PrivX user & host sources

get /role-store/api/v1/sources

Source definitions - User and host directories. Common auth will also fetch these upon startup.

Authorization

string

required

OAuth2 token

Default
"Bearer a-proper-token-goes-here"

Response

ExamplesSchema

Successful response, returns an array of defined sources, returns an empty array if no sources defined

{
  "count": 123,
  "items": [
    {
      "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "created": "2017-01-01T15:05:05Z",
      "updated": "2017-01-01T15:05:05Z",
      "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
      "enabled": true,
      "ttl": 86400,
      "status_code": "OK",
      "status_text": "Connection established",
      "name": "A pretty source",
      "comment": "A comment",
      "tags": [
        "string"
      ],
      "username_pattern": [
        "string"
      ],
      "external_user_mapping": [
        {
          "source_id": "string",
          "source_search_field": "string"
        }
      ],
      "session_password_enabled": true,
      "child_session_auto_logout_delay": 900,
      "session_password_policy": {
        "password_min_length": 16,
        "password_max_length": 16,
        "use_special_characters": true,
        "use_lower_case": true,
        "use_upper_case": true,
        "use_numbers": true,
        "password_entropy": 95,
        "password_strength": "STRONG"
      },
      "connection": {
        "type": "LDAP",
        "address": "string",
        "port": 123,
        "service_address_auto_update": true,
        "iam_access_key_id": "string",
        "iam_secret_access_key": "string",
        "iam_session_token": "string",
        "iam_fetch_roles": true,
        "iam_fetch_role_path_prefix": "string",
        "google_cloud_project_ids": [
          "string"
        ],
        "google_cloud_config_json": "string",
        "openstack_version": "V2",
        "openstack_endpoint": "string",
        "openstack_username": "string",
        "openstack_user_id": "string",
        "openstack_password": "string",
        "openstack_apikey": "string",
        "openstack_domainname": "string",
        "openstack_domainid": "string",
        "openstack_token_id": "string",
        "openstack_tenant_ids": [
          "string"
        ],
        "openstack_tenant_names": [
          "string"
        ],
        "azure_base_url": "string",
        "azure_subscription_id": "string",
        "azure_tenant_id": "string",
        "azure_client_id": "string",
        "azure_client_secret": "string",
        "ldap_protocol": "LDAP",
        "ldap_base": "string",
        "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
        "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
        "ldap_bind_password": "FooBar",
        "ldap_user_dn_pattern": "uid={0},ou=people",
        "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
        "google_gsuite_domain_admin_email": "admin@mydomain.com",
        "oidc_enabled": true,
        "oidc_issuer": "string",
        "oidc_button_title": "string",
        "oidc_client_id": "string",
        "oidc_client_secret": "string",
        "oidc_additional_scopes": [
          "string"
        ],
        "oidc_tags_attribute_name": "string",
        "attribute_mapping": {},
        "mfa_type": "DISABLED",
        "mfa_address": "string",
        "mfa_port": 123,
        "mfa_base_dn": "string",
        "domain_controller_fqdn": "string",
        "domain_controller_port": 123,
        "kerberos_ticket": "string",
        "enable_user_authentication": true,
        "enable_machine_authentication": true
      }
    }
  ]
}

post /role-store/api/v1/sources

Create a new source definition. Id, author, created & updated are automatically populated by the server.

enabled

boolean

ttl

int

How often the source data should be refreshed, time in seconds

Example
86400

name

string

A name describing the source

Example
"A pretty source"

comment

string

A comment describing the object

Example
"A comment"

tags

array[string]

Array of tag strings

username_pattern

array[string]

Array of wildcarded username patters which should be authenticated against this source

external_user_mapping

array[object]

Mapping external users to source users via id+username

session_password_enabled

boolean

child_session_auto_logout_delay

int

Child session auto logout delay in seconds

Example
900

session_password_policy

object (session_password_policy)

Password policy for session password generation

connection

object (connection)

Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined

Request

{
  "enabled": true,
  "ttl": 86400,
  "name": "A pretty source",
  "comment": "A comment",
  "tags": [
    "string"
  ],
  "username_pattern": [
    "string"
  ],
  "external_user_mapping": [
    {
      "source_id": "string",
      "source_search_field": "string"
    }
  ],
  "session_password_enabled": true,
  "child_session_auto_logout_delay": 900,
  "session_password_policy": {
    "password_min_length": 16,
    "password_max_length": 16,
    "use_special_characters": true,
    "use_lower_case": true,
    "use_upper_case": true,
    "use_numbers": true
  },
  "connection": {
    "type": "LDAP",
    "address": "string",
    "port": 123,
    "service_address_auto_update": true,
    "iam_access_key_id": "string",
    "iam_secret_access_key": "string",
    "iam_session_token": "string",
    "iam_fetch_roles": true,
    "iam_fetch_role_path_prefix": "string",
    "google_cloud_project_ids": [
      "string"
    ],
    "google_cloud_config_json": "string",
    "openstack_version": "V2",
    "openstack_endpoint": "string",
    "openstack_username": "string",
    "openstack_user_id": "string",
    "openstack_password": "string",
    "openstack_apikey": "string",
    "openstack_domainname": "string",
    "openstack_domainid": "string",
    "openstack_token_id": "string",
    "openstack_tenant_ids": [
      "string"
    ],
    "openstack_tenant_names": [
      "string"
    ],
    "azure_base_url": "string",
    "azure_subscription_id": "string",
    "azure_tenant_id": "string",
    "azure_client_id": "string",
    "azure_client_secret": "string",
    "ldap_protocol": "LDAP",
    "ldap_base": "string",
    "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
    "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
    "ldap_bind_password": "FooBar",
    "ldap_user_dn_pattern": "uid={0},ou=people",
    "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
    "google_gsuite_domain_admin_email": "admin@mydomain.com",
    "oidc_enabled": true,
    "oidc_issuer": "string",
    "oidc_button_title": "string",
    "oidc_client_id": "string",
    "oidc_client_secret": "string",
    "oidc_additional_scopes": [
      "string"
    ],
    "oidc_tags_attribute_name": "string",
    "attribute_mapping": {},
    "mfa_type": "DISABLED",
    "mfa_address": "string",
    "mfa_port": 123,
    "mfa_base_dn": "string",
    "domain_controller_fqdn": "string",
    "domain_controller_port": 123,
    "kerberos_ticket": "string",
    "enable_user_authentication": true,
    "enable_machine_authentication": true
  }
}

Response

ExamplesSchema

Source Successfully created

{
  "id": "5bf77342-221c-11ee-be56-0242ac120002"
}

get /role-store/api/v1/sources/{source_id}

Get source object by ID.

source_id

string

required

Source id

Response

ExamplesSchema

Successful response, returns a source if found

{
  "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "created": "2017-01-01T15:05:05Z",
  "updated": "2017-01-01T15:05:05Z",
  "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "enabled": true,
  "ttl": 86400,
  "status_code": "OK",
  "status_text": "Connection established",
  "name": "A pretty source",
  "comment": "A comment",
  "tags": [
    "string"
  ],
  "username_pattern": [
    "string"
  ],
  "external_user_mapping": [
    {
      "source_id": "string",
      "source_search_field": "string"
    }
  ],
  "session_password_enabled": true,
  "child_session_auto_logout_delay": 900,
  "session_password_policy": {
    "password_min_length": 16,
    "password_max_length": 16,
    "use_special_characters": true,
    "use_lower_case": true,
    "use_upper_case": true,
    "use_numbers": true,
    "password_entropy": 95,
    "password_strength": "STRONG"
  },
  "connection": {
    "type": "LDAP",
    "address": "string",
    "port": 123,
    "service_address_auto_update": true,
    "iam_access_key_id": "string",
    "iam_secret_access_key": "string",
    "iam_session_token": "string",
    "iam_fetch_roles": true,
    "iam_fetch_role_path_prefix": "string",
    "google_cloud_project_ids": [
      "string"
    ],
    "google_cloud_config_json": "string",
    "openstack_version": "V2",
    "openstack_endpoint": "string",
    "openstack_username": "string",
    "openstack_user_id": "string",
    "openstack_password": "string",
    "openstack_apikey": "string",
    "openstack_domainname": "string",
    "openstack_domainid": "string",
    "openstack_token_id": "string",
    "openstack_tenant_ids": [
      "string"
    ],
    "openstack_tenant_names": [
      "string"
    ],
    "azure_base_url": "string",
    "azure_subscription_id": "string",
    "azure_tenant_id": "string",
    "azure_client_id": "string",
    "azure_client_secret": "string",
    "ldap_protocol": "LDAP",
    "ldap_base": "string",
    "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
    "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
    "ldap_bind_password": "FooBar",
    "ldap_user_dn_pattern": "uid={0},ou=people",
    "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
    "google_gsuite_domain_admin_email": "admin@mydomain.com",
    "oidc_enabled": true,
    "oidc_issuer": "string",
    "oidc_button_title": "string",
    "oidc_client_id": "string",
    "oidc_client_secret": "string",
    "oidc_additional_scopes": [
      "string"
    ],
    "oidc_tags_attribute_name": "string",
    "attribute_mapping": {},
    "mfa_type": "DISABLED",
    "mfa_address": "string",
    "mfa_port": 123,
    "mfa_base_dn": "string",
    "domain_controller_fqdn": "string",
    "domain_controller_port": 123,
    "kerberos_ticket": "string",
    "enable_user_authentication": true,
    "enable_machine_authentication": true
  }
}

put /role-store/api/v1/sources/{source_id}

Update a source.

enabled

boolean

ttl

int

How often the source data should be refreshed, time in seconds

Example
86400

name

string

A name describing the source

Example
"A pretty source"

comment

string

A comment describing the object

Example
"A comment"

tags

array[string]

Array of tag strings

username_pattern

array[string]

Array of wildcarded username patters which should be authenticated against this source

external_user_mapping

array[object]

Mapping external users to source users via id+username

session_password_enabled

boolean

child_session_auto_logout_delay

int

Child session auto logout delay in seconds

Example
900

session_password_policy

object (session_password_policy)

Password policy for session password generation

connection

object (connection)

Source connection definition - depending on the type, either aws_iam_source, ad source or ldap_source is defined

Request

{
  "enabled": true,
  "ttl": 86400,
  "name": "A pretty source",
  "comment": "A comment",
  "tags": [
    "string"
  ],
  "username_pattern": [
    "string"
  ],
  "external_user_mapping": [
    {
      "source_id": "string",
      "source_search_field": "string"
    }
  ],
  "session_password_enabled": true,
  "child_session_auto_logout_delay": 900,
  "session_password_policy": {
    "password_min_length": 16,
    "password_max_length": 16,
    "use_special_characters": true,
    "use_lower_case": true,
    "use_upper_case": true,
    "use_numbers": true
  },
  "connection": {
    "type": "LDAP",
    "address": "string",
    "port": 123,
    "service_address_auto_update": true,
    "iam_access_key_id": "string",
    "iam_secret_access_key": "string",
    "iam_session_token": "string",
    "iam_fetch_roles": true,
    "iam_fetch_role_path_prefix": "string",
    "google_cloud_project_ids": [
      "string"
    ],
    "google_cloud_config_json": "string",
    "openstack_version": "V2",
    "openstack_endpoint": "string",
    "openstack_username": "string",
    "openstack_user_id": "string",
    "openstack_password": "string",
    "openstack_apikey": "string",
    "openstack_domainname": "string",
    "openstack_domainid": "string",
    "openstack_token_id": "string",
    "openstack_tenant_ids": [
      "string"
    ],
    "openstack_tenant_names": [
      "string"
    ],
    "azure_base_url": "string",
    "azure_subscription_id": "string",
    "azure_tenant_id": "string",
    "azure_client_id": "string",
    "azure_client_secret": "string",
    "ldap_protocol": "LDAP",
    "ldap_base": "string",
    "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
    "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
    "ldap_bind_password": "FooBar",
    "ldap_user_dn_pattern": "uid={0},ou=people",
    "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
    "google_gsuite_domain_admin_email": "admin@mydomain.com",
    "oidc_enabled": true,
    "oidc_issuer": "string",
    "oidc_button_title": "string",
    "oidc_client_id": "string",
    "oidc_client_secret": "string",
    "oidc_additional_scopes": [
      "string"
    ],
    "oidc_tags_attribute_name": "string",
    "attribute_mapping": {},
    "mfa_type": "DISABLED",
    "mfa_address": "string",
    "mfa_port": 123,
    "mfa_base_dn": "string",
    "domain_controller_fqdn": "string",
    "domain_controller_port": 123,
    "kerberos_ticket": "string",
    "enable_user_authentication": true,
    "enable_machine_authentication": true
  }
}

Response

ExamplesSchema

Source successfully updated

Empty response

delete /role-store/api/v1/sources/{source_id}

Delete source by ID.

source_id

string

required

Source id

Response

ExamplesSchema

Source Successfully deleted

Empty response

post /role-store/api/v1/sources/refresh

Fetch hosts from local host directory, or users from any user directory.

array[string]

Response

ExamplesSchema

Successful response, refresh started for listed directories.

{
  "id": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "created": "2017-01-01T15:05:05Z",
  "updated": "2017-01-01T15:05:05Z",
  "updated_by": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "author": "eef4aefc-d64e-4c2c-aba4-4914c86ce059",
  "enabled": true,
  "ttl": 86400,
  "status_code": "OK",
  "status_text": "Connection established",
  "name": "A pretty source",
  "comment": "A comment",
  "tags": [
    "string"
  ],
  "username_pattern": [
    "string"
  ],
  "external_user_mapping": [
    {
      "source_id": "string",
      "source_search_field": "string"
    }
  ],
  "session_password_enabled": true,
  "child_session_auto_logout_delay": 900,
  "session_password_policy": {
    "password_min_length": 16,
    "password_max_length": 16,
    "use_special_characters": true,
    "use_lower_case": true,
    "use_upper_case": true,
    "use_numbers": true,
    "password_entropy": 95,
    "password_strength": "STRONG"
  },
  "connection": {
    "type": "LDAP",
    "address": "string",
    "port": 123,
    "service_address_auto_update": true,
    "iam_access_key_id": "string",
    "iam_secret_access_key": "string",
    "iam_session_token": "string",
    "iam_fetch_roles": true,
    "iam_fetch_role_path_prefix": "string",
    "google_cloud_project_ids": [
      "string"
    ],
    "google_cloud_config_json": "string",
    "openstack_version": "V2",
    "openstack_endpoint": "string",
    "openstack_username": "string",
    "openstack_user_id": "string",
    "openstack_password": "string",
    "openstack_apikey": "string",
    "openstack_domainname": "string",
    "openstack_domainid": "string",
    "openstack_token_id": "string",
    "openstack_tenant_ids": [
      "string"
    ],
    "openstack_tenant_names": [
      "string"
    ],
    "azure_base_url": "string",
    "azure_subscription_id": "string",
    "azure_tenant_id": "string",
    "azure_client_id": "string",
    "azure_client_secret": "string",
    "ldap_protocol": "LDAP",
    "ldap_base": "string",
    "ldap_user_filter": "(&(!(objectclass=computer))(objectclass=user)(!(UserAccountControl:1.2.840.113556.1.4.803:=2))) for Microsoft Active Directory",
    "ldap_bind_dn": "CN=Admin,OU=Users,OU=ad,DC=ad,DC=ordain,DC=ssh,DC=com",
    "ldap_bind_password": "FooBar",
    "ldap_user_dn_pattern": "uid={0},ou=people",
    "google_gsuite_domain": "mydomain.com, if left empty fetches all user domains",
    "google_gsuite_domain_admin_email": "admin@mydomain.com",
    "oidc_enabled": true,
    "oidc_issuer": "string",
    "oidc_button_title": "string",
    "oidc_client_id": "string",
    "oidc_client_secret": "string",
    "oidc_additional_scopes": [
      "string"
    ],
    "oidc_tags_attribute_name": "string",
    "attribute_mapping": {},
    "mfa_type": "DISABLED",
    "mfa_address": "string",
    "mfa_port": 123,
    "mfa_base_dn": "string",
    "domain_controller_fqdn": "string",
    "domain_controller_port": 123,
    "kerberos_ticket": "string",
    "enable_user_authentication": true,
    "enable_machine_authentication": true
  }
}