Admin Users API
Summary
Admin User API methods allow clients to perform CRUD (Create, Read, Update and Delete) operations on admin users and their roles.
Description
The Admin Users API is exposed by the Admin Node Manager. Admin users are the users used to perform management operations on the domain. RBAC is applied to all management requests in order to determine if the admin user is allowed to invoke the request. This API is used to manage admin user accounts and RBAC roles for domain management services. This API will update the contents of the Admin User Store, i.e. the VDISTDIR/conf/adminUsers.json file.The mapping of roles to permissions is performed outside of this API in the VDISTDIR/conf/acl.json file.
Resources
GET /api/adminusers/adminusers
Summary
Get the admin users store
Description
Get the admin users store
Parameters
none
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Array
[ AdminUserStore ]
Example
GET https://localhost:8075/api/adminusers/adminusers
ResponseHTTP 1.1 200 OK
{
"result" : {
"productVersion" : "7.3.0",
"version" : 1,
"timestamp" : 0,
"adminUsers" : [ {
"id" : "user-1",
"name" : "admin",
"roles" : [ "role-1", "role-6", "role-7" ]
} ],
"adminUserPasswords" : {
"user-1" : "Y2hhbmdlbWU="
},
"adminUserRoles" : [ {
"id" : "role-1",
"name" : "API Server Administrator"
}, {
"id" : "role-2",
"name" : "API Server Operator"
}, {
"id" : "role-5",
"name" : "Deployer"
}, {
"id" : "role-6",
"name" : "KPS Administrator"
}, {
"id" : "role-7",
"name" : "Policy Developer"
} ],
"uniqueIdCounters" : {
"User" : 2,
"Role" : 8
}
}
}PUT /api/adminusers/adminusers
Summary
Updates the Admin User Store on disk.
Description
Updates the Admin User Store on disk. Used to replicate version across Node Managers
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
The admin user store | AdminUserStore | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Array
[ AdminUserStore ]
Example
PUT https://localhost:8075/api/adminusers/adminusers
ResponseHTTP 1.1 200 OK
{
"result" : {
"productVersion" : "7.3.0",
"version" : 1,
"timestamp" : 0,
"adminUsers" : [ {
"id" : "user-1",
"name" : "admin",
"roles" : [ "role-1", "role-6", "role-7" ]
} ],
"adminUserPasswords" : {
"user-1" : "Y2hhbmdlbWU="
},
"adminUserRoles" : [ {
"id" : "role-1",
"name" : "API Server Administrator"
}, {
"id" : "role-2",
"name" : "API Server Operator"
}, {
"id" : "role-5",
"name" : "Deployer"
}, {
"id" : "role-6",
"name" : "KPS Administrator"
}, {
"id" : "role-7",
"name" : "Policy Developer"
} ],
"uniqueIdCounters" : {
"User" : 2,
"Role" : 8
}
}
}GET /api/adminusers/adminusers/advisorybanner
Summary
none
Description
none
Parameters
none
Status Codes
| HTTP Status Code | Reason |
|---|
Returns Array
[ AdvisoryBanner ]
Example
GET https://localhost:8075/api/adminusers/adminusers/advisorybanner
ResponseHTTP 1.1 200 OK
{
"bannerEnabled" : false,
"bannerText" : "Warning - unauthorized use of this tool is strictly prohibited and subject to audit, investigation, and potential prosecution."
}PUT /api/adminusers/adminusers/advisorybanner
Summary
none
Description
none
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
AdvisoryBanner | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|
Returns Array
[ AdvisoryBanner ]
Example
PUT https://localhost:8075/api/adminusers/adminusers/advisorybanner
ResponseHTTP 1.1 200 OK
{
"bannerEnabled" : false,
"bannerText" : "Warning - unauthorized use of this tool is strictly prohibited and subject to audit, investigation, and potential prosecution."
}GET /api/adminusers/adminusers/passwordpolicy
Summary
Returns the current password policy for admin users.
Description
Returns the current password policy for admin users.
Parameters
none
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Array
[ PasswordPolicy ]
Example
GET https://localhost:8075/api/adminusers/adminusers/passwordpolicy
ResponseHTTP 1.1 200 OK
{
"enabled" : true,
"assertions" : [ {
"description" : "general",
"matchCount" : "*",
"enabled" : true,
"assertion" : [ {
"enabled" : true,
"resourceID" : "PASSWORD_DISTANCE",
"name" : "Password Distance",
"minimumDistance" : "2"
}, {
"enabled" : true,
"timeToLive" : "31536000000",
"resourceID" : "PASSWORD_LIFETIME",
"name" : "Password Lifetime"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_MIN_LENGTH",
"minLength" : "4",
"name" : "Password must be longer than N characters"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_CONTAINING_ACC_NAME",
"name" : "Password cannot contain account name"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_EQUAL_TO_ACC_NAME",
"name" : "Password cannot be the same as the account name"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_EQUAL_TO_REV_ACC_NAME",
"name" : "Password cannot be the same as the reverse of account name"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_IN_HISTORY",
"name" : "Password not in history",
"count" : "10"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_NULL",
"name" : "Password cannot be empty"
} ]
}, {
"description" : "composition",
"matchCount" : "*",
"enabled" : true,
"assertion" : [ {
"enabled" : true,
"resourceID" : "MUST_CONTAIN_DIGIT",
"name" : "Must contain a number",
"count" : "1"
}, {
"enabled" : true,
"characters" : "~!@#$%^&*()-_=+\\|[{}];:'\",<.>/ ?",
"resourceID" : "MUST_CONTAIN_SPECIAL_CHARACTERS",
"name" : "Must contain a special character",
"count" : "1"
}, {
"enabled" : true,
"resourceID" : "MUST_HAVE_LOWER_CASE",
"name" : "Must contain an lower case character",
"count" : "1"
}, {
"enabled" : true,
"resourceID" : "MUST_HAVE_UPPER_CASE",
"name" : "Must contain an upper case character",
"count" : "1"
} ]
} ],
"version" : 3,
"dataVersion" : "7.4.1",
"timestamp" : 1435851777806
}PUT /api/adminusers/adminusers/passwordpolicy
Summary
Save password policy for admin users on disk
Description
Save password policy for admin users on disk
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
The Password Policy parameters to store | PasswordPolicy | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Class
Example
PUT https://localhost:8075/api/adminusers/adminusers/passwordpolicy
ResponseHTTP 1.1 200 OK
{
"enabled" : true,
"assertions" : [ {
"description" : "general",
"matchCount" : "*",
"enabled" : true,
"assertion" : [ {
"enabled" : true,
"resourceID" : "PASSWORD_DISTANCE",
"name" : "Password Distance",
"minimumDistance" : "2"
}, {
"enabled" : true,
"timeToLive" : "31536000000",
"resourceID" : "PASSWORD_LIFETIME",
"name" : "Password Lifetime"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_MIN_LENGTH",
"minLength" : "4",
"name" : "Password must be longer than N characters"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_CONTAINING_ACC_NAME",
"name" : "Password cannot contain account name"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_EQUAL_TO_ACC_NAME",
"name" : "Password cannot be the same as the account name"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_EQUAL_TO_REV_ACC_NAME",
"name" : "Password cannot be the same as the reverse of account name"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_IN_HISTORY",
"name" : "Password not in history",
"count" : "10"
}, {
"enabled" : true,
"resourceID" : "PASSWORD_NOT_NULL",
"name" : "Password cannot be empty"
} ]
}, {
"description" : "composition",
"matchCount" : "*",
"enabled" : true,
"assertion" : [ {
"enabled" : true,
"resourceID" : "MUST_CONTAIN_DIGIT",
"name" : "Must contain a number",
"count" : "1"
}, {
"enabled" : true,
"characters" : "~!@#$%^&*()-_=+\\|[{}];:'\",<.>/ ?",
"resourceID" : "MUST_CONTAIN_SPECIAL_CHARACTERS",
"name" : "Must contain a special character",
"count" : "1"
}, {
"enabled" : true,
"resourceID" : "MUST_HAVE_LOWER_CASE",
"name" : "Must contain an lower case character",
"count" : "1"
}, {
"enabled" : true,
"resourceID" : "MUST_HAVE_UPPER_CASE",
"name" : "Must contain an upper case character",
"count" : "1"
} ]
} ],
"version" : 3,
"dataVersion" : "7.4.1",
"timestamp" : 1435851777806
}POST /api/adminusers/adminusers/roles
Summary
Create an admin user role.
Description
Create an admin user role.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
Admin user role | AdminUserRole | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 201 | Created |
| 400 | Bad Request |
| 500 | Internal Server Error |
Returns Array
[ AdminUserRole ]
Example
POST https://localhost:8075/api/adminusers/adminusers/roles
ResponseHTTP 1.1 200 OK
{
"result" : [ {
"id" : "role-1",
"name" : "API Server Administrator"
}, {
"id" : "role-2",
"name" : "API Server Operator"
}, {
"id" : "role-5",
"name" : "Deployer"
}, {
"id" : "role-6",
"name" : "KPS Administrator"
}, {
"id" : "role-7",
"name" : "Policy Developer"
} ]
}GET /api/adminusers/adminusers/roles
Summary
Get all admin user roles.
Description
Get all admin user roles.
Parameters
none
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Array
[ AdminUserRole ]
Example
GET https://localhost:8075/api/adminusers/adminusers/roles
ResponseHTTP 1.1 200 OK
{
"result" : [ {
"id" : "role-1",
"name" : "API Server Administrator"
}, {
"id" : "role-2",
"name" : "API Server Operator"
}, {
"id" : "role-5",
"name" : "Deployer"
}, {
"id" : "role-6",
"name" : "KPS Administrator"
}, {
"id" : "role-7",
"name" : "Policy Developer"
} ]
}GET /api/adminusers/adminusers/roles/{roleID}
Summary
Get a particular admin user role.
Description
Get a particular admin user role.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
roleID |
The role to be returned | String | path | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 404 | Not Found |
| 500 | Internal Server Error |
Returns Array
[ AdminUserRole ]
Example
GET https://localhost:8075/api/adminusers/adminusers/roles/{roleID}
ResponseHTTP 1.1 200 OK
{
"result" : [ {
"id" : "role-1",
"name" : "API Server Administrator"
}, {
"id" : "role-2",
"name" : "API Server Operator"
}, {
"id" : "role-5",
"name" : "Deployer"
}, {
"id" : "role-6",
"name" : "KPS Administrator"
}, {
"id" : "role-7",
"name" : "Policy Developer"
} ]
}DELETE /api/adminusers/adminusers/roles/{roleID}
Summary
Deletes a role.
Description
Deletes a role.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
roleID |
The role to be deleted | String | path | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 204 | No Content |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
POST /api/adminusers/adminusers/strongpassword
Summary
Validates if the supplied password is strong enough according to the active password policy.
Description
Validates if the supplied password is strong enough according to the active password policy.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
Password validation request | PasswordValidationRequest | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 201 | Created |
| 400 | Bad Request |
| 303 | See Other |
Returns Class
Example
POST https://localhost:8075/api/adminusers/adminusers/strongpassword
Request
{
"username" : "admin",
"oldPassword" : "foobar",
"newPassword" : "boo"
}Response
HTTP 1.1 200 OK{
"result" : {
"failed" : [ "Password must be longer than 4 characters" ],
"passed" : [ "Password can not be empty", "Password is the same as the account name", "Password is the same as the reverse of the account name" ]
}
}POST /api/adminusers/adminusers/users
Summary
Create an admin user.
Description
Create an admin user. The password is sent in the clear in the request body, but this will be sent over SSL. The password is encrypted before being written to the Admin User Store, i.e. the VDISTDIR/conf/adminUsers.json file.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
Request to create or update an admin user | AdminUserRequest | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 201 | Created |
| 400 | Bad Request |
| 500 | Internal Server Error |
Returns Array
[ AdminUser ]
Example
POST https://localhost:8075/api/adminusers/adminusers/users
ResponseHTTP 1.1 201 Created
{
"result" : [ {
"id" : "user-1",
"name" : "admin",
"roles" : [ "role-1", "role-6", "role-7" ]
} ]
}GET /api/adminusers/adminusers/users
Summary
Get all admin users
Description
Get all admin users
Parameters
none
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Array
[ AdminUser ]
Example
GET https://localhost:8075/api/adminusers/adminusers/users
ResponseHTTP 1.1 200 OK
{
"result" : [ {
"id" : "user-1",
"name" : "admin",
"roles" : [ "role-1", "role-6", "role-7" ]
} ]
}PUT /api/adminusers/adminusers/users/password
Summary
Reset logged-in user password.
Description
Resets the password.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
- |
String | body | Required | ||
newPassword |
The new password | query | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
Example
PUT https://localhost:8075/api/adminusers/adminusers/users/password
Request
""Response
HTTP 1.1 200 OK""DELETE /api/adminusers/adminusers/users/{userID}
Summary
Deletes an admin user.
Description
Deletes an admin user.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
userID |
The admin user to be deleted | String | path | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 204 | No Content |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
GET /api/adminusers/adminusers/users/{userID}
Summary
Get a particular admin user
Description
Get a particular admin user
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
userID |
The id of the admin user to retrieve | string | path | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 404 | Not Found |
| 500 | Internal Server Error |
Returns Array
[ AdminUser ]
Example
GET https://localhost:8075/api/adminusers/adminusers/users/{userID}
ResponseHTTP 1.1 200 OK
{
"result" : [ {
"id" : "user-1",
"name" : "admin",
"roles" : [ "role-1", "role-6", "role-7" ]
} ]
}PUT /api/adminusers/adminusers/users/{userID}
Summary
Deletes an admin user.
Description
Update an admin user's roles, or password. It is possible to update the user roles without updating the password, (leave out the password in the request body). It is possible to update the user's password only, (leave out the adminUser in the request body). It is possible to update the user's roles and password at the same time. The id or name of a user cannot be updated.The password is sent in the clear in the request body, but this will be sent over SSL. The password is encrypted before being written to the Admin User Store, i.e. the VDISTDIR/conf/adminUsers.json file.
Parameters
| Parameter | Description | Data Type | Location | Required | Multiple |
|---|---|---|---|---|---|
userID |
The admin user to be updated | String | path | Required | |
- |
Request to create or update an admin user | AdminUserRequest | body | Required |
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 400 | Bad Request |
| 404 | Not Found |
| 500 | Internal Server Error |
Returns Array
[ AdminUser ]
Example
PUT https://localhost:8075/api/adminusers/adminusers/users/{userID}
ResponseHTTP 1.1 200 OK
{
"result" : [ {
"id" : "user-1",
"name" : "admin",
"roles" : [ "role-1", "role-6", "role-7" ]
} ]
}GET /api/adminusers/adminusers/version
Summary
Get the version of the admin user store
Description
Get the admin users store
Parameters
none
Status Codes
| HTTP Status Code | Reason |
|---|---|
| 200 | OK |
| 500 | Internal Server Error |
Returns Array
Example
GET https://localhost:8075/api/adminusers/adminusers/version
ResponseHTTP 1.1 200 OK
{
"result" : {
"version" : 1,
"timestamp" : 0
}
}