Auth Service (2.4.2)

Download OpenAPI specification:Download

This is the spec that defines the API provided by the application to provide auth across the cluster

Auth

Validate Token

Validate if the input token is valid

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Create access token

Create an access token for EFA

Request Body schema: application/json

Credentials to fetch a token

username
string

Name of the user for whom the token has to be generated

password
string

Password for the above user

Responses

Request samples

Content type
application/json
{
  • "username": "admin",
  • "password": "password"
}

Response samples

Content type
application/json
{
  • "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  • "token-type": "Bearer",
  • "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Create access token for clients

Create an access token for EFA clients

Request Body schema: application/json

Client Credentials to fetch a token

username
string

Name of the user for whom the token has to be generated

password
string

Password for the above user

clientId
string

ID of the registered client

Responses

Request samples

Content type
application/json
{
  • "username": "admin",
  • "password": "password"
}

Response samples

Content type
application/json
{
  • "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  • "token-type": "Bearer"
}

Get access token with refresh token

Get access token with refresh token

Request Body schema: application/json

Refresh token

refresh-token
string

refresh token

grant-type
string

grant type(refresh_token)

Responses

Request samples

Content type
application/json
{
  • "grant-type": "refresh_token",
  • "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Response samples

Content type
application/json
{
  • "access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  • "token-type": "Bearer",
  • "refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Get key for EFA client

Get API key for EFA client

query Parameters
clientId
required
string

Client ID

Responses

Response samples

Content type
application/json
{
  • "apiKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Create a key for EFA clients

Create a key for EFA clients

query Parameters
force
required
boolean

Force key regenerate

Request Body schema: application/json

Credentials to fetch a token

clientId
string

ID of the registered client

Responses

Request samples

Content type
application/json
{
  • "clientId": "sdjfdjskjd"
}

Response samples

Content type
application/json
{
  • "apiKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Get Token Expiry Time

Return Token Expiry Time

query Parameters
type
required
string

Type of the token

Responses

Response samples

Content type
application/json
{
  • "type": "ACCESS",
  • "hours": 0,
  • "minutes": 15
}

Update Token Expiry Time

Update Token Expiry Time For A Specific Token

Request Body schema: application/json

Type of the EFA token

type
string

Type of the token

hours
integer

Hours for token expiry

minutes
integer

Minutes for token expiry

Responses

Request samples

Content type
application/json
{
  • "type": "ACCESS",
  • "hours": 0,
  • "minutes": 15
}

Response samples

Content type
application/json
{
  • "type": "ACCESS",
  • "hours": 0,
  • "minutes": 15
}

Get All Tokens Expiry Time

Return All Tokens Expiry Times

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Fetch all client details

Fetch all client details configured in the application

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Fetch client details by name

Fetch client details by name

query Parameters
name
required
string

Name of the client

Responses

Response samples

Content type
application/json
{
  • "name": "tenantname",
  • "clientID": "askjf-djffi-dwokd-askls",
  • "clientType": "openstack"
}

Register a new client

Register a new client to access EFA

Request Body schema: application/json

Details of the client

name
string

Name for the client(tenant name for Openstack clients)

clientType
string

Type of the client(openstack for Openstack clients)

Responses

Request samples

Content type
application/json
{
  • "name": "tenantname",
  • "clientType": "openstack"
}

Response samples

Content type
application/json
{
  • "name": "tenantname",
  • "clientID": "askjf-djffi-dwokd-askls",
  • "clientType": "openstack"
}

Delete a registered client

Delete a registered client by its name

query Parameters
name
required
string

Name of the registered client

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Fetch registered LDAP server details

Fetch LDAP details by name

query Parameters
name
required
string

Name given for the ldap connection

Responses

Response samples

Content type
application/json
{
  • "id": 0,
  • "name": "string",
  • "primary": 0,
  • "host": "string",
  • "port": "string",
  • "tls": true,
  • "insecure-tls": true,
  • "cacert": "string",
  • "timeout": 0,
  • "bind-user-name": "string",
  • "bind-user-password": "string",
  • "user-search-base": "string",
  • "user-object-class": "string",
  • "user-login-attribute": "string",
  • "user-role-attribute": "string",
  • "user-role-attribute-key": "string",
  • "user-member-attribute": "string",
  • "group-search-base": "string",
  • "group-object-class": "string",
  • "group-attribute": "string",
  • "group-member-user-attribute": "string",
  • "group-member-mapping-attribute": "string"
}

Update LDAP configuration

Update LDAP configuration for authentication

query Parameters
name
required
string

Name of the registered LDAP Server

Request Body schema: application/json

Details of the LDAP Server

name
string

Name for the LDAP connection

primary
required
integer

Set to 1 when multiple LDAP connections are available

host
string

Specify the hostname or IP address

port
string

Specify the port at which the OpenLDAP server is listening for connections

tls
required
boolean

Enable to use LDAP over SSL/TLS

insecure-tls
required
boolean

Enable to use LDAP without cert verification

cacert
string

CA certificate

timeout
required
integer

Duration in number of seconds before considering the server unreachable(defaults to 5 sec)

bind-user-name
string

Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries

bind-user-password
string

Password of the bind user

user-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects.

user-object-class
string

Name of the object class used for user objects(defaults to inetOrgPerson)

user-login-attribute
string

The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid)

user-role-attribute
string

The attribute to read the role of user from

user-role-attribute-key
string

The attribute to read the role value from role attribute

user-member-attribute
string

The attribute to read the member of the group the user is part of

group-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects.

group-object-class
string

Name of the object class used for group objects(defaults to groupOfNames)

group-attribute
string

Attribute to define search filter on group(defaults to cn)

group-member-user-attribute
string

The name of the user attribute whose format matches the group members(defualts to entrydn)

group-member-mapping-attribute
string

The name of the group attribute containing the members of a group(defaults to member)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "primary": 0,
  • "host": "string",
  • "port": "string",
  • "tls": true,
  • "insecure-tls": true,
  • "cacert": "string",
  • "timeout": 0,
  • "bind-user-name": "string",
  • "bind-user-password": "string",
  • "user-search-base": "string",
  • "user-object-class": "string",
  • "user-login-attribute": "string",
  • "user-role-attribute": "string",
  • "user-role-attribute-key": "string",
  • "user-member-attribute": "string",
  • "group-search-base": "string",
  • "group-object-class": "string",
  • "group-attribute": "string",
  • "group-member-user-attribute": "string",
  • "group-member-mapping-attribute": "string"
}

Response samples

Content type
application/json
{
  • "id": 0,
  • "name": "string",
  • "primary": 0,
  • "host": "string",
  • "port": "string",
  • "tls": true,
  • "insecure-tls": true,
  • "cacert": "string",
  • "timeout": 0,
  • "bind-user-name": "string",
  • "bind-user-password": "string",
  • "user-search-base": "string",
  • "user-object-class": "string",
  • "user-login-attribute": "string",
  • "user-role-attribute": "string",
  • "user-role-attribute-key": "string",
  • "user-member-attribute": "string",
  • "group-search-base": "string",
  • "group-object-class": "string",
  • "group-attribute": "string",
  • "group-member-user-attribute": "string",
  • "group-member-mapping-attribute": "string"
}

Register a new LDAP Server

Register a new LDAP Server for authentication

Request Body schema: application/json

Details of the LDAP Server

name
string

Name for the LDAP connection

primary
required
integer

Set to 1 when multiple LDAP connections are available

host
string

Specify the hostname or IP address

port
string

Specify the port at which the OpenLDAP server is listening for connections

tls
required
boolean

Enable to use LDAP over SSL/TLS

insecure-tls
required
boolean

Enable to use LDAP without cert verification

cacert
string

CA certificate

timeout
required
integer

Duration in number of seconds before considering the server unreachable(defaults to 5 sec)

bind-user-name
string

Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries

bind-user-password
string

Password of the bind user

user-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects.

user-object-class
string

Name of the object class used for user objects(defaults to inetOrgPerson)

user-login-attribute
string

The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid)

user-role-attribute
string

The attribute to read the role of user from

user-role-attribute-key
string

The attribute to read the role value from role attribute

user-member-attribute
string

The attribute to read the member of the group the user is part of

group-search-base
string

Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects.

group-object-class
string

Name of the object class used for group objects(defaults to groupOfNames)

group-attribute
string

Attribute to define search filter on group(defaults to cn)

group-member-user-attribute
string

The name of the user attribute whose format matches the group members(defualts to entrydn)

group-member-mapping-attribute
string

The name of the group attribute containing the members of a group(defaults to member)

Responses

Request samples

Content type
application/json
{
  • "name": "string",
  • "primary": 0,
  • "host": "string",
  • "port": "string",
  • "tls": true,
  • "insecure-tls": true,
  • "cacert": "string",
  • "timeout": 0,
  • "bind-user-name": "string",
  • "bind-user-password": "string",
  • "user-search-base": "string",
  • "user-object-class": "string",
  • "user-login-attribute": "string",
  • "user-role-attribute": "string",
  • "user-role-attribute-key": "string",
  • "user-member-attribute": "string",
  • "group-search-base": "string",
  • "group-object-class": "string",
  • "group-attribute": "string",
  • "group-member-user-attribute": "string",
  • "group-member-mapping-attribute": "string"
}

Response samples

Content type
application/json
{
  • "id": 0,
  • "name": "string",
  • "primary": 0,
  • "host": "string",
  • "port": "string",
  • "tls": true,
  • "insecure-tls": true,
  • "cacert": "string",
  • "timeout": 0,
  • "bind-user-name": "string",
  • "bind-user-password": "string",
  • "user-search-base": "string",
  • "user-object-class": "string",
  • "user-login-attribute": "string",
  • "user-role-attribute": "string",
  • "user-role-attribute-key": "string",
  • "user-member-attribute": "string",
  • "group-search-base": "string",
  • "group-object-class": "string",
  • "group-attribute": "string",
  • "group-member-user-attribute": "string",
  • "group-member-mapping-attribute": "string"
}

Delete a registered LDAP server

Delete a registered LDAP server

query Parameters
name
required
string

Name of the registered LDAP Server

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Get all LDAP connection details

Get All LDAP details configured in the application

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Trouble Shooting

Get execution details

Get the detailed output of the given execution ID

query Parameters
id
required
string

Execution ID

Responses

Response samples

Content type
application/json
{
  • "start_time": "2000-01-23T04:56:07.000Z",
  • "end_time": "2000-01-23T04:56:07.000Z",
  • "id": "id",
  • "parameters": "client add",
  • "logs": "logs",
  • "command": "client add",
  • "status": "Failed, Succeeded"
}

deleteExecutions

This API will delete the execution entries older than specific number of days

query Parameters
days_older_by
required
integer
Default: 30

Deletes execution entries older than specified number of days

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}

Get Execution List

Get the list of all the previous executions

query Parameters
limit
required
integer
Default: 10

Limit the number of executions that will be sent in the response. Default is 10

status
string
Default: "all"

Filter the executions based on the status(failed/succeeded/all)

Responses

Response samples

Content type
application/json
{
  • "items":
    [
    ]
}

Role

Fetch role mapping details

Fetch role mapping details

Responses

Response samples

Content type
application/json
[
  • {
    }
]

Add new role mapping

Add new role mapping

Request Body schema: application/json

Details of the mapping to be created

name
string

Name for the user or group for whom role is to assigned

role
string

Name of the role to be assigned

type
string

Type of the assignment (user or group)

Responses

Request samples

Content type
application/json
{
  • "name": "tenantname",
  • "role": "TenantAdmin",
  • "type": "user"
}

Response samples

Content type
application/json
{
  • "id": 1,
  • "name": "tenantname",
  • "role": "TenantAdmin",
  • "type": "user"
}

Delete a role mapping

Delete the role mapping

query Parameters
id
required
string

ID of the role mapping that is created

Responses

Response samples

Content type
application/json
{
  • "code": 0,
  • "message": "message"
}