auth interface — VMware Salt API

auth interface — VMware Salt API

auth interface

The LoadedMod class allows for the module loaded onto the sub to return custom sequencing, for instance it can be iterated over to return all functions

change_password(account_uuid: <class 'uuid.UUID'>, password: <class 'str'>)

Update a password for an account_uuid.

delete_group(config_name: str | None, group_name: str | None, group_uuid: uuid.UUID | None)

Delete a group from the provided named configuration

Parameters

config_name:Name of the authentication backend to which this group belongs
group_name:Name of the group to be deleted.
group_uuid:UUID for this group. When calling this endpoint, use either group_uuid or config_name and group_name to uniquely identify a group.

Delete the link between an external auth backend group and an VMware Salt internal group.

Parameters

group_name:Name of the AAC group to be linked to the external group
group_uuid:UUID of the AAC group. Pass either group_uuid or group_name to uniquely identify the AAC group.
config_name:Name of the authentication backend of the external group
ext_group_name:Name of the external group to be linked to the AAC group
ext_group_uid:Unique ID of the external group. Pass config_name and either ext_group_name or ext_group_uid to uniquely identify an external group.
delete_role(role_name: str | None, role_uuid: uuid.UUID | None)

Delete a role from the system.

Parameters

role_name:Name of the group to be deleted.
role_uuid:UUID for this group. When calling this endpoint, use either role_uuid or role_name to uniquely identify a role.
delete_user(config_name: str | None, username: str | None, account_uuid: uuid.UUID | None)

Delete a user account.

Parameters

config_name:Name of the authentication backend to which this user account belongs
username:User's login name.
account_uuid:UUID for this account. When calling this endpoint, use either account_uuid or config_name and username to uniquely identify an account.
get_all_groups(config_name: str | None, include_users: <class 'bool'>, include_custom_data: <class 'bool'>, sort_by: str | None, reverse: bool | None, limit: int | None = 50, page: int | None)
Returns: <class 'dict'>

Return all groups from the provided config_name or all groups from all authentication configurations if config_name is None

Parameters

config_name:Authentication backend name (internal, ldap, etc.)
include_users:Include users belonging to each group
include_custom_data:Include any custom data assigned to each group
sort_by:Sort by this field, currently only 'name' is supported
reverse:Pass True to sort results in descending order
limit:Limit results to this many users (default is 50, pass 0 for unlimited)
page:Return users from this page (offset = page * limit)
client.api.auth.get_all_groups(config_name='internal', include_users=True)

RPCResponse(riq=4,
            ret={'count': 2,
                 'results': [{'uuid': '9e0fb921-14fd-45ab-9def-b777711d5cfc',
                              'config_name': 'internal',
                              'remote_uid': None,
                              'name': 'group1',
                              'desc': None,
                              'users': [{'uuid': 'f6cdb715-2e83-455c-ba83-8c5059f5ed41',
                                         'config_name': 'internal',
                                         'username': 'user1',
                                         'email': None,
                                         'remote_uid': None,
                                         'perms': [],
                                         'roles': ['User'],
                                         'groups': ['group1']}],
                              'roles': ['role1']},
                             {'uuid': None
                              'config_name': None,
                              'remote_uid': None,
                              'name': None,
                              'desc': None,
                              'users': [{'uuid': '8025afa2-929f-4860-b378-658bac410abb',
                                         'config_name': 'internal',
                                         'username': 'deleted',
                                         'email': None,
                                         'remote_uid': None,
                                         'perms': [],
                                         'roles': ['User'],
                                         'groups': []},
                                        {'uuid': '80c67364-cb31-4f4b-972a-e7ea3f752bb8',
                                         'config_name': 'internal',
                                         'username': 'root',
                                         'email': None,
                                         'remote_uid': None,
                                         'perms': [],
                                         'roles': ['User', 'Superuser'],
                                         'groups': []},
                                        {'uuid': 'ad3d6d8f-06b6-42b4-80d2-af3af32b0db0',
                                         'config_name': 'internal',
                                         'username': 'master_master1',
                                         'email': None,
                                         'remote_uid': None,
                                         'perms': [],
                                         'roles': ['Salt Master', 'User'],
                                         'groups': []}]}]}
            error=None,
            warnings=[])
get_all_roles(sort_order: str | None = ASC)
Returns: <class 'dict'>

Retrieve details about all roles in the system.

Example:

get_all_users(config_name: str | None, include_roles: <class 'bool'>, include_inherited_roles: <class 'bool'>, include_perms: <class 'bool'>, include_groups: <class 'bool'>, include_custom_data: <class 'bool'>, include_deleted_user: <class 'bool'>, sort_by: str | None, reverse: bool | None, limit: int | None = 50, page: int | None)
Returns: <class 'dict'>

Get all users for the provided config_name or all users of all authentication configurations if config_name is None

For more information on users, see the VMware Salt documentation on Broadcom's TechDocs.

Parameters

config_name:Authentication backend name (internal, ldap, etc.)
include_roles:Include roles assigned to this user
include_inherited_roles:Include roles inherited via group membership
include_perms:Include permissions assigned to this user
include_groups:Include groups to which this user belongs
include_custom_data:Include any custom data assigned to this user
include_deleted_user:Include the user account representing deleted users
sort_by:Sort by this field, either 'username' or 'email'
reverse:Pass True to sort results in descending order
limit:Limit results to this many users (default is 50, pass 0 for unlimited)
page:Return users from this page (offset = page * limit)
client.api.auth.get_all_users(config_name='internal', include_roles=True)

RPCResponse(riq=4,
            ret={'count': 3,
                 'results': [{'uuid': 'ad3d6d8f-06b6-42b4-80d2-af3af32b0db0',
                              'config_name': 'internal',
                              'username': 'master_master1',
                              'email': None,
                              'remote_uid': None,
                              'roles': ['User', 'Salt Master']
                             },
                             {'uuid': '80c67364-cb31-4f4b-972a-e7ea3f752bb8',
                              'config_name': 'internal',
                              'username': 'root',
                              'email': None,
                              'remote_uid': None,
                              'roles': ['User', 'Superuser']
                             },
                             {'uuid': 'f6cdb715-2e83-455c-ba83-8c5059f5ed41',
                              'config_name': 'internal',
                              'username': 'user1',
                              'email': None,
                              'remote_uid': None,
                              'roles': ['User', 'role1']
                             }
                            ]
                },
                error=None,
                warnings=[])
get_auth_pubkey()
Returns: <class 'dict'>

Get the public key used for key authentication to this raas instance.

get_group(config_name: str | None, group_name: str | None, group_uuid: uuid.UUID | None, include_users: <class 'bool'>)
Returns: <class 'dict'>

Retrieve information about a group.

Parameters

config_name:Name of the authentication backend to which this group account belongs
group_name:Name of the group
group_uuid:UUID for this group. When calling this endpoint, use either group_uuid or config_name and group_name to uniquely identify a group.
include_users:If this parameter is true, include group members in the return.
Returns: list[dict]

Get information on links between external auth backend groups and VMware Salt internal groups.

Parameters

group_name:AAC group name (substring match)
group_uuid:AAC group UUID
config_name:Name of the authentication backend (substring match)
ext_group_name:External group name (substring match)
ext_group_uid:External group unique ID
get_jwt()
Returns: <class 'dict'>

Get a JSON Web Token for the current user.

get_role(role_name: str | None, role_uuid: uuid.UUID | None)
Returns: <class 'dict'>

Retrieve details about a particular role. For more information on roles and how they function, see the VMware Salt documentation on VMware's Doc Center.

Parameters

role_name:Name of the role to retrieve.
role_uuid:UUID of the role to retrieve. Use role_name or role_uuid but not both.

Example:

get_user(account_uuid: uuid.UUID | None, username: str | None, config_name: str | None)
Returns: <class 'dict'>

Get details for a user account. For more information on users, see the VMware Salt documentation on Broadcom's TechDocs.

Parameters

account_uuid:UUID of the user for which the call should retrieve details. This parameter cannot be combined with username
username:Username of the account for which the call should retrieve details. This parameter cannot be combined with username, and requires that config_name also be passed
config_name:Authentication/Authorization backend name (internal, ldap, etc.)
client.api.auth.get_user(account_uuid='80c67364-cb31-4f4b-972a-e7ea3f752bb8')

RPCResponse(riq=12,
            ret={'uuid': '80c67364-cb31-4f4b-972a-e7ea3f52bb8',
                 'groups': [],
                 'perms': ['cmd-read', 'master-config-read',
                           'job-run', 'fs-read', 'cloud-read',
                           'job-read', 'superuser', 'returner-read',
                           'metadata-auth-read', 'target-read',
                           'license-read', 'master-fs-read',
                           'minion-read', 'master-read'],
                 'config_name': 'internal',
                 'custom_data': None,
                 'roles': ['Superuser', 'User'],
                 'username': 'root'}, error=None, warnings=[])
get_ws_ticket()
Returns: <class 'str'>

Get a ticket for establishing a websocket connection.

Link an external auth backend group to an VMware Salt internal group. Users in the external group will inherit the roles assigned to the AAC group.

Parameters

group_name:Name of the AAC group to be linked to the external group
group_uuid:UUID of the AAC group. Pass either group_uuid or group_name to uniquely identify the AAC group.
config_name:Name of the authentication backend of the external group
ext_group_name:Name of the external group to be linked to the AAC group
ext_group_uid:Unique ID of the external group. Pass config_name and either ext_group_name or ext_group_uid to uniquely identify an external group.
save_group(config_name: str | None, group_name: str | None, group_uuid: uuid.UUID | None, description: str | None, roles: list[str] | None, custom_data: dict | None, remote_uid: str | None)
Returns: ['None', 'dict']

Save a group. This call supports both creating groups and updating group information.

Parameters

config_name:Name of the authentication backend to which this group belongs
group_name:Name of this group. Changing a group name is only supported for the internal authentication backend.
group_uuid:UUID for this account. When calling this endpoint, use either group_uuid or config_name and group_name to uniquely identify a group.
description:Text describing the group purpose.
roles:A list of roles to assign to this group.
custom_data:A dictionary containing arbitrary data. Authentication backends can use this to store information to assist in aligning groups in RaaS with groups in the backend. For example, the Active Directory backend uses it to store a group's Distinguished Name.
remote_uid:Externally defined group unique id.
save_role(role_name: str | None, role_uuid: uuid.UUID | None, perms: list[str] | set[str] | None, description: str | None)

Update an existing or create a new role.

For more information on roles and how they function, see the VMware Salt Config documentation on Broadcom's TechDocs.

Parameters

role_name:Name of the role in question.
role_uuid:UUID for this role.
perms:A list of permissions to assign to this role.
description:Text to describe nature and purpose of the role.

Create a link between an external user and an internal RaaS user. Will create an internal user record if necessary.

Parameters

config_name:Name of the authentication backend (substring match)
username:Username to link
user_dn:DistinguishedName in the external directory
save_user(config_name: str | None, username: str | None, account_uuid: uuid.UUID | None, perms: list[str] | None, roles: list[str] | None, groups: list[str] | None, password: str | None, remote_uid: str | None, custom_data: dict | None)
Returns: <class 'uuid.UUID'>

Save a user account. This call supports both creating accounts and updating user account information.

For more information on users, see the VMware Salt documentation on Broadcom's TechDocs.

Parameters

config_name:Name of the authentication backend to which this user account belongs
username:User's login name. Changing a username is only supported for the internal authentication backend.
password:Account password. (account creation only)
account_uuid:UUID for this account. When calling this endpoint, use either account_uuid or config_name and username to uniquely identify an account.
perms:A list of permissions to assign to this account.
roles:A list of roles to assign to this account.
groups:A list of groups to assign to this account
custom_data:A dictionary containing arbitrary data. Authentication backends can use this to store information to assist in aligning users in RaaS with users in the backend. For example, the Active Directory backend uses it to store the users Distinguished Name.
transfer_resources(from_user_uuid: <class 'uuid.UUID'>, to_user_uuid: <class 'uuid.UUID'>, resource_types: list[str] | None, resource_uuids: list[uuid.UUID] | None, revoke_access: bool | None, test: bool | None)
Returns: <class 'dict'>

Transfer resources that belong to one user to another.

Parameters

from_user_uuid:UUID of the user whose resources are to be transferred.
to_user_uuid:UUID of the user to whom the resources are to be transferred.
resource_types:The type of the resource that is to be transferred (Optional). target_groups, jobs, files, pillars, auth_configs, formulas are valid inputs.
resource_uuids:The UUID of the resources that are to be transferred. (Optional).
revoke_access:Revoke access on the resource after transfer.
test:Return the number of resources to be updated without updating ownership.