Admin API - Group
Basic Administration using API’s
Info
You can run the following Labs from a machine & network with reachability to the admin endpoint with curl and Python installed. For our labs we will use the host server to make Admin API calls.
Instructions
Lets get the Admin API password and assign it to an environment variable in .bash_profile
for
ease of access. Take care not to expose the password in production allowing unintended access.
- SSH into your Config / Installer node (Node 1) with the training account
- Get the admin API password using the hsctl command
sudo hsctl config get admin.auth.password
Copy the output of the command as shown above This is your Admin API plain text password
Instructions
- Save the password as an environment variable.
Ensure that you replace the Admin Password field with your copied password
from the previous instructions.
echo "export auth_pass=Admin Password" >> ~/.bash_profile && source ~/.bash_profile
- Check that the auth_pass variable has been set correctly
echo $auth_pass
Instructions
- Obtain your Admin API endpoint from: Student Assignment
- Save your admin endpoint in the bash profile, replacing the Admin Endpoint with your own
echo "export admin_endpoint=Admin Endpoint" >> ~/.bash_profile && source ~/.bash_profile
- Check that the admin endpoint has been set
The output should look like:
echo $admin_endpoint
s3-admin.studentX.cloudian.tech
where 'X' is your student number
You are now ready to issue Admin API calls from the Host Server
Create Group (shell)
Info
Most of these API calls require a JSON formatted payload. Lets have a look at the payload required to create a new Group.
Instructions
- Ensure that you are on the Config / Installer node (Node 1) . Hostname should say
studentXn1
hostname
- Make a new directory for the payload file
mkdir ~/admin_api
- Create a new Json payload file:
echo '{ "active": "true", "groupId": "Engineering", "groupName": "Engineering Group", "ldapEnabled": false, "ldapGroup": "", "ldapMatchAttribute": "", "ldapSearch": "", "ldapSearchUserBase": "", "ldapServerURL": "", "ldapUserDNTemplate": "", "s3endpointshttp": ["ALL"], "s3endpointshttps": ["ALL"], "s3websiteendpoints": ["ALL"] } ' > ~/admin_api/create_group.txt
Info
For this lab, we are creating a new HyperStore group with Engineering for groupId and Engineering Group for the groupName. For future labs we will continue to reference ”Engineering” groupId to do other exercises.
Instructions
- Make the admin API request from the Host Server
Any errors will be output. No Output means success.
curl -X PUT -H "Content-Type: application/json" -k -u sysadmin:$auth_pass -d @/home/training/admin_api/create_group.txt https://$admin_endpoint:19443/group
- We can check the group was created using the same API function with the following command
curl -s -X GET -k -u sysadmin:$auth_pass https://$admin_endpoint:19443/group/list | python -mjson.tool | grep groupId
- Check to ensure the “Engineering” group is displayed like the example below.