luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity
open-vault/website/source/api/secret/identity/identity-groups.html.md
Seth Vargo 0b827774ae Drop vault.rocks (#4186)
2018-03-23 11:41:51 -04:00

6.4 KiB
Raw Blame History

layout page_title sidebar_current description
api /identity/groups - HTTP API docs-http-secret-identity-groups This is the API documentation for the identity groups.

Create/Update Group

This endpoint creates or updates a group.

Method Path Produces
POST /identity/group 200 application/json

Parameters

  • name (string: group-<UUID>) Name of the group.

  • id (string: "") - ID of the group. If this is set, this endpoint will update the corresponding group.

  • metadata (list of strings: []) Metadata to be associated with the group. Format should be a list of key=value pairs.

  • policies (list of strings: []) Policies to be tied to the group. Comma separated list of strings.

  • member_group_ids (list of strings: []) - Group IDs to be assigned as group members.

  • member_entity_ids (list of strings: []) - Entity IDs to be assigned as group members.

Sample Payload

{
    "name": "engineering-group",
	"metadata": ["organization=hashicorp", "team=vault"],
	"policies": ["eng-dev", "infra-dev"]
}

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/group

Sample Response

{
        "data": {
                "id": "454ceeb5-76d7-a131-b92a-7ecfb15523e8",
                "name": "engineering-group"
        }
}

Update Group by ID

This endpoint updates the group by its ID.

Method Path Produces
POST /identity/group/id/:id 200 application/json

Parameters

  • id (string: "") - ID of the group.

  • name (string: group-<UUID>) Name of the group.

  • metadata (list of strings: []) Metadata to be associated with the group. Format should be a list of key=value pairs.

  • policies (list of strings: []) Policies to be tied to the group. Comma separated list of strings.

  • member_group_ids (list of strings: []) - Group IDs to be assigned as group members.

  • member_entity_ids (list of strings: []) - Entity IDs to be assigned as group members.

Sample Payload

{
	    "metadata": ["organization=updatedorg", "team=updatedteam"],
	    "policies": ["updatedpolicy"]
}

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8

Sample Response

{
        "data": {
                "id": "454ceeb5-76d7-a131-b92a-7ecfb15523e8",
                "name": "engineering-group"
        }
}

Read Group by ID

This endpoint reads the group by its ID.

Method Path Produces
GET /identity/group/id/:id 200 application/json

Parameters

  • id (string: "") - ID of the group.

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
        http://127.0.0.1:8200/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8

Sample Response

{
        "data": {
                "creation_time": "2017-09-13T01:17:26.755474204Z",
                "id": "454ceeb5-76d7-a131-b92a-7ecfb15523e8",
                "last_update_time": "2017-09-13T01:17:26.755474204Z",
                "member_entity_ids": [],
                "member_group_ids": null,
                "metadata": {
                        "organization": "hashicorp",
                        "team": "vault"
                },
                "modify_index": 1,
                "name": "engineering-group",
                "policies": [
                        "dev-policy"
                ]
        }
}

Delete Group by ID

This endpoint deleted the group by its ID.

Method Path Produces
DELETE /identity/group/id/:id 204 (empty body)

Parameters

  • id (string: "") - ID of the group.

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request DELETE \
    http://127.0.0.1:8200/v1/identity/group/id/454ceeb5-76d7-a131-b92a-7ecfb15523e8

List Groups by ID

This endpoint lists all the groups by their ID.

Method Path Produces
LIST /identity/group/id 200 application/json
GET /identity/group/id?list=true 200 application/json

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request LIST \
    http://127.0.0.1:8200/v1/identity/group/id

Sample Response

{
  "data": {
    "keys": [
      "454ceeb5-76d7-a131-b92a-7ecfb15523e8",
      "7b2fb80c-9516-68d1-35fc-11450f6477ab"
    ]
  }
}

Lookup Group by ID

This endpoint queries the group by its ID.

Method Path Produces
POST /identity/lookup/group 200 application/json

Parameters

  • type (string: "") - Type of query. Supported values are by_id and by_name.

  • group_name (string: "") - Name of the group.

  • group_id (string: "") - ID of the group.

Sample Payload

{
    "type": "by_id",
    "group_id": "454ceeb5-76d7-a131-b92a-7ecfb15523e8"
}

Sample Request

$ curl \
    --header "X-Vault-Token: ..." \
    --request POST \
    --data @payload.json \
    http://127.0.0.1:8200/v1/identity/lookup/group

Sample Response

{
        "data": {
                "creation_time": "2017-09-13T01:17:26.755474204Z",
                "id": "454ceeb5-76d7-a131-b92a-7ecfb15523e8",
                "last_update_time": "2017-09-13T01:17:26.755474204Z",
                "member_entity_ids": [],
                "member_group_ids": null,
                "metadata": {
                        "organization": "hashicorp",
                        "team": "vault"
                },
                "modify_index": 1,
                "name": "engineering-group",
                "policies": [
                        "dev-policy"
                ]
        }
}