API v1: Password changers¶
Deprecated since version 5.4
Please be informed that the endpoints outlined within this section have been deprecated and are scheduled for removal in the next major release.
defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.
Data structures¶
Attribute | Type | Description |
---|---|---|
id | string | Object identifier. Read only. |
name | string | Required. |
timeout | int | Script’s execution time limit expressed in seconds. Required. |
transport | string{LDAP, SSH, Telnet, WinRM, plugin} | Transport layer specifier. Required. |
changer_type | string{change,verify} | Script type. Required. |
variables | VariablesModel | Required. |
commands | CommandsModel | Required. |
Attribute | Type | Description |
---|---|---|
id | string | Object identifier. |
name | string | Required. |
description | string | |
encrypt | bool |
|
required | bool |
|
object_type | string | |
object_property | string |
Attribute | Type | Description |
---|---|---|
id | string | Object identifier. Read only. |
command | string | Required if command_type==INPUT. |
expected | string | Required if command_type==EXPECTED |
delay | int | Delay after running the command before executing the next one. Required if command_type==DELAY |
comment | string | Optional commentary. |
position | int | required |
Attribute | Type | Description |
---|---|---|
id | string | Object identifier. |
position | int | Password changer position in execution queue. |
account | string | Account identifier. |
password_changer | string | Password changer identifier |
timeout | int | Script’s execution time limit. |
accountvariable_set |
Attribute | Type | Description |
---|---|---|
id | string | Object identifier. |
password_changer_variable | string | |
value | string | Variable value. |
account_id | string | Account identifier. |
server_id | string | Server identifier. |
account_password_changer_id | string | |
server_address_id | string |
Creating a password changer¶
Request
Method | POST
|
Path | /api/system/password_changers
|
Headers | Content-Type: Application/JSON
|
Body | PasswordChangerModel
|
Possible Response
Status | 201 CREATED
|
Headers | Content-Type: Application/JSON
|
Body | PasswordChangerModel
|
Description | Object successfully created. Resultant object's attributes
are included in response body.
|
Possible Response
Status | 400 BAD REQUEST
|
Headers | Content-Type: Application/JSON
|
Body | ValidationErrors
|
Description | Validation didn't pass.
|
Example: Creating a WinRM password changer
{ "name": "test_changer_00567",
"timeout": 300,
"transport": "WinRM",
"changer_type": "change",
"variables": [
{
"id": "7394910588142354434",
"name": "transport_bind_ip",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "bind_ip"
},
{
"id": "7394910588142354435",
"name": "transport_ca_certificate",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "transport_ca_certificate"
},
{
"id": "7394910588142354436",
"name": "transport_encoding",
"description": null,
"encrypt": false,
"required": false,
"object_type": null,
"object_property": null
},
{
"id": "7394910588142354437",
"name": "transport_host",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "address"
},
{
"id": "7394910588142354438",
"name": "transport_login",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_account",
"object_property": "login"
},
{
"id": "7394910588142354439",
"name": "transport_port",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "port"
},
{
"id": "7394910588142354440",
"name": "transport_secret",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_account",
"object_property": "secret"
},
{
"id": "7394910588142354441",
"name": "x",
"description": null,
"encrypt": false,
"required": false,
"object_type": null,
"object_property": null
}
],
"commands": [
{
"id": "7394910588142354434",
"command": "echo %%x%%",
"expected": null,
"delay": null,
"comment": null,
"position": 0
}]}
Retrieving password changers list¶
Request
Method | GET
|
Path | /api/system/password_changers
|
Note
Results pagination
Every GET
request, which returns a collection of objects can be optionally paginated. To achieve it add a pagination parameter to the request path:
/api/system/objects?page=3&page_size=10
page | int |
page_size | int |
Possible Response
Status | 200 OK
|
Headers | Content-Type: Application/JSON
|
Body | [
PasswordChangerModel,
...
]
|
Example
curl -k -X GET
"https://10.0.150.150/api/system/password_changers?sessionid={{sessionid}}"
Response
[{
"id": "1",
"name": "Unix/SSH changer",
"timeout": 300,
"transport": "SSH",
"changer_type": "change",
"variables": [
{
"id": "1",
"name": "transport_host",
"description": null,
"encrypt": false,
"required": true,
"object_type": "fudo_server",
"object_property": "address"
},
{
"id": "2",
"name": "transport_bind_ip",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "bind_ip"
},
{
"id": "3",
"name": "transport_port",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "port"
},
{
"id": "4",
"name": "transport_login",
"description": null,
"encrypt": false,
"required": true,
"object_type": "fudo_account",
"object_property": "login"
},
{
"id": "5",
"name": "transport_secret",
"description": null,
"encrypt": true,
"required": true,
"object_type": "fudo_account",
"object_property": "secret"
},
{
"id": "6",
"name": "transport_method",
"description": null,
"encrypt": false,
"required": true,
"object_type": "fudo_account",
"object_property": "method"
},
{
"id": "7",
"name": "transport_host_public_key",
"description": null,
"encrypt": false,
"required": false,
"object_type": "fudo_server",
"object_property": "ssh_public_key"
},
{
"id": "8",
"name": "transport_password_prompt",
"description": null,
"encrypt": false,
"required": false,
"object_type": null,
"object_property": null
},
{
"id": "9",
"name": "account_login",
"description": "Login for the account for which password will be changed.",
"encrypt": false,
"required": true,
"object_type": "fudo_account",
"object_property": "login"
}
],
"commands": [
{
"id": "1",
"command": null,
"expected": "Last login:",
"delay": null,
"comment": null,
"position": 1
},
{
"id": "2",
"command": "passwd %%account_login%%",
"expected": null,
"delay": null,
"comment": null,
"position": 2
},
{
"id": "3",
"command": null,
"expected": "[Pp]assword:",
"delay": null,
"comment": null,
"position": 3
},
{
"id": "4",
"command": "%%account_new_secret%%",
"expected": null,
"delay": null,
"comment": null,
"position": 4
},
{
"id": "5",
"command": null,
"expected": "[Pp]assword:",
"delay": null,
"comment": null,
"position": 5
},
{
"id": "6",
"command": "%%account_new_secret%%",
"expected": null,
"delay": null,
"comment": null,
"position": 6
},
{
"id": "7",
"command": null,
"expected": "successfully",
"delay": null,
"comment": null,
"position": 7
},
{
"id": "8",
"command": "logout",
"expected": null,
"delay": null,
"comment": null,
"position": 8
},
{
"id": "9",
"command": null,
"expected": "closed",
"delay": null,
"comment": null,
"position": 9
}]}]
Retrieving a password changer¶
Request
Method | GET
|
Path | /api/system/password_changers/id
|
Possible Response
Status | 200 OK
|
Headers | Content-Type: Application/JSON
|
Body | PasswordChangerModel
|
Possible Response
Status | 404 NOT FOUND
|
Not found. |
Example
curl -k -X GET "https://10.0.150.150/api/system/password_changers/1?sessionid={{sessionid}}"
Response
curl -k -X POST -H "Content-Type:application/json"
https://10.0.150.150/api/system/password_changers/68719476747?sessionid={{sessionid}} -d
{
"id": "986756453423132"
"name":"New name",
"timeout":300,
"transport":"Telnet",
"changer_type":"verify",
"variables":
[{
"name":"transport_host",
"description":null,
"encrypt":false,
"required":true,
"object_type":"fudo_server_address_property",
"object_property":"host"
},{
"name":"transport_port",
"description":null,
"encrypt":false,
"required":false,
"object_type":"fudo_server_address_property",
"object_property":"port"
},{
"name":"transport_bind_ip",
"description":null,
"encrypt":false,
"required":false,
"object_type":"fudo_server_address_property",
"object_property":"bind_ip"
}],
"commands":
[{
"command":"command 1 %%transport_bind_ip%%",
"expected": null,
"position": 1,
"delay":null,
"command_type":"INPUT"
},{
"command":"command 2 %%transport_port%%",
"expected": null,
"position": 2,
"delay":null,
"command_type":"INPUT"
},{
"command":"command 3 %%transport_host%%",
"expected":null,
"position": 3,
"delay":null,
"command_type":"INPUT"
}]}
Modifying password changers¶
Request
Method | PUT
|
Path | /api/system/password_changers/id
|
Possible Response
Status | 200 OK
|
Headers | Content-Type: Application/JSON
|
Body | PasswordChangerModel
|
Possible Response
Status | 400 BAD REQUEST
|
Headers | Content-Type: Application/JSON
|
Body | PasswordChangerModel
|
Possible Response
Status | 404 NOT FOUND
|
Description | Object not found. |
Deleting a password changer¶
Request
Method | DELETE
|
Path | /api/system/password_changers/id
|
Possible Response
Status | 204 NO CONTENT
|
Possible Response
Status | 404 NOT FOUND
|
Description | Object not found. |
Example:
curl -k -X DELETE
https://10.0.150.150/api/system/password_changers/68719476746?sessionid={{sessionid}}
Retrieving account-password changers assignments list¶
Request
Method | GET
|
Path | /api/system/account_password_changers
|
Note
Results pagination
Every GET
request, which returns a collection of objects can be optionally paginated. To achieve it add a pagination parameter to the request path:
/api/system/objects?page=3&page_size=10
page | int |
page_size | int |
Possible Response
Status | 200 OK
|
Headers | Content-Type: Application/JSON
|
Body | [
AccountSafeAssignmentModel,
...
]
|
Example:
curl -k -X GET
"https://10.0.150.150/api/system/account_password_changers?sessionid={{sessionid}}"
Adding a password changer to account¶
Request
Method | POST
|
Path | /api/system/account_password_changers
|
Body | account_password_changer
|
Possible Response
Status | 201 CREATED
|
Headers | Content-Type: Application/JSON
|
Body | AccountPasswordChanger
|
Possible Response
Status | 400 BAD REQUEST
|
Headers | Content-Type: Application/JSON
|
Body | ValidationErrors
|
Possible Response
Status | 404 NOT FOUND
|
Example:
curl -k -X POST
https://10.0.8.89/api/system/account_password_changers?sessionid={{sessionid}} -d
{
"account": 1992864825347,
"accountvariable_set": [
{
"account_id": 1992864825347,
"password_changer_variable": 109,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 110,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 102,
"server_address_id": null,
"server_id": 1992864825347,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 103,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 101,
"server_address_id": 1992864825351,
"server_id": null,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 106,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 107,
"server_address_id": null,
"server_id": 1992864825347,
"value": null
},
{
"account_id": 1992864825347,
"password_changer_variable": 104,
"server_address_id": null,
"server_id": null,
"value": null
},
{
"account_id": null,
"password_changer_variable": 105,
"server_address_id": null,
"server_id": null,
"value": "base1"
}
],
"password_changer": 13,
"position": 0,
"timeout": 300
}
Deleting an account-password changer assignment¶
Request
Method | DELETE
|
Path | /api/system/account_password_changers/id
|
Possible Response
Status | 204 NO CONTENT
|
Possible Response
Status | 404 NOT FOUND
|
Example:
curl -k -X DELETE
https://10.0.150.150/api/system/account_password_changers/68719476738?sessionid={{sessionid}}