API v2: Password Changers¶
Password changers manage credentials for privileged accounts on monitored servers. They operate on various transport layers: SSH, LDAP, Telnet, or WinRM. You can use built-in options or create custom scripts.
Data Structures¶
| Attribute | Type | Required | Description |
|---|---|---|---|
| id | string | Read-only, unique password change identifier. | |
| type | string {change, verify} | yes | Password changer type. |
| name | string | yes | Unique, case-insensitive password changer name. |
| transport | string {LDAP, SSH, Telnet, WinRM} | If type == change || verify |
Transport layer for password changer. |
| timeout | number {0 - 2147483647} | If type == change || verify |
Script’s execution time limit expressed in seconds. Value-range: 0 to 2147483647. |
| builtin | boolean | Read-only; expensive to use; if true, the object is not editable. |
|
| hidden | boolean | Read-only; expensive to use; if true, the object is hidden in UI. |
|
| created_at | string | Read-only. Timestamp of creation. | |
| modified_at | string | Read-only. Timestamp of modification. | |
| removed | boolean | Read-only. |
Request for Retrieving Available Attributes of the PasswordChangerModel
| Method | GET
|
| Path | /api/v2/objspec/password_changer
|
Note
To check allowed methods, available URL parameters and possible responses please refer to the API Overview section.
The next chapter describes procedures for creating separate requests.
Retrieving Password Changers List¶
Request
| Method | GET
|
| Path | /api/v2/password_changer
|
Example Request
Sending GET https://10.0.0.0/api/v2/password_changer
curl -s -k -X GET -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/password_changer'
Response
{
"result": "success",
"password_changer": [
{
"id": "1",
"type": "change",
"name": "Unix\/SSH changer",
"transport": "SSH",
"timeout": 300,
"builtin": true,
"hidden": false,
"created_at": "2024-06-10 05:59:22.99706-07",
"modified_at": "2024-06-10 05:59:22.99706-07"
},
{
"id": "2",
"type": "verify",
"name": "Unix\/SSH verifier",
"transport": "SSH",
"timeout": 300,
"builtin": true,
"hidden": false,
"created_at": "2024-06-10 05:59:22.997876-07",
"modified_at": "2024-06-10 05:59:22.997876-07"
}
]
}
Retrieving Password Changer by ID¶
Request
| Method | GET
|
| Path | /api/v2/password_changer/<id>
|
Example Request
Sending GET https://10.0.0.0/api/v2/password_changer/1
curl -s -k -X GET -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/password_changer/1'
Response
{
"password_changer": {
"id": "1",
"name": "Unix\/SSH changer",
"type": "change",
"transport": "SSH",
"timeout": 300,
"variables": [
{
"name": "transport_bind_ip",
"description": "An IP on Fudo interface that will be used as source address.",
"object_type": "server",
"object_property": "bind_ip",
"encrypted": false,
"optional": true,
"transport": true,
"value": {
"value_type": "self"
}
},
{
"name": "transport_host",
"description": "An address to which password changer\/verifier connects.",
"object_type": "server",
"object_property": "address",
"encrypted": false,
"optional": false,
"transport": true,
"value": {
"value_type": "self"
}
}
],
"commands": [
{
"type": "expected",
"value": "Last login:",
"description": null
},
{
"type": "input",
"value": "passwd %%account_login%%",
"description": null
}
],
"builtin": true,
"hidden": false,
"created_at": "2024-06-10 05:59:22.99706-07",
"modified_at": "2024-06-10 05:59:22.99706-07"
},
"result": "success"
}
Defining Password Changer¶
Request
| Method | POST
|
| Path | /api/v2/password_changer
|
| Headers | Content-Type: Application/HTML
|
| Body | PasswordChangerModel
|
Example Request
Sending POST https://10.0.0.0/api/v2/password_changer
curl -s -k -X POST -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/password_changer' -H 'Content-Type: application/json' -d'{"name":"Password_Changer_WinRM","type":"change","transport":"WinRM","timeout":1000,"commands":[{"type":"input","value":"net user \"%%account_login%%\" \"%%account_new_secret%%\"","description":"Description text."}]}'
Response
{
"password_changer": {
"id": "9124292845052624933"
},
"result": "success"
}
Modifying Password Changer¶
Request
| Method | PATCH
|
| Path | /api/v2/password_changer/<id>
|
| Headers | Content-Type: Application/HTML
|
| Body | PasswordChangerModel
|
Example Request: Change Basic Properties
Sending PATCH https://10.0.0.0/api/v2/password_changer/9124292845052624927
curl -s -k -X PATCH -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/password_changer/9124292845052624927' -H 'Content-Type: application/json' -d'{"type":"verify","transport":"SSH","timeout":1000}'
Example Request: Modifying Commands
Sending PATCH https://10.0.0.0/api/v2/password_changer/9124292845052624933
curl -s -k -X PATCH -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/password_changer/9124292845052624933' -H 'Content-Type: application/json' -d'{"commands":[{"type":"input","value":"net user \"%%account_login%%\" \"%%account_new_secret%%\"","description":"Description."}]}'
Example Request: Adding Variable
Sending PATCH https://10.0.0.0/api/v2/password_changer/9124292845052624933
curl -s -k -X PATCH -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/password_changer/9124292845052624933' -H 'Content-Type: application/json' -d'{"variables":[{"name":"transport_bind_ip","object_type":"server","object_property":"name","value":{"value_type":"self"}}]}'
Response
{
"result": "success"
}
Triggering Password Change for the Account¶
Request
| Method | POST
|
| Path | /api/v2/account/<id>/trigger_password_changer
|
Example Request
Sending POST https://10.0.0.0/api/v2/account/9124292845052624908/trigger_password_changer
curl -s -k -X POST -H 'Authorization: sgfeea6jsaz4mum9su8w61877n1g06sk' 'https://10.0.214.98/api/v2/account/9124292845052624908/trigger_password_changer'
Response
{
"result": "success"
}
Deleting Password Changer¶
Request
| Method | DELETE
|
| Path | /api/v2/password_changer/<id>
|
Example Request
Sending DELETE https://10.0.0.0/api/v2/password_changer/91242928459124292845052624927052624897
curl -s -k -X DELETE -H 'Authorization: vg1ei6rgo58fsbobr7octp0w3afd9vsm' https://10.0.214.98/api/v2/password_changer/9124292845052624927
Response
{
"result": "success"
}