Auth Service (2.5.5)

Download OpenAPI specification:Download

Extreme Networks: support@extremenetworks.com URL: http://www.extremenetworks.com License: Apache license

This is the spec that defines the API provided by the application to provide auth across the cluster

Auth

Validate Token

Validate if the input token is valid

Responses

Response samples

401
500

Content type

application/json

{"code": 0,
"message": "message"
}

Create access token

Create an access token for EFA

Request Body schema: application/json

Credentials to fetch a token

username	string Name of the user for whom the token has to be generated
password	string Password for the above user

Responses

Request samples

Payload

Content type

application/json

{"username": "admin",
"password": "password"
}

Response samples

200
401
500
default

Content type

application/json

{"access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token-type": "Bearer",
"refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Create system access token

Create a system access token for EFA

Responses

Response samples

200
401
500
default

Content type

application/json

{"access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token-type": "Bearer",
"refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Create access token for clients

Create an access token for EFA clients

Request Body schema: application/json

Client Credentials to fetch a token

username	string Name of the user for whom the token has to be generated
password	string Password for the above user
clientId	string ID of the registered client

Responses

Request samples

Payload

Content type

application/json

{"username": "admin",
"password": "password"
}

Response samples

200
401
500
default

Content type

application/json

{"access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token-type": "Bearer"
}

Get access token with refresh token

Request Body schema: application/json

Refresh token

refresh-token	string refresh token
grant-type	string grant type(refresh_token)

Responses

Request samples

Payload

Content type

application/json

{"grant-type": "refresh_token",
"refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Response samples

200
401
500
default

Content type

application/json

{"access-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token-type": "Bearer",
"refresh-token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Get key for EFA client

Get API key for EFA client

query Parameters

clientId

required

string

Client ID

Responses

Response samples

200
401
500
default

Content type

application/json

{"apiKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Create a key for EFA clients

query Parameters

force

required

boolean

Force key regenerate

Request Body schema: application/json

Credentials to fetch a token

clientId

string

ID of the registered client

Responses

Request samples

Payload

Content type

application/json

{"clientId": "sdjfdjskjd"
}

Response samples

200
401
500
default

Content type

application/json

{"apiKey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Get Token Expiry Time

Return Token Expiry Time

query Parameters

type

required

string

Type of the token

Responses

Response samples

200
401
500
default

Content type

application/json

{"type": "ACCESS",
"hours": 0,
"minutes": 15
}

Update Token Expiry Time

Update Token Expiry Time For A Specific Token

Request Body schema: application/json

Type of the EFA token

type	string Type of the token
hours	integer Hours for token expiry
minutes	integer Minutes for token expiry

Responses

Request samples

Payload

Content type

application/json

{"type": "ACCESS",
"hours": 0,
"minutes": 15
}

Response samples

200
401
500
default

Content type

application/json

{"type": "ACCESS",
"hours": 0,
"minutes": 15
}

Get All Tokens Expiry Time

Return All Tokens Expiry Times

Responses

Response samples

200
401
500
default

Content type

application/json

[{"type": "ACCESS",
"hours": 0,
"minutes": 15
}
]

Fetch all client details

Fetch all client details configured in the application

Responses

Response samples

200
401
500
default

Content type

application/json

[{"name": "tenantname",
"clientID": "askjf-djffi-dwokd-askls",
"clientType": "openstack"
}
]

Fetch client details by name

query Parameters

name

required

string

Name of the client

Responses

Response samples

200
401
500
default

Content type

application/json

{"name": "tenantname",
"clientID": "askjf-djffi-dwokd-askls",
"clientType": "openstack"
}

Register a new client

Register a new client to access EFA

Request Body schema: application/json

Details of the client

name	string Name for the client(tenant name for Openstack clients)
clientType	string Type of the client(openstack for Openstack clients)

Responses

Request samples

Payload

Content type

application/json

{"name": "tenantname",
"clientType": "openstack"
}

Response samples

200
401
500
default

Content type

application/json

{"name": "tenantname",
"clientID": "askjf-djffi-dwokd-askls",
"clientType": "openstack"
}

Delete a registered client

Delete a registered client by its name

query Parameters

name

required

string

Name of the registered client

Responses

Response samples

401
500
default

Content type

application/json

{"code": 0,
"message": "message"
}

Fetch registered LDAP server details

Fetch LDAP details by name

query Parameters

name

required

string

Name given for the ldap connection

Responses

Response samples

200
401
500
default

Content type

application/json

{"id": 0,
"name": "string",
"primary": 0,
"host": "string",
"port": "string",
"tls": true,
"insecure-tls": true,
"cacert": "string",
"timeout": 0,
"bind-user-name": "string",
"bind-user-password": "string",
"user-search-base": "string",
"user-object-class": "string",
"user-login-attribute": "string",
"user-role-attribute": "string",
"user-role-attribute-key": "string",
"user-member-attribute": "string",
"group-search-base": "string",
"group-object-class": "string",
"group-attribute": "string",
"group-member-user-attribute": "string",
"group-member-mapping-attribute": "string"
}

Update LDAP configuration

Update LDAP configuration for authentication

query Parameters

name

required

string

Name of the registered LDAP Server

Request Body schema: application/json

Details of the LDAP Server

name	string Name for the LDAP connection
primary required	integer Set to 1 when multiple LDAP connections are available
host	string Specify the hostname or IP address
port	string Specify the port at which the OpenLDAP server is listening for connections
tls required	boolean Enable to use LDAP over SSL/TLS
insecure-tls required	boolean Enable to use LDAP without cert verification
cacert	string CA certificate
timeout required	integer Duration in number of seconds before considering the server unreachable(defaults to 5 sec)
bind-user-name	string Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries
bind-user-password	string Password of the bind user
user-search-base	string Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects.
user-object-class	string Name of the object class used for user objects(defaults to inetOrgPerson)
user-login-attribute	string The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid)
user-role-attribute	string The attribute to read the role of user from
user-role-attribute-key	string The attribute to read the role value from role attribute
user-member-attribute	string The attribute to read the member of the group the user is part of
group-search-base	string Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects.
group-object-class	string Name of the object class used for group objects(defaults to groupOfNames)
group-attribute	string Attribute to define search filter on group(defaults to cn)
group-member-user-attribute	string The name of the user attribute whose format matches the group members(defualts to entrydn)
group-member-mapping-attribute	string The name of the group attribute containing the members of a group(defaults to member)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"primary": 0,
"host": "string",
"port": "string",
"tls": true,
"insecure-tls": true,
"cacert": "string",
"timeout": 0,
"bind-user-name": "string",
"bind-user-password": "string",
"user-search-base": "string",
"user-object-class": "string",
"user-login-attribute": "string",
"user-role-attribute": "string",
"user-role-attribute-key": "string",
"user-member-attribute": "string",
"group-search-base": "string",
"group-object-class": "string",
"group-attribute": "string",
"group-member-user-attribute": "string",
"group-member-mapping-attribute": "string"
}

Response samples

200
401
500
default

Content type

application/json

{"id": 0,
"name": "string",
"primary": 0,
"host": "string",
"port": "string",
"tls": true,
"insecure-tls": true,
"cacert": "string",
"timeout": 0,
"bind-user-name": "string",
"bind-user-password": "string",
"user-search-base": "string",
"user-object-class": "string",
"user-login-attribute": "string",
"user-role-attribute": "string",
"user-role-attribute-key": "string",
"user-member-attribute": "string",
"group-search-base": "string",
"group-object-class": "string",
"group-attribute": "string",
"group-member-user-attribute": "string",
"group-member-mapping-attribute": "string"
}

Register a new LDAP Server

Register a new LDAP Server for authentication

Request Body schema: application/json

Details of the LDAP Server

name	string Name for the LDAP connection
primary required	integer Set to 1 when multiple LDAP connections are available
host	string Specify the hostname or IP address
port	string Specify the port at which the OpenLDAP server is listening for connections
tls required	boolean Enable to use LDAP over SSL/TLS
insecure-tls required	boolean Enable to use LDAP without cert verification
cacert	string CA certificate
timeout required	integer Duration in number of seconds before considering the server unreachable(defaults to 5 sec)
bind-user-name	string Distinguished Name (DN) of the user that should be used to bind, search and retrieve LDAP entries
bind-user-password	string Password of the bind user
user-search-base	string Enter the Distinguished Name of the node in your directory tree from which to start searching for user objects.
user-object-class	string Name of the object class used for user objects(defaults to inetOrgPerson)
user-login-attribute	string The attribute whose value matches the username part of credentials entered by your users when logging in(defualts to uid)
user-role-attribute	string The attribute to read the role of user from
user-role-attribute-key	string The attribute to read the role value from role attribute
user-member-attribute	string The attribute to read the member of the group the user is part of
group-search-base	string Enter the Distinguished Name of the node in your directory tree from which to start searching for group objects.
group-object-class	string Name of the object class used for group objects(defaults to groupOfNames)
group-attribute	string Attribute to define search filter on group(defaults to cn)
group-member-user-attribute	string The name of the user attribute whose format matches the group members(defualts to entrydn)
group-member-mapping-attribute	string The name of the group attribute containing the members of a group(defaults to member)

Responses

Request samples

Payload

Content type

application/json

{"name": "string",
"primary": 0,
"host": "string",
"port": "string",
"tls": true,
"insecure-tls": true,
"cacert": "string",
"timeout": 0,
"bind-user-name": "string",
"bind-user-password": "string",
"user-search-base": "string",
"user-object-class": "string",
"user-login-attribute": "string",
"user-role-attribute": "string",
"user-role-attribute-key": "string",
"user-member-attribute": "string",
"group-search-base": "string",
"group-object-class": "string",
"group-attribute": "string",
"group-member-user-attribute": "string",
"group-member-mapping-attribute": "string"
}

Response samples

200
401
500
default

Content type

application/json

{"id": 0,
"name": "string",
"primary": 0,
"host": "string",
"port": "string",
"tls": true,
"insecure-tls": true,
"cacert": "string",
"timeout": 0,
"bind-user-name": "string",
"bind-user-password": "string",
"user-search-base": "string",
"user-object-class": "string",
"user-login-attribute": "string",
"user-role-attribute": "string",
"user-role-attribute-key": "string",
"user-member-attribute": "string",
"group-search-base": "string",
"group-object-class": "string",
"group-attribute": "string",
"group-member-user-attribute": "string",
"group-member-mapping-attribute": "string"
}

Delete a registered LDAP server

query Parameters

name

required

string

Name of the registered LDAP Server

Responses

Response samples

401
500
default

Content type

application/json

{"code": 0,
"message": "message"
}

Get all LDAP connection details

Get All LDAP details configured in the application

Responses

Response samples

200
404
500
default

Content type

application/json

[{"id": 0,
"name": "string",
"primary": 0,
"host": "string",
"port": "string",
"tls": true,
"insecure-tls": true,
"cacert": "string",
"timeout": 0,
"bind-user-name": "string",
"bind-user-password": "string",
"user-search-base": "string",
"user-object-class": "string",
"user-login-attribute": "string",
"user-role-attribute": "string",
"user-role-attribute-key": "string",
"user-member-attribute": "string",
"group-search-base": "string",
"group-object-class": "string",
"group-attribute": "string",
"group-member-user-attribute": "string",
"group-member-mapping-attribute": "string"
}
]

Trouble Shooting

Get execution details

Get the detailed output of the given execution ID

query Parameters

id

required

string

Execution ID

Responses

Response samples

200
401
500
default

Content type

application/json

{"start_time": "2000-01-23T04:56:07.000Z",
"end_time": "2000-01-23T04:56:07.000Z",
"id": "id",
"parameters": "client add",
"logs": "logs",
"command": "client add",
"status": "Failed, Succeeded"
}

deleteExecutions

This API will delete the execution entries older than specific number of days

query Parameters

days_older_by

required

integer

Default: 30

Deletes execution entries older than specified number of days

Responses

Response samples

401
500
default

Content type

application/json

{"code": 0,
"message": "message"
}

Get Execution List

Get the list of all the previous executions

query Parameters

limit required	integer Default: 10 Limit the number of executions that will be sent in the response. Default is 10
status	string Default: "all" Filter the executions based on the status(failed/succeeded/all)

Responses

Response samples

200
401
500
default

Content type

application/json

{"items": [{"start_time": "2000-01-23T04:56:07.000Z",
"end_time": "2000-01-23T04:56:07.000Z",
"id": "id",
"command": "client add",
"status": "client add"
},
{"start_time": "2000-01-23T04:56:07.000Z",
"end_time": "2000-01-23T04:56:07.000Z",
"id": "id",
"command": "client add",
"status": "client add"
}
]
}

Role

Fetch role mapping details

Responses

Response samples

200
401
500
default

Content type

application/json

[{"id": 1,
"name": "tenantname",
"role": "TenantAdmin",
"type": "user"
}
]

Add new role mapping

Request Body schema: application/json

Details of the mapping to be created

name	string Name for the user or group for whom role is to assigned
role	string Name of the role to be assigned
type	string Type of the assignment (user or group)

Responses

Request samples

Payload

Content type

application/json

{"name": "tenantname",
"role": "TenantAdmin",
"type": "user"
}

Response samples

200
401
500
default

Content type

application/json

{"id": 1,
"name": "tenantname",
"role": "TenantAdmin",
"type": "user"
}

Delete a role mapping

Delete the role mapping

query Parameters

id

required

string

ID of the role mapping that is created

Responses

Response samples

401
500
default

Content type

application/json

{"code": 0,
"message": "message"
}