Compliance APIs

Compliance APIs

APIs for compliance service

Table of Contents

1. Get the Compliance Standards

This API is used to fetch all supported compliance standards.

1.1. Prerequisites API

The following data is required

  • The SDDC Manager should be up and running.

1.2. Steps API

  • Invoke the API

cURL Request

$ curl 'http://localhost:8080/v1/compliance-standards' -i -X GET

HTTP Request

GET /v1/compliance-standards HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 64

{"elements":[{"standardType":"PCI","standardVersions":["4.0"]}]}

[_getcompliancestandards] API

2. Get the Compliance configurations

This API is used to fetch all the compliance configurations known to the system.

2.1. Prerequisites API

The following data is required

  • The SDDC Manager should be up and running.

  • To filter configurations for a particular compliance standard and resource, standard type, standard version, resource type and resource version can be provided.

2.2. Steps API

  • Invoke the API

cURL Request

$ curl 'http://localhost:8080/v1/compliance-configurations?resourceType=SDDC_MANAGER&resourceVersion=5.2.0.0&standardType=PCI&standardVersion=4.0' -i -X GET

HTTP Request

GET /v1/compliance-configurations?resourceType=SDDC_MANAGER&resourceVersion=5.2.0.0&standardType=PCI&standardVersion=4.0 HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 473

{"elements":[{"configurationId":"1600","configurationTitle":"Verify backup","complianceResourceStandardConfigurationDetails":[{"resourceType":"SDDC_MANAGER","resourceVersion":"5.2.0.0","standardConfigurationDetails":[{"standardType":"PCI","standardVersion":"4.0","isRecommendedByStandard":true,"isAuditAutomated":true,"citationReference":"12.5.2 Bullet 3","auditProcedure":"Verify backup configuration","recommendedValue":"TRUE","remediationProcedure":"Setup backup"}]}]}]}

[_getcompliancestandards] API [_getcomplianceconfigurations] API

3. Compliance audit of resources

This API is used to trigger the compliance audit of resources

3.1. Prerequisites API

The following data is required

  • Id of the domain. Refer : [_usecase_getDomains]

  • Compliance standard type, compliance standard version and resource type.

  • To audit a particular resource, resource name can be provided.

  • To audit a particular configuration, configuration id can be provided. For allowable configuration id values, refer : Get the Compliance configurations.

3.2. Steps API

  • Trigger the task using the valid input specification.

cURL Request

$ curl 'http://localhost:8080/v1/domains/41921816-02d1-41f2-8628-70d552a2e44d/compliance-audits' -i -X POST \
    -H 'Content-Type: application/json' \
    -H 'Accept: application/json' \
    -d '{"standardType":"PCI","standardVersion":"4.0","complianceResourcesConfigurationSpec":[{"configurationId":"1600","resources":[{"resourceType":"SDDC_MANAGER"}]}]}'

HTTP Request

POST /v1/domains/41921816-02d1-41f2-8628-70d552a2e44d/compliance-audits HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 160
Host: localhost:8080

{"standardType":"PCI","standardVersion":"4.0","complianceResourcesConfigurationSpec":[{"configurationId":"1600","resources":[{"resourceType":"SDDC_MANAGER"}]}]}

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/domains/41921816-02d1-41f2-8628-70d552a2e44d/compliance-audits/tasks/bd5a0ab6-37ce-44f4-b004-da3a3d18aa71
Content-Type: application/json
Content-Length: 67

{"id":"bd5a0ab6-37ce-44f4-b004-da3a3d18aa71","status":"INPROGRESS"}
  • Poll the status of the task using the compliance task API with the ID from the response of the previous API, until "status" is not "IN_PROGRESS".

    • If the "status" is "SUCCESSFUL", the task is completed successfully.

    • If the "status" is "FAILED" , the task can be re-executed using retry compliance audit API. Refer to: Retry Compliance audit of resources.

cURL Request

$ curl 'http://localhost:8080/v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2' -i -X GET

HTTP Request

GET /v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2 HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 126

{"id":"d5160a1e-9000-4373-9cfa-40fb91c42fd2","status":"SUCCESSFUL","complianceAuditId":"7be5d2a9-acb8-4c70-b976-1b3e1237da5f"}
  • After the status is "SUCCESSFUL", fetch the audit id from the response and invoke the API to get the audit result.

cURL Request

$ curl 'http://localhost:8080/v1/compliance-audits/5e117936-0eaf-4775-83a5-18f2fc7275f4' -i -X GET

HTTP Request

GET /v1/compliance-audits/5e117936-0eaf-4775-83a5-18f2fc7275f4 HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 443

{"id":"5e117936-0eaf-4775-83a5-18f2fc7275f4","creationTimestamp":"2024-06-21T02:41:44.690Z","completionTimestamp":"2024-06-21T02:41:44.690Z","standardType":"PCI","standardVersion":"4.0","domainId":"96074ce5-b52c-4475-8349-174de935c6cd","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}
  • Invoke the API to get all the audit items in the result.

cURL Request

$ curl 'http://localhost:8080/v1/compliance-audits/d3c2b0ad-bbcf-4b4f-918e-d2b6eefb5048/compliance-audit-items' -i -X GET

HTTP Request

GET /v1/compliance-audits/d3c2b0ad-bbcf-4b4f-918e-d2b6eefb5048/compliance-audit-items HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 354

{"elements":[{"resourceType":"SDDC_MANAGER","resourceName":"sddc-manager.vrack.vsphere.local","configurationId":"1600","configurationTitle":"Verify backup","isConfigurationRecommendedByStandard":true,"citationReference":"12.5.2 Bullet 3","recommendedValue":"TRUE","actualValue":"TRUE","complianceStatus":"COMPLIANT","complianceAuditStatus":"SUCCEEDED"}]}

[_getcompliancestandards] API [_getcomplianceconfigurations] API [_complianceaudit] API [_getcomplianceaudittask] API [_getcomplianceauditforadomain] API [_getcomplianceaudit] API [_getcomplianceaudititemsforadomain] API [_getcomplianceaudititems] API

4. Retry Compliance audit of resources

This API is used to retry the failed compliance audit task

4.1. Prerequisites API

The following data is required

4.2. Steps API

  • Invoke the API

cURL Request

$ curl 'http://localhost:8080/v1/domains/7cc70f1f-2145-4802-b945-d24e201531a8/compliance-audits/tasks/eec1871d-738f-40d0-b3af-ccb0a765f37e' -i -X PATCH

HTTP Request

PATCH /v1/domains/7cc70f1f-2145-4802-b945-d24e201531a8/compliance-audits/tasks/eec1871d-738f-40d0-b3af-ccb0a765f37e HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 202 Accepted
Location: /v1/domains/7cc70f1f-2145-4802-b945-d24e201531a8/compliance-audits/tasks/eec1871d-738f-40d0-b3af-ccb0a765f37e
Content-Type: application/json
Content-Length: 67

{"id":"eec1871d-738f-40d0-b3af-ccb0a765f37e","status":"INPROGRESS"}
  • Poll the status of the task using the compliance task API with the ID from the response of the previous API, until "status" is not "IN_PROGRESS".

    • If the "status" is "SUCCESSFUL", the task is completed successfully.

    • If the "status" is "FAILED", the task can be re-executed using the above step.

cURL Request

$ curl 'http://localhost:8080/v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2' -i -X GET

HTTP Request

GET /v1/domains/4bbc3f47-86fb-4744-85a1-62ad0281655c/compliance-audits/tasks/d5160a1e-9000-4373-9cfa-40fb91c42fd2 HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 126

{"id":"d5160a1e-9000-4373-9cfa-40fb91c42fd2","status":"SUCCESSFUL","complianceAuditId":"7be5d2a9-acb8-4c70-b976-1b3e1237da5f"}

[_retrycomplianceaudittask] API [_getcomplianceaudittask] API

5. Get the Compliance audit history

This API is used to fetch all the compliance audit results.

5.1. Prerequisites API

The following data is required

  • The SDDC Manager should be up and running.

  • Id of the domain if a particular domain audit history is to be fetched.

Get All compliance audit results

5.2. Steps API

  • Invoke the API to get all the audit results.

cURL Request

$ curl 'http://localhost:8080/v1/compliance-audits' -i -X GET

HTTP Request

GET /v1/compliance-audits HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458

{"elements":[{"id":"15c686c0-370f-405b-8967-074a52abefe7","creationTimestamp":"2024-06-21T02:41:44.368Z","completionTimestamp":"2024-06-21T02:41:44.368Z","standardType":"PCI","standardVersion":"4.0","domainId":"dc5c6686-2c53-40e8-80e8-c3575d9593b2","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}]}

Get All compliance audit results for a domain

5.3. Steps API

  • Invoke the API to get all the audit results of a particular domain.

cURL Request

$ curl 'http://localhost:8080/v1/domains/cf86889a-b246-4552-9d23-d25a7858d9d0/compliance-audits' -i -X GET

HTTP Request

GET /v1/domains/cf86889a-b246-4552-9d23-d25a7858d9d0/compliance-audits HTTP/1.1
Host: localhost:8080

HTTP Response

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458

{"elements":[{"id":"7dccc504-9b27-4186-bfef-de39c1a9eb96","creationTimestamp":"2024-06-21T02:41:45.327Z","completionTimestamp":"2024-06-21T02:41:45.327Z","standardType":"PCI","standardVersion":"4.0","domainId":"cf86889a-b246-4552-9d23-d25a7858d9d0","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}]}

[_getcomplianceaudithistoryforadomain] API [_getcomplianceaudithistory] API
Last updated 2024-06-21 01:22:12 -0700

Operations
POST
Compliance Audit
Compliance audit of resource
GET
Get Compliance Audit
Get compliance audit
GET
Get Compliance Audit For A Domain
Get compliance audit for a domain
GET
Get Compliance Audit History
Get compliance audit history
GET
Get Compliance Audit History For A Domain
Get compliance audit history for a domain
GET
Get Compliance Audit Items
Get compliance audit items
GET
Get Compliance Audit Items For A Domain
Get compliance audit items for a domain
GET
Get Compliance Audit Task
Get compliance audit task
GET
Get Compliance Configurations
Get all compliance configurations
GET
Get Compliance Standards
Get all compliance standards
PATCH
Retry Compliance Audit Task
Retry compliance audit task