API v1: Password changers¶
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
Data structures¶
| Parameter | Type | Description |
|---|---|---|
| id | string | Object identifier. Read only. |
| name | string | Required. |
| timeout | int | Script’s execution time limit expressed in seconds. Required. |
| transport | string{LDAP, SSH, Telnet, WinRM, plugin} | Transport layer specifier. Required. |
| changer_type | string{change,verify} | Script type. Required. |
| variables | VariablesModel | Required. |
| commands | CommandsModel | Required. |
| Parameter | Type | Description |
|---|---|---|
| id | string | Object identifier. |
| name | string | Required. |
| description | string | |
| encrypt | bool |
|
| required | bool |
|
| object_type | string | |
| object_property | string |
| Parameter | Type | Description |
|---|---|---|
| id | string | Object identifier. Read only. |
| command | string | Required if command_type==INPUT. |
| expected | string | Required if command_type==EXPECTED |
| delay | int | Delay after running the command before executing the next one. Required if command_type==DELAY |
| comment | string | Optional commentary. |
| position | int | required |
| Parameter | Type | Description |
|---|---|---|
| id | string | Object identifier. |
| position | int | Password changer position in execution queue. |
| account | string | Account identifier. |
| password_changer | string | Password changer identifier |
| timeout | int | Script’s execution time limit. |
| accountvariable_set |
| Parameter | Type | Description |
|---|---|---|
| id | string | Object identifier. |
| password_changer_variable | string | |
| value | string | Variable value. |
| account_id | string | Account identifier. |
| server_id | string | Server identifier. |
| account_password_changer_id | string | |
| server_address_id | string |
Creating a password changer¶
Request
| Method | POST
|
| Path | /api/system/password_changers
|
| Headers | Content-Type: Application/JSON
|
| Body | PasswordChangerModel
|
Possible Response
| Status | 201 CREATED
|
| Headers | Content-Type: Application/JSON
|
| Body | PasswordChangerModel
|
| Description | Object successfully created. Resultant object's attributes
are included in response body.
|
Possible Response
| Status | 400 BAD REQUEST
|
| Headers | Content-Type: Application/JSON
|
| Body | ValidationErrors
|
| Description | Validation didn't pass.
|
Example: Creating a WinRM password changer
{ "name": "test_changer_00567",
"timeout": 300,
"transport": "WinRM",
"changer_type": "change",
"variables": [
{
"id": "7394910588142354434",
"name": "transport_bind_ip",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "bind_ip"
},
{
"id": "7394910588142354435",
"name": "transport_ca_certificate",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "transport_ca_certificate"
},
{
"id": "7394910588142354436",
"name": "transport_encoding",
"description": null,
"encrypt": false,
"required": false,
"object_type": null,
"object_property": null
},
{
"id": "7394910588142354437",
"name": "transport_host",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "address"
},
{
"id": "7394910588142354438",
"name": "transport_login",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_account",
"object_property": "login"
},
{
"id": "7394910588142354439",
"name": "transport_port",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "port"
},
{
"id": "7394910588142354440",
"name": "transport_secret",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_account",
"object_property": "secret"
},
{
"id": "7394910588142354441",
"name": "x",
"description": null,
"encrypt": false,
"required": false,
"object_type": null,
"object_property": null
}
],
"commands": [
{
"id": "7394910588142354434",
"command": "echo %%x%%",
"expected": null,
"delay": null,
"comment": null,
"position": 0
}]}
Retrieving password changers list¶
Request
| Method | GET
|
| Path | /api/system/password_changers
|
Note
Results pagination
Every GET request, which returns a collection of objects can be optionally paginated. To achieve it add a pagination parameter to the request path:
/api/system/objects?page=3&page_size=10
| page | int |
| page_size | int |
Possible Response
| Status | 200 OK
|
| Headers | Content-Type: Application/JSON
|
| Body | [
PasswordChangerModel,
...
]
|
Example
curl -k -X GET
"https://10.0.150.150/api/system/password_changers?sessionid={{sessionid}}"
Response
[{
"id": "1",
"name": "Unix/SSH changer",
"timeout": 300,
"transport": "SSH",
"changer_type": "change",
"variables": [
{
"id": "1",
"name": "transport_host",
"description": null,
"encrypt": false,
"required": true,
"object_type": "fudo_server",
"object_property": "address"
},
{
"id": "2",
"name": "transport_bind_ip",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "bind_ip"
},
{
"id": "3",
"name": "transport_port",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "port"
},
{
"id": "4",
"name": "transport_login",
"description": null,
"encrypt": false,
"required": true,
"object_type": "fudo_account",
"object_property": "login"
},
{
"id": "5",
"name": "transport_secret",
"description": null,
"encrypt": true,
"required": true,
"object_type": "fudo_account",
"object_property": "secret"
},
{
"id": "6",
"name": "transport_method",
"description": null,
"encrypt": false,
"required": true,
"object_type": "fudo_account",
"object_property": "method"
},
{
"id": "7",
"name": "transport_host_public_key",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "ssh_public_key"
},
{
"id": "8",
"name": "transport_password_prompt",
"description": null,
"encrypt": false,
"required": false,
"object_type": null,
"object_property": null
},
{
"id": "9",
"name": "account_login",
"description": "Login for the account for which password will be changed.",
"encrypt": false,
"required": true,
"object_type": "fudo_account",
"object_property": "login"
}
],
"commands": [
{
"id": "1",
"command": null,
"expected": "Last login:",
"delay": null,
"comment": null,
"position": 1
},
{
"id": "2",
"command": "passwd %%account_login%%",
"expected": null,
"delay": null,
"comment": null,
"position": 2
},
{
"id": "3",
"command": null,
"expected": "[Pp]assword:",
"delay": null,
"comment": null,
"position": 3
},
{
"id": "4",
"command": "%%account_new_secret%%",
"expected": null,
"delay": null,
"comment": null,
"position": 4
},
{
"id": "5",
"command": null,
"expected": "[Pp]assword:",
"delay": null,
"comment": null,
"position": 5
},
{
"id": "6",
"command": "%%account_new_secret%%",
"expected": null,
"delay": null,
"comment": null,
"position": 6
},
{
"id": "7",
"command": null,
"expected": "successfully",
"delay": null,
"comment": null,
"position": 7
},
{
"id": "8",
"command": "logout",
"expected": null,
"delay": null,
"comment": null,
"position": 8
},
{
"id": "9",
"command": null,
"expected": "closed",
"delay": null,
"comment": null,
"position": 9
}]}]
Retrieving a password changer¶
Request
| Method | GET
|
| Path | /api/system/password_changers/id
|
Possible Response
| Status | 200 OK
|
| Headers | Content-Type: Application/JSON
|
| Body | PasswordChangerModel
|
Possible Response
| Status | 404 NOT FOUND
|
| Not found. |
Example
curl -k -X GET "https://10.0.150.150/api/system/password_changers/1?sessionid={{sessionid}}"
Response
curl -k -X POST -H "Content-Type:application/json"
https://10.0.150.150/api/system/password_changers/68719476747?sessionid={{sessionid}} -d
{
"id": "986756453423132"
"name":"New name",
"timeout":300,
"transport":"Telnet",
"changer_type":"verify",
"variables":
[{
"name":"transport_host",
"description":null,
"encrypt":false,
"required":true,
"object_type":"fudo_server_address_property",
"object_property":"host"
},{
"name":"transport_port",
"description":null,
"encrypt":false,
"required":false,
"object_type":"fudo_server_address_property",
"object_property":"port"
},{
"name":"transport_bind_ip",
"description":null,
"encrypt":false,
"required":false,
"object_type":"fudo_server_address_property",
"object_property":"bind_ip"
}],
"commands":
[{
"command":"command 1 %%transport_bind_ip%%",
"expected": null,
"position": 1,
"delay":null,
"command_type":"INPUT"
},{
"command":"command 2 %%transport_port%%",
"expected": null,
"position": 2,
"delay":null,
"command_type":"INPUT"
},{
"command":"command 3 %%transport_host%%",
"expected":null,
"position": 3,
"delay":null,
"command_type":"INPUT"
}]}
Modifying password changers¶
Request
| Method | PUT
|
| Path | /api/system/password_changers/id
|
Possible Response
| Status | 200 OK
|
| Headers | Content-Type: Application/JSON
|
| Body | PasswordChangerModel
|
Possible Response
| Status | 400 BAD REQUEST
|
| Headers | Content-Type: Application/JSON
|
| Body | PasswordChangerModel
|
Possible Response
| Status | 404 NOT FOUND
|
| Description | Object not found. |
Deleting a password changer¶
Request
| Method | DELETE
|
| Path | /api/system/password_changers/id
|
Possible Response
| Status | 204 NO CONTENT
|
Possible Response
| Status | 404 NOT FOUND
|
| Description | Object not found. |
Example:
curl -k -X DELETE
https://10.0.150.150/api/system/password_changers/68719476746?sessionid={{sessionid}}
Retrieving account-password changers assignments list¶
Request
| Method | GET
|
| Path | /api/system/account_password_changers
|
Note
Results pagination
Every GET request, which returns a collection of objects can be optionally paginated. To achieve it add a pagination parameter to the request path:
/api/system/objects?page=3&page_size=10
| page | int |
| page_size | int |
Possible Response
| Status | 200 OK
|
| Headers | Content-Type: Application/JSON
|
| Body | [
AccountSafeAssignmentModel,
...
]
|
Example:
curl -k -X GET
"https://10.0.150.150/api/system/account_password_changers?sessionid={{sessionid}}"
Adding a password changer to account¶
Request
| Method | POST
|
| Path | /api/system/account_password_changers
|
| Body | account_password_changer
|
Possible Response
| Status | 201 CREATED
|
| Headers | Content-Type: Application/JSON
|
| Body | AccountPasswordChanger
|
Possible Response
| Status | 400 BAD REQUEST
|
| Headers | Content-Type: Application/JSON
|
| Body | ValidationErrors
|
Possible Response
| Status | 404 NOT FOUND
|
Example:
curl -k -X POST
https://10.0.8.89/api/system/account_password_changers?sessionid={{sessionid}} -d
{
"account": 1992864825347,
"accountvariable_set": [
{
"account_id": 1992864825347,
"password_changer_variable": 109,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 110,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 102,
"server_address_id": null,
"server_id": 1992864825347,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 103,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 101,
"server_address_id": 1992864825351,
"server_id": null,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 106,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 107,
"server_address_id": null,
"server_id": 1992864825347,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 104,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 105,
"server_address_id": null,
"server_id": null,
"value": "base1"
}
],
"password_changer": 13,
"position": 0,
"timeout": 300
}
Deleting an account-password changer assignment¶
Request
| Method | DELETE
|
| Path | /api/system/account_password_changers/id
|
Possible Response
| Status | 204 NO CONTENT
|
Possible Response
| Status | 404 NOT FOUND
|
Example:
curl -k -X DELETE
https://10.0.150.150/api/system/account_password_changers/68719476738?sessionid={{sessionid}}