be executed within the specified time value. It returns the hits accumulated until time runs out.

      Constraints: 0 ≤ value ≤ 600000

      Default: 0

    • order_by_name
      string

      Order the output by tag name.

      Allowable values: [asc,desc]

      Default: asc

    • attached_only
      boolean

      Filter on attached tags. If true, it returns only tags that are attached to one or more resources. If false, it returns all tags.

      Default: false

    parameter

    WithContext method only

    ListTagsOptions

    The ListTags options.

    ListTagsOptions

    The listTags options.

    parameters

    • impersonateUser
      string

      The user on whose behalf the get operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • accountId
      string

      The ID of the billing account to list the tags for. If it is not set, then it is taken from the authorization token. This parameter is required if tag_type is set to service.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tagType
      string

      The type of the tag you want to list. Supported values are user, service and access.

      Allowable values: [user,service,access]

      Default: user

    • fullData
      boolean

      If set to true, this query returns the provider, ghost, ims or ghost,ims, where the tag exists and the number of attached resources.

      Default: false

    • providers
      string[]

      Select a provider. Supported values are ghost and ims. To list GhoST tags and infrastructure tags use ghost,ims. service and access tags can only be attached to GhoST onboarded resources, so you should not set this parameter when listing them.

      Allowable values: [ghost,ims]

      Default: ["ghost"]

    • attachedTo
      string

      If you want to return only the list of tags attached to a specified resource, pass the ID of the resource on this parameter. For GhoST onboarded resources, the resource ID is the CRN; for IMS resources, it is the IMS ID. When using this parameter, you must specify the appropriate provider (ims or ghost).

      Constraints: Value must match regular expression /^crn:v1(:[a-zA-Z0-9 \\-\\._~\\*\\+,;=!$&'\\(\\)\/\\?#\\[\\]@]*){8}$|^[0-9]+$/

    • offset
      number

      The offset is the index of the item from which you want to start returning data from.

      Constraints: value ≥ 0

    • limit
      number

      The number of tags to return.

      Constraints: 1 ≤ value ≤ 1000

    • timeout
      number

      The search timeout bounds the search request to be executed within the specified time value. It returns the hits accumulated until time runs out.

      Constraints: 0 ≤ value ≤ 600000

    • orderByName
      string

      Order the output by tag name.

      Allowable values: [asc,desc]

      Default: asc

    • attachedOnly
      boolean

      Filter on attached tags. If true, it returns only tags that are attached to one or more resources. If false, it returns all tags.

      Default: false

    parameters

    • impersonate_user
      str

      The user on whose behalf the get operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • account_id
      str

      The ID of the billing account to list the tags for. If it is not set, then it is taken from the authorization token. This parameter is required if tag_type is set to service.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tag_type
      str

      The type of the tag you want to list. Supported values are user, service and access.

      Allowable values: [user,service,access]

      Default: user

    • full_data
      bool

      If set to true, this query returns the provider, ghost, ims or ghost,ims, where the tag exists and the number of attached resources.

      Default: false

    • providers
      List[str]

      Select a provider. Supported values are ghost and ims. To list GhoST tags and infrastructure tags use ghost,ims. service and access tags can only be attached to GhoST onboarded resources, so you should not set this parameter when listing them.

      Allowable values: [ghost,ims]

      Default: ["ghost"]

    • attached_to
      str

      If you want to return only the list of tags attached to a specified resource, pass the ID of the resource on this parameter. For GhoST onboarded resources, the resource ID is the CRN; for IMS resources, it is the IMS ID. When using this parameter, you must specify the appropriate provider (ims or ghost).

      Constraints: Value must match regular expression /^crn:v1(:[a-zA-Z0-9 \\-\\._~\\*\\+,;=!$&'\\(\\)\/\\?#\\[\\]@]*){8}$|^[0-9]+$/

    • offset
      int

      The offset is the index of the item from which you want to start returning data from.

      Constraints: value ≥ 0

    • limit
      int

      The number of tags to return.

      Constraints: 1 ≤ value ≤ 1000

    • timeout
      int

      The search timeout bounds the search request to be executed within the specified time value. It returns the hits accumulated until time runs out.

      Constraints: 0 ≤ value ≤ 600000

    • order_by_name
      str

      Order the output by tag name.

      Allowable values: [asc,desc]

      Default: asc

    • attached_only
      bool

      Filter on attached tags. If true, it returns only tags that are attached to one or more resources. If false, it returns all tags.

      Default: false

    • curl -X GET -H "Authorization: {iam_token}"   -H "Accept: application/json"   "{base_url}/v3/tags?tag_type=user&attached_only=true&full_data=true&providers=ghost&offset=0&limit=10&order_by_name=asc"
    • listTagsOptions := globalTaggingService.NewListTagsOptions()
listTagsOptions.SetTagType("user")
listTagsOptions.SetAttachedOnly(true)
listTagsOptions.SetFullData(true)
listTagsOptions.SetProviders([]string{"ghost"})
listTagsOptions.SetOrderByName("asc")

tagList, response, err := globalTaggingService.ListTags(listTagsOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(tagList, "", "  ")
fmt.Println(string(b))
    • ListTagsOptions listTagsOptions = new ListTagsOptions.Builder()
    .tagType("user")
    .attachedOnly(true)
    .fullData(true)
    .addProviders("ghost")
    .orderByName("asc")
    .build();

Response<TagList> response = service.listTags(listTagsOptions).execute();
TagList tagList = response.getResult();
System.out.println(tagList.toString());
    • const params = {
  tagType: 'user',
  attachedOnly: true,
  fullData: true,
  providers: ['ghost'],
  orderByName: 'asc',
};

globalTaggingService.listTags(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
    • tag_list = global_tagging_service.list_tags(
  tag_type='user',
  attached_only=True,
  full_data=True,
  providers=['ghost'],
  order_by_name='asc').get_result()

print(json.dumps(tag_list, indent=2))

    Response

    Response Body

    TagList

    A list of tags.

    TagList

    A list of tags.

    TagList

    A list of tags.

    TagList

    A list of tags.

    TagList

    A list of tags.

    Status Code

    • 200

      A result paging with the list of tags matching the provided filters.

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token not valid

    • 407

      Unsupported operation

    • 500

      Internal server error, IAM not initialized, or malformed IAM credentials

    • default

      System problem or unexpected error

    No Sample Response

    This method does not specify any sample responses.

    Create an access management tag

    Create an access management tag. To create an access tag, you must have the access listed in the Granting users access to tag resources documentation. service and user tags cannot be created upfront. They are created when they are attached for the first time to a resource.

    Create an access management tag. To create an access tag, you must have the access listed in the Granting users access to tag resources documentation. service and user tags cannot be created upfront. They are created when they are attached for the first time to a resource.

    Create an access management tag. To create an access tag, you must have the access listed in the Granting users access to tag resources documentation. service and user tags cannot be created upfront. They are created when they are attached for the first time to a resource.

    Create an access management tag. To create an access tag, you must have the access listed in the Granting users access to tag resources documentation. service and user tags cannot be created upfront. They are created when they are attached for the first time to a resource.

    Create an access management tag. To create an access tag, you must have the access listed in the Granting users access to tag resources documentation. service and user tags cannot be created upfront. They are created when they are attached for the first time to a resource.

    POST /v3/tags
    (globalTagging *GlobalTaggingV1) CreateTag(createTagOptions *CreateTagOptions) (result *CreateTagResults, response *core.DetailedResponse, err error)
    (globalTagging *GlobalTaggingV1) CreateTagWithContext(ctx context.Context, createTagOptions *CreateTagOptions) (result *CreateTagResults, response *core.DetailedResponse, err error)
    ServiceCall<CreateTagResults> createTag(CreateTagOptions createTagOptions)
    createTag(params)
    create_tag(self,
        tag_names: List[str],
        *,
        impersonate_user: str = None,
        account_id: str = None,
        tag_type: str = None,
        **kwargs
    ) -> DetailedResponse

    Authorization

    To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > name > Access policies.

    This action applies only to access management tags.

    • ghost-tags.create-access-tag

    Auditing

    Calling this method generates the following auditing event.

    • ghost-tags.create-access-tag

    Request

    Instantiate the CreateTagOptions struct and set the fields to provide parameter values for the CreateTag method.

    Use the CreateTagOptions.Builder to create a CreateTagOptions object that contains the parameter values for the createTag method.

    Query Parameters

    • impersonate_user
      string

      The user on whose behalf the create operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^.*-.*$

    • account_id
      string

      The ID of the billing account where the tag must be created. It is a required parameter if impersonate_user is set.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    • tag_type
      string

      The type of the tags you want to create. The only allowed value is access.

      Allowable values: [access]

      Default: access

    Request Body

    CreateTagBody

    array of access management tags to be attached

    parameter

    WithContext method only

    CreateTagOptions

    The CreateTag options.

    CreateTagOptions

    The createTag options.

    parameters

    • tagNames
      string[]

      An array of tag names to create.

      Constraints: 1 ≤ number of items ≤ 100, length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • impersonateUser
      string

      The user on whose behalf the create operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • accountId
      string

      The ID of the billing account where the tag must be created. It is a required parameter if impersonate_user is set.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tagType
      string

      The type of the tags you want to create. The only allowed value is access.

      Allowable values: [access]

      Default: access

    parameters

    • tag_names
      List[str]

      An array of tag names to create.

      Constraints: 1 ≤ number of items ≤ 100, length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • impersonate_user
      str

      The user on whose behalf the create operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • account_id
      str

      The ID of the billing account where the tag must be created. It is a required parameter if impersonate_user is set.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tag_type
      str

      The type of the tags you want to create. The only allowed value is access.

      Allowable values: [access]

      Default: access

    • curl -X POST -H "Authorization: {iam_token}"   -H "Accept: application/json"   -H "Content-Type: application/json"   -d '{ "tag_names": ["env:example-access-tag"] }'   "{base_url}/v3/tags?tag_type=access"
    • createTagOptions := globalTaggingService.NewCreateTagOptions(
  []string{"env:example-access-tag"},
)
createTagOptions.SetTagType("access")

createTagResults, response, err := globalTaggingService.CreateTag(createTagOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(createTagResults, "", "  ")
fmt.Println(string(b))
    • CreateTagOptions createTagOptions = new CreateTagOptions.Builder()
    .addTagNames("env:example-access-tag")
    .tagType("access")
    .build();

Response<CreateTagResults> response = service.createTag(createTagOptions).execute();
CreateTagResults createTagResults = response.getResult();
System.out.println(createTagResults);
    • const params = {
  tagNames: ['env:example-access-tag'],
  tagType: 'access',
};

globalTaggingService.createTag(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
    • create_tag_results = global_tagging_service.create_tag(
  tag_names=['env:example-access-tag'],
  tag_type='access').get_result()

print(json.dumps(create_tag_results, indent=2))

    Response

    Response Body

    CreateTagResults

    Results of a create tag(s) request.

    CreateTagResults

    Results of a create tag(s) request.

    CreateTagResults

    Results of a create tag(s) request.

    CreateTagResults

    Results of a create tag(s) request.

    CreateTagResults

    Results of a create tag(s) request.

    Status Code

    • 200

      The tag has been created successfully

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token was not valid.

    • default

      System problem or unexpected error

    No Sample Response

    This method does not specify any sample responses.

    Delete all unused tags

    Delete the tags that are not attached to any resource.

    Delete the tags that are not attached to any resource.

    Delete the tags that are not attached to any resource.

    Delete the tags that are not attached to any resource.

    Delete the tags that are not attached to any resource.

    DELETE /v3/tags
    (globalTagging *GlobalTaggingV1) DeleteTagAll(deleteTagAllOptions *DeleteTagAllOptions) (result *DeleteTagsResult, response *core.DetailedResponse, err error)
    (globalTagging *GlobalTaggingV1) DeleteTagAllWithContext(ctx context.Context, deleteTagAllOptions *DeleteTagAllOptions) (result *DeleteTagsResult, response *core.DetailedResponse, err error)
    ServiceCall<DeleteTagsResult> deleteTagAll(DeleteTagAllOptions deleteTagAllOptions)
    deleteTagAll(params)
    delete_tag_all(self,
        *,
        providers: str = None,
        impersonate_user: str = None,
        account_id: str = None,
        tag_type: str = None,
        **kwargs
    ) -> DetailedResponse

    Authorization

    To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > name > Access policies.

    This action applies only to access management tags.

    • ghost-tags.delete-access-tag

    Auditing

    Calling this method generates the following auditing event.

    • global-search-tagging.tags.delete

    Request

    Instantiate the DeleteTagAllOptions struct and set the fields to provide parameter values for the DeleteTagAll method.

    Use the DeleteTagAllOptions.Builder to create a DeleteTagAllOptions object that contains the parameter values for the deleteTagAll method.

    Custom Headers

    • X-IMS-Auth-Token
      string

      The infrastructure authentication token, which can be used for for deleting the infrastructure tags. It is deprecated in favor of IAM authentication token.

      Constraints: Value must match regular expression ^Basic .*$

    Query Parameters

    • providers
      string

      Select a provider. Supported values are ghost and ims.

      Allowable values: [ghost,ims]

      Default: ghost

    • impersonate_user
      string

      The user on whose behalf the delete all operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^.*-.*$

    • account_id
      string

      The ID of the billing account to delete the tags for. If it is not set, then it is taken from the authorization token. It is a required parameter if tag_type is set to service.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    • tag_type
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources (providers parameter set to ims).

      Allowable values: [user,service,access]

      Default: user

    parameter

    WithContext method only

    DeleteTagAllOptions

    The DeleteTagAll options.

    DeleteTagAllOptions

    The deleteTagAll options.

    parameters

    • providers
      string

      Select a provider. Supported values are ghost and ims.

      Allowable values: [ghost,ims]

      Default: ghost

    • impersonateUser
      string

      The user on whose behalf the delete all operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • accountId
      string

      The ID of the billing account to delete the tags for. If it is not set, then it is taken from the authorization token. It is a required parameter if tag_type is set to service.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tagType
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources (providers parameter set to ims).

      Allowable values: [user,service,access]

      Default: user

    parameters

    • providers
      str

      Select a provider. Supported values are ghost and ims.

      Allowable values: [ghost,ims]

      Default: ghost

    • impersonate_user
      str

      The user on whose behalf the delete all operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • account_id
      str

      The ID of the billing account to delete the tags for. If it is not set, then it is taken from the authorization token. It is a required parameter if tag_type is set to service.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tag_type
      str

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources (providers parameter set to ims).

      Allowable values: [user,service,access]

      Default: user

    • curl -X DELETE -H "Authorization: {iam_token}"   -H "Accept: application/json"   "{base_url}/v3/tags?tag_type=user"
    • deleteTagAllOptions := globalTaggingService.NewDeleteTagAllOptions()
deleteTagAllOptions.SetTagType("user")

deleteTagsResult, response, err := globalTaggingService.DeleteTagAll(deleteTagAllOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(deleteTagsResult, "", "  ")
fmt.Println(string(b))
    • DeleteTagAllOptions deleteTagAllOptions = new DeleteTagAllOptions.Builder()
    .tagType("user")
    .build();

Response<DeleteTagsResult> response = service.deleteTagAll(deleteTagAllOptions).execute();
DeleteTagsResult deleteTagsResult = response.getResult();

System.out.println(deleteTagsResult.toString());
    • const params = {
  tagType: 'access',
};

globalTaggingService.deleteTagAll(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
    • delete_tags_result = global_tagging_service.delete_tag_all(
  tag_type='user').get_result()

print(json.dumps(delete_tags_result, indent=2))

    Response

    Response Body

    DeleteTagsResult

    Results of a deleting unattatched tags.

    DeleteTagsResult

    Results of a deleting unattatched tags.

    DeleteTagsResult

    Results of a deleting unattatched tags.

    DeleteTagsResult

    Results of a deleting unattatched tags.

    DeleteTagsResult

    Results of a deleting unattatched tags.

    Status Code

    • 200

      A results page that includes the list of tags that have been deleted.

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token was not valid.

    • default

      System problem or unexpected error

    No Sample Response

    This method does not specify any sample responses.

    Delete an unused tag

    Delete an existing tag. A tag can be deleted only if it is not attached to any resource.

    Delete an existing tag. A tag can be deleted only if it is not attached to any resource.

    Delete an existing tag. A tag can be deleted only if it is not attached to any resource.

    Delete an existing tag. A tag can be deleted only if it is not attached to any resource.

    Delete an existing tag. A tag can be deleted only if it is not attached to any resource.

    DELETE /v3/tags/{tag_name}
    (globalTagging *GlobalTaggingV1) DeleteTag(deleteTagOptions *DeleteTagOptions) (result *DeleteTagResults, response *core.DetailedResponse, err error)
    (globalTagging *GlobalTaggingV1) DeleteTagWithContext(ctx context.Context, deleteTagOptions *DeleteTagOptions) (result *DeleteTagResults, response *core.DetailedResponse, err error)
    ServiceCall<DeleteTagResults> deleteTag(DeleteTagOptions deleteTagOptions)
    deleteTag(params)
    delete_tag(self,
        tag_name: str,
        *,
        providers: List[str] = None,
        impersonate_user: str = None,
        account_id: str = None,
        tag_type: str = None,
        **kwargs
    ) -> DetailedResponse

    Authorization

    To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > name > Access policies.

    This action applies only to access management tags.

    • ghost-tags.delete-access-tag

    Auditing

    Calling this method generates the following auditing event.

    • global-search-tagging.tag.delete

    Request

    Instantiate the DeleteTagOptions struct and set the fields to provide parameter values for the DeleteTag method.

    Use the DeleteTagOptions.Builder to create a DeleteTagOptions object that contains the parameter values for the deleteTag method.

    Custom Headers

    • X-IMS-Auth-Token
      string

      The infrastructure authentication token, which can be used for for deleting an infrastructure tag. It is deprecated in favor of IAM authentication token.

      Constraints: Value must match regular expression ^Basic .*$

    Path Parameters

    • tag_name
      string

      The name of tag to be deleted.

      Constraints: length ≤ 128, Value must match regular expression ^[A-Za-z0-9:_ .-]+$

    Query Parameters

    • providers
      string[]

      Select a provider. Supported values are ghost and ims. To delete tag both in GhoST in IMS, use ghost,ims

      Allowable values: [ghost,ims]

      Default: ["ghost"]

    • impersonate_user
      string

      The user on whose behalf the delete operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^.*-.*$

    • account_id
      string

      The ID of the billing account to delete the tag for. It is a required parameter if tag_type is set to service, otherwise it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    • tag_type
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources (providers parameter set to ims).

      Allowable values: [user,service,access]

      Default: user

    parameter

    WithContext method only

    DeleteTagOptions

    The DeleteTag options.

    DeleteTagOptions

    The deleteTag options.

    parameters

    • tagName
      string

      The name of tag to be deleted.

      Constraints: length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • providers
      string[]

      Select a provider. Supported values are ghost and ims. To delete tag both in GhoST in IMS, use ghost,ims.

      Allowable values: [ghost,ims]

      Default: ["ghost"]

    • impersonateUser
      string

      The user on whose behalf the delete operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • accountId
      string

      The ID of the billing account to delete the tag for. It is a required parameter if tag_type is set to service, otherwise it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tagType
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources (providers parameter set to ims).

      Allowable values: [user,service,access]

      Default: user

    parameters

    • tag_name
      str

      The name of tag to be deleted.

      Constraints: length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • providers
      List[str]

      Select a provider. Supported values are ghost and ims. To delete tag both in GhoST in IMS, use ghost,ims.

      Allowable values: [ghost,ims]

      Default: ["ghost"]

    • impersonate_user
      str

      The user on whose behalf the delete operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • account_id
      str

      The ID of the billing account to delete the tag for. It is a required parameter if tag_type is set to service, otherwise it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tag_type
      str

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources (providers parameter set to ims).

      Allowable values: [user,service,access]

      Default: user

    •     curl -X DELETE -H "Authorization: {iam_token}" -H "Accept: application/json" "{base_url}/v3/tags/{tag_name}?tag_type=access"
    • deleteTagOptions := globalTaggingService.NewDeleteTagOptions("env:example-access-tag")
deleteTagOptions.SetTagType("access")

deleteTagResults, response, err := globalTaggingService.DeleteTag(deleteTagOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(deleteTagResults, "", "  ")
fmt.Println(string(b))
    • DeleteTagOptions deleteTagOptions = new DeleteTagOptions.Builder()
    .tagName("env:example-access-tag")
    .tagType("access")
    .build();

Response<DeleteTagResults> response = service.deleteTag(deleteTagOptions).execute();
DeleteTagResults deleteTagResults = response.getResult();
System.out.println(deleteTagResults.toString());
    • const params = {
  tagName: 'env:example-access-tag',
  tagType: 'access',
};

globalTaggingService.deleteTag(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
    • delete_tag_results = global_tagging_service.delete_tag(
  tag_name='env:example-access-tag',
  tag_type='access').get_result()

print(json.dumps(delete_tag_results, indent=2))

    Response

    Response Body

    DeleteTagResults

    Results of a delete_tag request.

    DeleteTagResults

    Results of a delete_tag request.

    DeleteTagResults

    Results of a delete_tag request.

    DeleteTagResults

    Results of a delete_tag request.

    DeleteTagResults

    Results of a delete_tag request.

    Status Code

    • 200

      Success message

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token was not valid.

    • default

      System problem or unexpected error

    No Sample Response

    This method does not specify any sample responses.

    Attach tags

    Attaches one or more tags to one or more resources.

    Attaches one or more tags to one or more resources. To attach a user tag on a resource, you must have the access listed in the Granting users access to tag resources documentation. To attach a service tag, you must be an authorized service. If that is the case, then you can attach a service tag with your registered prefix to any resource in any account. The account ID must be set through the account_id query parameter. To attach an access tag, you must be the resource administrator within the account. You can attach only access tags already existing.

    Attaches one or more tags to one or more resources. To attach a user tag on a resource, you must have the access listed in the Granting users access to tag resources documentation. To attach a service tag, you must be an authorized service. If that is the case, then you can attach a service tag with your registered prefix to any resource in any account. The account ID must be set through the account_id query parameter. To attach an access tag, you must be the resource administrator within the account. You can attach only access tags already existing.

    Attaches one or more tags to one or more resources. To attach a user tag on a resource, you must have the access listed in the Granting users access to tag resources documentation. To attach a service tag, you must be an authorized service. If that is the case, then you can attach a service tag with your registered prefix to any resource in any account. The account ID must be set through the account_id query parameter. To attach an access tag, you must be the resource administrator within the account. You can attach only access tags already existing.

    Attaches one or more tags to one or more resources. To attach a user tag on a resource, you must have the access listed in the Granting users access to tag resources documentation. To attach a service tag, you must be an authorized service. If that is the case, then you can attach a service tag with your registered prefix to any resource in any account. The account ID must be set through the account_id query parameter. To attach an access tag, you must be the resource administrator within the account. You can attach only access tags already existing.

    POST /v3/tags/attach
    (globalTagging *GlobalTaggingV1) AttachTag(attachTagOptions *AttachTagOptions) (result *TagResults, response *core.DetailedResponse, err error)
    (globalTagging *GlobalTaggingV1) AttachTagWithContext(ctx context.Context, attachTagOptions *AttachTagOptions) (result *TagResults, response *core.DetailedResponse, err error)
    ServiceCall<TagResults> attachTag(AttachTagOptions attachTagOptions)
    attachTag(params)
    attach_tag(self,
        resources: List['Resource'],
        *,
        tag_name: str = None,
        tag_names: List[str] = None,
        impersonate_user: str = None,
        account_id: str = None,
        tag_type: str = None,
        **kwargs
    ) -> DetailedResponse

    Authorization

    To call this method, you must be assigned one or more IAM access roles that include the following actions. You can check your access by going to Users > name > Access policies.

    This action applies only to user tags. Because service tags are managed by IBM services, IAM actions do not apply to them. To attach a user tag on a resource, you must have the access listed in the Granting users access to tag resources documentation. To attach a service tag, you must be an authorized service. If that is the case, then you can attach a service tag with your registered prefix to any resource in any account. The account ID must be set through the account_id query parameter. To attach an access tag, you must be the resource administrator within the account. You can attach only access tags already existing.

    • global-search-tagging.tag.attach-user-tag

    • global-search-tagging.tag.attach-access-tag

    Auditing

    Calling this method generates the following auditing event.

    • global-search-tagging.tag.attach

    Request

    Instantiate the AttachTagOptions struct and set the fields to provide parameter values for the AttachTag method.

    Use the AttachTagOptions.Builder to create a AttachTagOptions object that contains the parameter values for the attachTag method.

    Custom Headers

    • X-IMS-Auth-Token
      string

      The infrastructure authentication token, which can be used for for attaching an infrastructure tag. It is deprecated in favor of IAM authentication token.

      Constraints: Value must match regular expression ^Basic .*$

    • creator-iam-id
      string

      The user on whose behalf the attach operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^[a-zA-Z0-9_,-]*$

    • created-at
      string

      The time when the tag creation must be recorded (for administrators only).

      Constraints: Value must match regular expression \d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[1-2]\d|3[0-1])T(?:[0-1]\d|2[0-3]):[0-5]\d:[0-5]\d.\d{3}Z|\d{4}-(?:0[1-9]|1[0-2])-(?:0[1-9]|[1-2]\d|3[0-1])T(?:[0-1]\d|2[0-3]):[0-5]\d:[0-5]\dZ

    Query Parameters

    • impersonate_user
      string

      The user on whose behalf the attach operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^.*-.*$

    • account_id
      string

      The ID of the billing account where the resources to be tagged lives. It is a required parameter if tag_type is set to service. Otherwise, it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    • tag_type
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources.

      Allowable values: [user,service,access]

      Default: user

    Request Body

    AttachTagRequest

    Array of tag names and list of resource IDs on which the tags should be attached. For GhoST onboarded resources, the resource ID is the CRN; for IMS resources, it is the IMS ID. The maximum number of resource IDs where the tag will be attached is 100. You can specify up to 100 tags to be attached.

    Examples:
    View

    parameter

    WithContext method only

    AttachTagOptions

    The AttachTag options.

    AttachTagOptions

    The attachTag options.

    parameters

    • resources

      List of resources on which the tag or tags should be attached.

      Constraints: 1 ≤ number of items ≤ 100

    • tagName
      string

      The name of the tag to attach.

      Constraints: length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • tagNames
      string[]

      An array of tag names to attach.

      Constraints: 1 ≤ number of items ≤ 100, length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • impersonateUser
      string

      The user on whose behalf the attach operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • accountId
      string

      The ID of the billing account where the resources to be tagged lives. It is a required parameter if tag_type is set to service. Otherwise, it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tagType
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources.

      Allowable values: [user,service,access]

      Default: user

    parameters

    • resources

      List of resources on which the tag or tags should be attached.

      Constraints: 1 ≤ number of items ≤ 100

    • tag_name
      str

      The name of the tag to attach.

      Constraints: length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • tag_names
      List[str]

      An array of tag names to attach.

      Constraints: 1 ≤ number of items ≤ 100, length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • impersonate_user
      str

      The user on whose behalf the attach operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • account_id
      str

      The ID of the billing account where the resources to be tagged lives. It is a required parameter if tag_type is set to service. Otherwise, it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tag_type
      str

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources.

      Allowable values: [user,service,access]

      Default: user

    •     curl -X POST -H "Authorization: {iam_token}" -H "Accept: application/json" -H "Content-Type: application/json" -d '{ "resources": [{ "resource_id": "{RESOURCE_CRN}" }], "tag_names": ["tag_test_1", "tag_test_2"] }' "{base_url}/v3/tags/attach?tag_type=user"
    • resourceModel := &globaltaggingv1.Resource{
  ResourceID: &resourceCRN,
}

attachTagOptions := globalTaggingService.NewAttachTagOptions(
  []globaltaggingv1.Resource{*resourceModel},
)
attachTagOptions.SetTagNames([]string{"tag_test_1", "tag_test_2"})
attachTagOptions.SetTagType("user")

tagResults, response, err := globalTaggingService.AttachTag(attachTagOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(tagResults, "", "  ")
fmt.Println(string(b))
    • Resource resourceModel = new Resource.Builder().resourceId(resourceCRN).build();
AttachTagOptions attachTagOptions = new AttachTagOptions.Builder()
    .addResources(resourceModel)
    .addTagNames("tag_test_1")
    .addTagNames("tag_test_2")
    .build();

Response<TagResults> response = service.attachTag(attachTagOptions).execute();
TagResults tagResults = response.getResult();
System.out.println(tagResults.toString());
    • const resourceModel = {
  resource_id: resourceCrn,
};

const params = {
  resources: [resourceModel],
  tagNames: ["tag_test_1", "tag_test_2"],
  tagType: 'user',
};

globalTaggingService.attachTag(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
    • resource_model = {'resource_id': resource_crn}

tag_results = global_tagging_service.attach_tag(
  resources=[resource_model],
  tag_names=['tag_test_1', 'tag_test_2'],
  tag_type='user').get_result()

print(json.dumps(tag_results, indent=2))

    Response

    Response Body

    TagResults

    Results of an attach_tag or detach_tag request

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    Status Code

    • 200

      The array of tag attach operations result

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token was not valid.

    • default

      System problem or unexpected error

    Example responses
    • {
  "results": [
    {
      "resource_id": "crn:v1:staging:public:resource-controller::a/5c2ac0d93c69e82c6c9c7c78dc4beda3::resource-group:1c061f4485b34360a8f8ee049880dc13",
      "is_error": false
    },
    {
      "resource_id": "58546459",
      "resource_type": "NETWORK_VLAN_FIREWALL",
      "is_error": true,
      "response": "IMS_API_ERROR",
      "message": "Error calling IMS REST API endpoint",
      "code": "GST915E",
      "level": "error",
      "httpCode": 401,
      "more_info": "IMS token is missing"
    }
  ]
}
    • {
  "results": [
    {
      "resource_id": "crn:v1:staging:public:resource-controller::a/5c2ac0d93c69e82c6c9c7c78dc4beda3::resource-group:1c061f4485b34360a8f8ee049880dc13",
      "is_error": false
    },
    {
      "resource_id": "58546459",
      "resource_type": "NETWORK_VLAN_FIREWALL",
      "is_error": true,
      "response": "IMS_API_ERROR",
      "message": "Error calling IMS REST API endpoint",
      "code": "GST915E",
      "level": "error",
      "httpCode": 401,
      "more_info": "IMS token is missing"
    }
  ]
}

    Detach tags

    Detaches one or more tags from one or more resources.

    Detaches one or more tags from one or more resources. To detach a user tag on a resource you must have the permissions listed in the Granting users access to tag resources documentation. To detach a service tag you must be an authorized Service. If that is the case, then you can detach a service tag with your registered prefix from any resource in any account. The account ID must be set through the account_id query parameter. To detach an access tag, you must be the resource administrator within the account.

    Detaches one or more tags from one or more resources. To detach a user tag on a resource you must have the permissions listed in the Granting users access to tag resources documentation. To detach a service tag you must be an authorized Service. If that is the case, then you can detach a service tag with your registered prefix from any resource in any account. The account ID must be set through the account_id query parameter. To detach an access tag, you must be the resource administrator within the account.

    Detaches one or more tags from one or more resources. To detach a user tag on a resource you must have the permissions listed in the Granting users access to tag resources documentation. To detach a service tag you must be an authorized Service. If that is the case, then you can detach a service tag with your registered prefix from any resource in any account. The account ID must be set through the account_id query parameter. To detach an access tag, you must be the resource administrator within the account.

    Detaches one or more tags from one or more resources. To detach a user tag on a resource you must have the permissions listed in the Granting users access to tag resources documentation. To detach a service tag you must be an authorized Service. If that is the case, then you can detach a service tag with your registered prefix from any resource in any account. The account ID must be set through the account_id query parameter. To detach an access tag, you must be the resource administrator within the account.

    POST /v3/tags/detach
    (globalTagging *GlobalTaggingV1) DetachTag(detachTagOptions *DetachTagOptions) (result *TagResults, response *core.DetailedResponse, err error)
    (globalTagging *GlobalTaggingV1) DetachTagWithContext(ctx context.Context, detachTagOptions *DetachTagOptions) (result *TagResults, response *core.DetailedResponse, err error)
    ServiceCall<TagResults> detachTag(DetachTagOptions detachTagOptions)
    detachTag(params)
    detach_tag(self,
        resources: List['Resource'],
        *,
        tag_name: str = None,
        tag_names: List[str] = None,
        impersonate_user: str = None,
        account_id: str = None,
        tag_type: str = None,
        **kwargs
    ) -> DetailedResponse

    Authorization

    To call this method, you must be assigned one or more IAM access roles that include the following actions. You can check your access by going to Users > name > Access policies.

    This action applies only to user tags. Because service tags are managed by IBM services, IAM actions do not apply to them. To detach a user tag on a resource you must have the permissions listed in the Granting users access to tag resources documentation. To detach a service tag you must be an authorized Service. If that is the case, then you can detach a service tag with your registered prefix from any resource in any account. The account ID must be set through the account_id query parameter. To detach an access tag, you must be the resource administrator within the account.

    • global-search-tagging.tag.detach-user-tag

    • global-search-tagging.tag.detach-access-tag

    Auditing

    Calling this method generates the following auditing event.

    • global-search-tagging.tag.detach

    Request

    Instantiate the DetachTagOptions struct and set the fields to provide parameter values for the DetachTag method.

    Use the DetachTagOptions.Builder to create a DetachTagOptions object that contains the parameter values for the detachTag method.

    Custom Headers

    • X-IMS-Auth-Token
      string

      The infrastructure authentication token, which can be used for for detaching an infrastructure tag. It is deprecated in favor of IAM authentication token.

      Constraints: Value must match regular expression ^Basic .*$

    Query Parameters

    • impersonate_user
      string

      The user on whose behalf the detach operation must be performed (for administrators only).

      Constraints: Value must match regular expression ^.*-.*$

    • account_id
      string

      The ID of the billing account where the resources to be un-tagged lives. It is a required parameter if tag_type is set to service, otherwise it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    • tag_type
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources.

      Allowable values: [user,service,access]

      Default: user

    Request Body

    DetachTagRequest

    Array of tag names and list of resource IDs from which the tag should be detached. For GhoST onboarded resources, the resource ID is the CRN; for IMS resources, it is the IMS ID. For IMS resource also the IMS datatype must be specified. The maximum number of resources where the tag will be detached from is 100. You can specify up to 100 tags to be detached.

    Examples:
    View

    parameter

    WithContext method only

    DetachTagOptions

    The DetachTag options.

    DetachTagOptions

    The detachTag options.

    parameters

    • resources

      List of resources on which the tag or tags should be detached.

      Constraints: 1 ≤ number of items ≤ 100

    • tagName
      string

      The name of the tag to detach.

      Constraints: length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$|^[*]{1}$/

    • tagNames
      string[]

      An array of tag names to detach.

      Constraints: 1 ≤ number of items ≤ 100, length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • impersonateUser
      string

      The user on whose behalf the detach operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • accountId
      string

      The ID of the billing account where the resources to be un-tagged lives. It is a required parameter if tag_type is set to service, otherwise it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tagType
      string

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources.

      Allowable values: [user,service,access]

      Default: user

    parameters

    • resources

      List of resources on which the tag or tags should be detached.

      Constraints: 1 ≤ number of items ≤ 100

    • tag_name
      str

      The name of the tag to detach.

      Constraints: length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$|^[*]{1}$/

    • tag_names
      List[str]

      An array of tag names to detach.

      Constraints: 1 ≤ number of items ≤ 100, length ≤ 128, Value must match regular expression /^[A-Za-z0-9:_ .-]+$/

    • impersonate_user
      str

      The user on whose behalf the detach operation must be performed (for administrators only).

      Constraints: Value must match regular expression /^.*-.*$/

    • account_id
      str

      The ID of the billing account where the resources to be un-tagged lives. It is a required parameter if tag_type is set to service, otherwise it is inferred from the authorization IAM token.

      Constraints: Value must match regular expression /^[a-fA-F0-9-]+$|^[*]{1}$/

    • tag_type
      str

      The type of the tag. Supported values are user, service and access. service and access are not supported for IMS resources.

      Allowable values: [user,service,access]

      Default: user

    • curl -X POST -H "Authorization: {iam_token}"   -H "Accept: application/json"   -H "Content-Type: application/json"   -d '{ "resources": [{ "resource_id": "{RESOURCE_CRN}" }], "tag_names": ["tag_test_1", "tag_test_2"] }'   "{base_url}/v3/tags/detach?tag_type=user"
    • resourceModel := &globaltaggingv1.Resource{
  ResourceID: &resourceCRN,
}

detachTagOptions := globalTaggingService.NewDetachTagOptions(
  []globaltaggingv1.Resource{*resourceModel},
)
detachTagOptions.SetTagNames([]string{"tag_test_1", "tag_test_2"})
detachTagOptions.SetTagType("user")

tagResults, response, err := globalTaggingService.DetachTag(detachTagOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(tagResults, "", "  ")
fmt.Println(string(b))
    • Resource resourceModel = new Resource.Builder().resourceId(resourceCRN).build();
DetachTagOptions detachTagOptions = new DetachTagOptions.Builder()
    .addResources(resourceModel)
    .addTagNames("tag_test_1")
    .addTagNames("tag_test_2")
    .tagType("user")
    .build();

Response<TagResults> response = service.detachTag(detachTagOptions).execute();
TagResults tagResults = response.getResult();
System.out.println(tagResults.toString());
    • const resourceModel = {
  resource_id: resourceCrn,
};

const params = {
  resources: [resourceModel],
  tagNames: ["tag_test_1", "tag_test_2"],
  tagType: 'user',
};

globalTaggingService.detachTag(params)
  .then(res => {
    console.log(JSON.stringify(res.result, null, 2));
  })
  .catch(err => {
    console.warn(err)
  });
    • resource_model = {'resource_id': resource_crn}

tag_results = global_tagging_service.detach_tag(
  resources=[resource_model],
  tag_names=['tag_test_1', 'tag_test_2'],
  tag_type='user').get_result()

print(json.dumps(tag_results, indent=2))

    Response

    Response Body

    TagResults

    Results of an attach_tag or detach_tag request

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    TagResults

    Results of an attach_tag or detach_tag request.

    Examples:
    View

    Status Code

    • 200

      The array of tag detach operations result

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token was not valid.

    • default

      System problem or unexpected error

    Example responses
    • {
  "results": [
    {
      "resource_id": "crn:v1:staging:public:resource-controller::a/5c2ac0d93c69e82c6c9c7c78dc4beda3::resource-group:1c061f4485b34360a8f8ee049880dc13",
      "is_error": false
    },
    {
      "resource_id": "58546459",
      "resource_type": "NETWORK_VLAN_FIREWALL",
      "is_error": true,
      "response": "IMS_API_ERROR",
      "message": "Error calling IMS REST API endpoint",
      "code": "GST915E",
      "level": "error",
      "httpCode": 401,
      "more_info": "IMS token is missing"
    }
  ]
}
    • {
  "results": [
    {
      "resource_id": "crn:v1:staging:public:resource-controller::a/5c2ac0d93c69e82c6c9c7c78dc4beda3::resource-group:1c061f4485b34360a8f8ee049880dc13",
      "is_error": false
    },
    {
      "resource_id": "58546459",
      "resource_type": "NETWORK_VLAN_FIREWALL",
      "is_error": true,
      "response": "IMS_API_ERROR",
      "message": "Error calling IMS REST API endpoint",
      "code": "GST915E",
      "level": "error",
      "httpCode": 401,
      "more_info": "IMS token is missing"
    }
  ]
}

    Set tags for a resource

    Tag one resource by passing in one or more tags. Tag references are cleared out every time this operation is called. If your resource is already tagged you will need to pass the current tags along with any new ones. To remove all tag references pass an empty tag_names array. To remove one or more tags omit them from the tag_names array. You can only set tags to a specific subset of IMS resources and only if you have the needed permission.

    POST /v3/tags/set_tags

    Request

    Custom Headers

    • X-Ghost
      string

      GhoST reserved.

      Constraints: length ≤ 256, Value must match regular expression .*$

    Query Parameters

    • account_id
      string

      The ID of the billing account where the resources to be tagged lives.

      Constraints: Value must match regular expression ^[a-fA-F0-9-]+$|^[*]{1}$

    Request Body

    SetTagsRequest

    List of tag names and resource ID on which the tags should be set. For IMS resources, it is the IMS ID and the IMS datatype or keyName.

    Examples:
    View

    Response

    Response Body

    SetTagsResults

    Results of a set_tags request

    Status Code

    • 200

      The array of set tag operations result

    • 400

      Bad request

    • 401

      Unauthorized, wrong authorization token type, or IAM authorization token was not valid.

    • default

      System problem or unexpected error

    Example responses
    • {
  "results": [
    {
      "resource_id": "58546459",
      "resource_type": "NETWORK_VLAN_FIREWALL",
      "is_error": false
    }
  ]
}