auth interface — VMware Salt API
auth interface
The LoadedMod class allows for the module loaded onto the sub to return custom sequencing, for instance it can be iterated over to return all functions
Update a password for an account_uuid.
Delete a group from the provided named configuration
Parameters
| config_name: | Name of the authentication backend to which this group belongs |
|---|---|
| group_name: | Name of the group to be deleted. |
| group_uuid: | UUID for this group. When calling this endpoint, use either group_uuid or config_name and group_name to uniquely identify a group. |
Delete the link between an external auth backend group and an VMware Salt internal group.
Parameters
| group_name: | Name of the AAC group to be linked to the external group |
|---|---|
| group_uuid: | UUID of the AAC group. Pass either group_uuid or group_name to uniquely identify the AAC group. |
| config_name: | Name of the authentication backend of the external group |
| ext_group_name: | Name of the external group to be linked to the AAC group |
| ext_group_uid: | Unique ID of the external group. Pass config_name and either ext_group_name or ext_group_uid to uniquely identify an external group. |
Delete a role from the system.
Parameters
| role_name: | Name of the group to be deleted. |
|---|---|
| role_uuid: | UUID for this group. When calling this endpoint, use either role_uuid or role_name to uniquely identify a role. |
Delete a user account.
Parameters
| config_name: | Name of the authentication backend to which this user account belongs |
|---|---|
| username: | User's login name. |
| account_uuid: | UUID for this account. When calling this endpoint, use either account_uuid or config_name and username to uniquely identify an account. |
Return all groups from the provided config_name or all groups from all authentication configurations if config_name is None
Parameters
| config_name: | Authentication backend name (internal, ldap, etc.) |
|---|---|
| include_users: | Include users belonging to each group |
| include_custom_data: | Include any custom data assigned to each group |
| sort_by: | Sort by this field, currently only 'name' is supported |
| reverse: | Pass True to sort results in descending order |
| limit: | Limit results to this many users (default is 50, pass 0 for unlimited) |
| page: | Return users from this page (offset = page * limit) |
client.api.auth.get_all_groups(config_name='internal', include_users=True) RPCResponse(riq=4, ret={'count': 2, 'results': [{'uuid': '9e0fb921-14fd-45ab-9def-b777711d5cfc', 'config_name': 'internal', 'remote_uid': None, 'name': 'group1', 'desc': None, 'users': [{'uuid': 'f6cdb715-2e83-455c-ba83-8c5059f5ed41', 'config_name': 'internal', 'username': 'user1', 'email': None, 'remote_uid': None, 'perms': [], 'roles': ['User'], 'groups': ['group1']}], 'roles': ['role1']}, {'uuid': None 'config_name': None, 'remote_uid': None, 'name': None, 'desc': None, 'users': [{'uuid': '8025afa2-929f-4860-b378-658bac410abb', 'config_name': 'internal', 'username': 'deleted', 'email': None, 'remote_uid': None, 'perms': [], 'roles': ['User'], 'groups': []}, {'uuid': '80c67364-cb31-4f4b-972a-e7ea3f752bb8', 'config_name': 'internal', 'username': 'root', 'email': None, 'remote_uid': None, 'perms': [], 'roles': ['User', 'Superuser'], 'groups': []}, {'uuid': 'ad3d6d8f-06b6-42b4-80d2-af3af32b0db0', 'config_name': 'internal', 'username': 'master_master1', 'email': None, 'remote_uid': None, 'perms': [], 'roles': ['Salt Master', 'User'], 'groups': []}]}]} error=None, warnings=[])
Retrieve details about all roles in the system.
Example:
Get all users for the provided config_name or all users of all authentication configurations if config_name is None
For more information on users, see the VMware Salt documentation on Broadcom's TechDocs.
Parameters
| config_name: | Authentication backend name (internal, ldap, etc.) |
|---|---|
| include_roles: | Include roles assigned to this user |
| include_inherited_roles: | Include roles inherited via group membership |
| include_perms: | Include permissions assigned to this user |
| include_groups: | Include groups to which this user belongs |
| include_custom_data: | Include any custom data assigned to this user |
| include_deleted_user: | Include the user account representing deleted users |
| sort_by: | Sort by this field, either 'username' or 'email' |
| reverse: | Pass True to sort results in descending order |
| limit: | Limit results to this many users (default is 50, pass 0 for unlimited) |
| page: | Return users from this page (offset = page * limit) |
client.api.auth.get_all_users(config_name='internal', include_roles=True) RPCResponse(riq=4, ret={'count': 3, 'results': [{'uuid': 'ad3d6d8f-06b6-42b4-80d2-af3af32b0db0', 'config_name': 'internal', 'username': 'master_master1', 'email': None, 'remote_uid': None, 'roles': ['User', 'Salt Master'] }, {'uuid': '80c67364-cb31-4f4b-972a-e7ea3f752bb8', 'config_name': 'internal', 'username': 'root', 'email': None, 'remote_uid': None, 'roles': ['User', 'Superuser'] }, {'uuid': 'f6cdb715-2e83-455c-ba83-8c5059f5ed41', 'config_name': 'internal', 'username': 'user1', 'email': None, 'remote_uid': None, 'roles': ['User', 'role1'] } ] }, error=None, warnings=[])
Get the public key used for key authentication to this raas instance.
Retrieve information about a group.
Parameters
| config_name: | Name of the authentication backend to which this group account belongs |
|---|---|
| group_name: | Name of the group |
| group_uuid: | UUID for this group. When calling this endpoint, use either group_uuid or config_name and group_name to uniquely identify a group. |
| include_users: | If this parameter is true, include group members in the return. |
Get information on links between external auth backend groups and VMware Salt internal groups.
Parameters
| group_name: | AAC group name (substring match) |
|---|---|
| group_uuid: | AAC group UUID |
| config_name: | Name of the authentication backend (substring match) |
| ext_group_name: | External group name (substring match) |
| ext_group_uid: | External group unique ID |
Get a JSON Web Token for the current user.
Retrieve details about a particular role. For more information on roles and how they function, see the VMware Salt documentation on VMware's Doc Center.
Parameters
| role_name: | Name of the role to retrieve. |
|---|---|
| role_uuid: | UUID of the role to retrieve. Use role_name or role_uuid but not both. |
Example:
Get details for a user account. For more information on users, see the VMware Salt documentation on Broadcom's TechDocs.
Parameters
| account_uuid: | UUID of the user for which the call should retrieve details. This parameter cannot be combined with username |
|---|---|
| username: | Username of the account for which the call should retrieve details. This parameter cannot be combined with username, and requires that config_name also be passed |
| config_name: | Authentication/Authorization backend name (internal, ldap, etc.) |
client.api.auth.get_user(account_uuid='80c67364-cb31-4f4b-972a-e7ea3f752bb8') RPCResponse(riq=12, ret={'uuid': '80c67364-cb31-4f4b-972a-e7ea3f52bb8', 'groups': [], 'perms': ['cmd-read', 'master-config-read', 'job-run', 'fs-read', 'cloud-read', 'job-read', 'superuser', 'returner-read', 'metadata-auth-read', 'target-read', 'license-read', 'master-fs-read', 'minion-read', 'master-read'], 'config_name': 'internal', 'custom_data': None, 'roles': ['Superuser', 'User'], 'username': 'root'}, error=None, warnings=[])
Get a ticket for establishing a websocket connection.
Link an external auth backend group to an VMware Salt internal group. Users in the external group will inherit the roles assigned to the AAC group.
Parameters
| group_name: | Name of the AAC group to be linked to the external group |
|---|---|
| group_uuid: | UUID of the AAC group. Pass either group_uuid or group_name to uniquely identify the AAC group. |
| config_name: | Name of the authentication backend of the external group |
| ext_group_name: | Name of the external group to be linked to the AAC group |
| ext_group_uid: | Unique ID of the external group. Pass config_name and either ext_group_name or ext_group_uid to uniquely identify an external group. |
Save a group. This call supports both creating groups and updating group information.
Parameters
| config_name: | Name of the authentication backend to which this group belongs |
|---|---|
| group_name: | Name of this group. Changing a group name is only supported for the internal authentication backend. |
| group_uuid: | UUID for this account. When calling this endpoint, use either group_uuid or config_name and group_name to uniquely identify a group. |
| description: | Text describing the group purpose. |
| roles: | A list of roles to assign to this group. |
| custom_data: | A dictionary containing arbitrary data. Authentication backends can use this to store information to assist in aligning groups in RaaS with groups in the backend. For example, the Active Directory backend uses it to store a group's Distinguished Name. |
| remote_uid: | Externally defined group unique id. |
Update an existing or create a new role.
For more information on roles and how they function, see the VMware Salt Config documentation on Broadcom's TechDocs.
Parameters
| role_name: | Name of the role in question. |
|---|---|
| role_uuid: | UUID for this role. |
| perms: | A list of permissions to assign to this role. |
| description: | Text to describe nature and purpose of the role. |
Create a link between an external user and an internal RaaS user. Will create an internal user record if necessary.
Parameters
| config_name: | Name of the authentication backend (substring match) |
|---|---|
| username: | Username to link |
| user_dn: | DistinguishedName in the external directory |
Save a user account. This call supports both creating accounts and updating user account information.
For more information on users, see the VMware Salt documentation on Broadcom's TechDocs.
Parameters
| config_name: | Name of the authentication backend to which this user account belongs |
|---|---|
| username: | User's login name. Changing a username is only supported for the internal authentication backend. |
| password: | Account password. (account creation only) |
| account_uuid: | UUID for this account. When calling this endpoint, use either account_uuid or config_name and username to uniquely identify an account. |
| perms: | A list of permissions to assign to this account. |
| roles: | A list of roles to assign to this account. |
| groups: | A list of groups to assign to this account |
| custom_data: | A dictionary containing arbitrary data. Authentication backends can use this to store information to assist in aligning users in RaaS with users in the backend. For example, the Active Directory backend uses it to store the users Distinguished Name. |
Transfer resources that belong to one user to another.
Parameters
| from_user_uuid: | UUID of the user whose resources are to be transferred. |
|---|---|
| to_user_uuid: | UUID of the user to whom the resources are to be transferred. |
| resource_types: | The type of the resource that is to be transferred (Optional). target_groups, jobs, files, pillars, auth_configs, formulas are valid inputs. |
| resource_uuids: | The UUID of the resources that are to be transferred. (Optional). |
| revoke_access: | Revoke access on the resource after transfer. |
| test: | Return the number of resources to be updated without updating ownership. |