Compliance APIs
APIs for compliance service
Table of Contents
1. Get the Compliance Standards
This API is used to fetch all supported compliance standards.
1.1. Prerequisites API
The following data is required
- The SDDC Manager should be up and running.
1.2. Steps API
- Invoke the API
cURL Request
$ curl 'http://localhost:8080/v1/compliance-standards' -i -X GET
HTTP Request
GET /v1/compliance-standards HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 64
{"elements":[{"standardType":"PCI","standardVersions":["4.0"]}]}
1.3. Related APIs API
[_getcompliancestandards] API
2. Get the Compliance configurations
This API is used to fetch all the compliance configurations known to the system.
2.1. Prerequisites API
The following data is required
The SDDC Manager should be up and running.
To filter configurations for a particular compliance standard and resource, standard type, standard version, resource type and resource version can be provided.
2.2. Steps API
- Invoke the API
cURL Request
$ curl 'http://localhost:8080/v1/compliance-configurations?resourceType=SDDC_MANAGER&resourceVersion=5.2.0.0&standardType=PCI&standardVersion=4.0' -i -X GET
HTTP Request
GET /v1/compliance-configurations?resourceType=SDDC_MANAGER&resourceVersion=5.2.0.0&standardType=PCI&standardVersion=4.0 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 473
{"elements":[{"configurationId":"1600","configurationTitle":"Verify backup","complianceResourceStandardConfigurationDetails":[{"resourceType":"SDDC_MANAGER","resourceVersion":"5.2.0.0","standardConfigurationDetails":[{"standardType":"PCI","standardVersion":"4.0","isRecommendedByStandard":true,"isAuditAutomated":true,"citationReference":"12.5.2 Bullet 3","auditProcedure":"Verify backup configuration","recommendedValue":"TRUE","remediationProcedure":"Setup backup"}]}]}]}
2.3. Related APIs API
[_getcompliancestandards] API [_getcomplianceconfigurations] API
3. Compliance audit of resources
This API is used to trigger the compliance audit of resources
3.1. Prerequisites API
The following data is required
Id of the domain. Refer : [_usecase_getDomains]
Compliance standard type, compliance standard version and resource type.
To audit a particular resource, resource name can be provided.
To audit a particular configuration, configuration id can be provided. For allowable configuration id values, refer : Get the Compliance configurations.
3.2. Steps API
- Trigger the task using the valid input specification.
cURL Request
$ curl 'http://localhost:8080/v1/domains/41921816-02d1-41f2-8628-70d552a2e44d/compliance-audits' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"standardType":"PCI","standardVersion":"4.0","complianceResourcesConfigurationSpec":[{"configurationId":"1600","resources":[{"resourceType":"SDDC_MANAGER"}]}]}'
HTTP Request
POST /v1/domains/41921816-02d1-41f2-8628-70d552a2e44d/compliance-audits HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 160
Host: localhost:8080
{"standardType":"PCI","standardVersion":"4.0","complianceResourcesConfigurationSpec":[{"configurationId":"1600","resources":[{"resourceType":"SDDC_MANAGER"}]}]}
HTTP Response
HTTP/1.1 202 Accepted
Location: /v1/domains/41921816-02d1-41f2-8628-70d552a2e44d/compliance-audits/tasks/bd5a0ab6-37ce-44f4-b004-da3a3d18aa71
Content-Type: application/json
Content-Length: 67
{"id":"bd5a0ab6-37ce-44f4-b004-da3a3d18aa71","status":"INPROGRESS"}
Poll the status of the task using the compliance task API with the ID from the response of the previous API, until "status" is not "IN_PROGRESS".
If the "status" is "SUCCESSFUL", the task is completed successfully.
If the "status" is "FAILED" , the task can be re-executed using retry compliance audit API. Refer to: Retry Compliance audit of resources.
cURL Request
$ curl 'http://localhost:8080/v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2' -i -X GET
HTTP Request
GET /v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 126
{"id":"d5160a1e-9000-4373-9cfa-40fb91c42fd2","status":"SUCCESSFUL","complianceAuditId":"7be5d2a9-acb8-4c70-b976-1b3e1237da5f"}
- After the status is "SUCCESSFUL", fetch the audit id from the response and invoke the API to get the audit result.
cURL Request
$ curl 'http://localhost:8080/v1/compliance-audits/5e117936-0eaf-4775-83a5-18f2fc7275f4' -i -X GET
HTTP Request
GET /v1/compliance-audits/5e117936-0eaf-4775-83a5-18f2fc7275f4 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 443
{"id":"5e117936-0eaf-4775-83a5-18f2fc7275f4","creationTimestamp":"2024-06-21T02:41:44.690Z","completionTimestamp":"2024-06-21T02:41:44.690Z","standardType":"PCI","standardVersion":"4.0","domainId":"96074ce5-b52c-4475-8349-174de935c6cd","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}
- Invoke the API to get all the audit items in the result.
cURL Request
$ curl 'http://localhost:8080/v1/compliance-audits/d3c2b0ad-bbcf-4b4f-918e-d2b6eefb5048/compliance-audit-items' -i -X GET
HTTP Request
GET /v1/compliance-audits/d3c2b0ad-bbcf-4b4f-918e-d2b6eefb5048/compliance-audit-items HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 354
{"elements":[{"resourceType":"SDDC_MANAGER","resourceName":"sddc-manager.vrack.vsphere.local","configurationId":"1600","configurationTitle":"Verify backup","isConfigurationRecommendedByStandard":true,"citationReference":"12.5.2 Bullet 3","recommendedValue":"TRUE","actualValue":"TRUE","complianceStatus":"COMPLIANT","complianceAuditStatus":"SUCCEEDED"}]}
3.3. Related APIs API
[_getcompliancestandards] API [_getcomplianceconfigurations] API [_complianceaudit] API [_getcomplianceaudittask] API [_getcomplianceauditforadomain] API [_getcomplianceaudit] API [_getcomplianceaudititemsforadomain] API [_getcomplianceaudititems] API
4. Retry Compliance audit of resources
This API is used to retry the failed compliance audit task
4.1. Prerequisites API
The following data is required
Id of the domain. Refer : [_usecase_getDomains]
Id of the failed compliance audit task
4.2. Steps API
- Invoke the API
cURL Request
$ curl 'http://localhost:8080/v1/domains/7cc70f1f-2145-4802-b945-d24e201531a8/compliance-audits/tasks/eec1871d-738f-40d0-b3af-ccb0a765f37e' -i -X PATCH
HTTP Request
PATCH /v1/domains/7cc70f1f-2145-4802-b945-d24e201531a8/compliance-audits/tasks/eec1871d-738f-40d0-b3af-ccb0a765f37e HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 202 Accepted
Location: /v1/domains/7cc70f1f-2145-4802-b945-d24e201531a8/compliance-audits/tasks/eec1871d-738f-40d0-b3af-ccb0a765f37e
Content-Type: application/json
Content-Length: 67
{"id":"eec1871d-738f-40d0-b3af-ccb0a765f37e","status":"INPROGRESS"}
Poll the status of the task using the compliance task API with the ID from the response of the previous API, until "status" is not "IN_PROGRESS".
If the "status" is "SUCCESSFUL", the task is completed successfully.
If the "status" is "FAILED", the task can be re-executed using the above step.
cURL Request
$ curl 'http://localhost:8080/v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2' -i -X GET
HTTP Request
GET /v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 126
{"id":"d5160a1e-9000-4373-9cfa-40fb91c42fd2","status":"SUCCESSFUL","complianceAuditId":"7be5d2a9-acb8-4c70-b976-1b3e1237da5f"}
4.3. Related APIs API
[_retrycomplianceaudittask] API [_getcomplianceaudittask] API
5. Get the Compliance audit history
This API is used to fetch all the compliance audit results.
5.1. Prerequisites API
The following data is required
The SDDC Manager should be up and running.
Id of the domain if a particular domain audit history is to be fetched.
Get All compliance audit results
5.2. Steps API
- Invoke the API to get all the audit results.
cURL Request
$ curl 'http://localhost:8080/v1/compliance-audits' -i -X GET
HTTP Request
GET /v1/compliance-audits HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458
{"elements":[{"id":"15c686c0-370f-405b-8967-074a52abefe7","creationTimestamp":"2024-06-21T02:41:44.368Z","completionTimestamp":"2024-06-21T02:41:44.368Z","standardType":"PCI","standardVersion":"4.0","domainId":"dc5c6686-2c53-40e8-80e8-c3575d9593b2","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}]}
Get All compliance audit results for a domain
5.3. Steps API
- Invoke the API to get all the audit results of a particular domain.
cURL Request
$ curl 'http://localhost:8080/v1/domains/cf86889a-b246-4552-9d23-d25a7858d9d0/compliance-audits' -i -X GET
HTTP Request
GET /v1/domains/cf86889a-b246-4552-9d23-d25a7858d9d0/compliance-audits HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458
{"elements":[{"id":"7dccc504-9b27-4186-bfef-de39c1a9eb96","creationTimestamp":"2024-06-21T02:41:45.327Z","completionTimestamp":"2024-06-21T02:41:45.327Z","standardType":"PCI","standardVersion":"4.0","domainId":"cf86889a-b246-4552-9d23-d25a7858d9d0","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}]}
5.4. Related APIs API
[_getcomplianceaudithistoryforadomain] API [_getcomplianceaudithistory] API
Last updated 2024-06-21 01:22:12 -0700