...
The following examples illustrate typical use cases.
Identity Services
Getting Identity Services
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Getting Identity Services |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# get list of Identity Services
./deploy-identity-service.sh get-service "${request_options[@]}"
# get Identity Service
./deploy-identity-service.sh get-service "${request_options[@]}" --service=JOC-INITIAL |
Creating and Updating Identity Services
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Creating and Updating Identity Services |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# store Identity Service
./deploy-identity-service.sh store-service "${request_options[@]}" --service=New-Service --service-type=OIDC
# store required Identity Service using password for single-factor authentication
./deploy-identity-service.sh store-service "${request_options[@]}" --service=New-Service --service-type=LDAP --required \
--authentication-scheme=SINGLE-FACTOR --
# store required Identity Service using two-factor authentication
./deploy-identity-service.sh store-service "${request_options[@]}" --service=FIDO-Service --service-type=FIDO
./deploy-identity-service.sh store-service "${request_options[@]}" --service=LDAP-Service --service-type=LDAP --required --authentication-scheme=TWO-FACTOR |
Renaming and Removing Identity Services
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Renaming and Removing Identity Services |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# rename Identity Service
./deploy-identity-service.sh rename-service "${request_options[@]}" --service=Old-Service --new-service=New-Service
# remove Identity Service
./deploy-identity-service.sh remove-service "${request_options[@]}" --service=New-Service
|
Roles
Creating and Updating Roles
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Creating and Updating Roles |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# get list of roles
./deploy-identity-service.sh get-role "${request_options[@]}" --service=JOC-INITIAL
# get role
./deploy-identity-service.sh get-role "${request_options[@]}" --service=JOC-INITIAL --role=administrator
# store role
./deploy-identity-service.sh store-role "${request_options[@]}" --service=JOC-INITIAL --role=backoffice-user |
Renaming and Removing Roles
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Renaming and Removing Roles |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# rename role
./deploy-identity-service.sh rename-role "${request_options[@]}" --service=JOC-INITIAL --role=backoffice-user --new-role=business-user
# remove role
./deploy-identity-service.sh remove-role "${request_options[@]}" --service=JOC-INITIAL --role=business-user
# remove roles
./deploy-identity-service.sh remove-role "${request_options[@]}" --service=JOC-INITIAL --role=business-user,incident-manager |
Permissions
Creating and Updating Permissions
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Creating and Updating Permissions |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# get permissions for role
./deploy-identity-service.sh get-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user
# assign permissions to role
./deploy-identity-service.sh set-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:view','sos:products:controller:agents:view' |
Renaming and Removing Permissions
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Renaming and Removing Permissions |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# rename permission
./deploy-identity-service.sh rename-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:deployment:manage' \
--new-permission='sos:products:controller:deployment:view' --excluded
# remove permission
./deploy-identity-service.sh remove-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:deployment:view'
# remove permissions
./deploy-identity-service.sh remove-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:deployment','sos:products:controller:agents:view' |
Folder Permissions
Creating and Updating Folder Permissions
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Creating and Updating Folder Permissions |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# get folder permissions for all folders assigned the indicated role
./deploy-identity-service.sh get-folder "${request_options[@]}" --service=JOC-INITIAL --role=business-user
# get folder permissions for the indicated role and folder
./deploy-identity-service.sh get-folder "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--folder=/accounting
# set folder permissions recursively for a number of folders
./deploy-identity-service.sh set-folder "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--folder=/accounting,/reporting --recursive |
Renaming and Removing Folder Permissions
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Renaming and Removing Folder Permissions |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# rename folder permissions
./deploy-identity-service.sh rename-folder "${request_options[@]}" --service=JOC-INITIAL --role=business user \
--folder=/accounting --new-folder=/reporting --recursive
# remove folder permissions
./deploy-identity-service.sh remove-folder "${request_options[@]}" --service=JOC-INITIAL --role=business user \
--folder=/reporting |
Accounts
Creating and Updating Accounts
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Creating and Updating Accounts |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# get list of accounts
./deploy-identity-service.sh get-account "${request_options[@]}" --service=JOC-INITIAL
# get account
./deploy-identity-service.sh get-account "${request_options[@]}" --service=JOC-INITIAL --account=test-account
# store account using initial password
./deploy-identity-service.sh store-account "${request_options[@]}" --service=JOC-INITIAL --account=test-account |
Setting Account Password
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Setting Account Password |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# store account with specific password
./deploy-identity-service.sh store-account "${request_options[@]}" --service=JOC-INITIAL --account=test-account \
--account-password=secret
# trigger password change for account on next login
./deploy-identity-service.sh store-account "${request_options[@]}" --service=JOC-INITIAL --account=test-account \
--force-password-change
# set account password
./deploy-identity-service.sh set-account-password "${request_options[@]}" --service=JOC-INITIAL --account=test-account \
--account-password=secret--new-password=very-secret
# reset account to use initial password
./deploy-identity-service.sh reset-account-password "${request_options[@]}" --service=JOC-INITIAL --account=test-account |
Enabling and Disabling Accounts
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Enabling and Disabling Accounts |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# enable account
./deploy-identity-service.sh enable-account "${request_options[@]}" --service=JOC-INITIAL --account=test-account
# disable account
./deploy-identity-service.sh disable-account "${request_options[@]}" --service=JOC-INITIAL --account=test-account |
Renaming and Removing Accounts
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Renaming and Removing Accounts |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root)
# rename permission
./deploy-identity-service.sh rename-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:deployment:manage' \
--new-permission='sos:products:controller:deployment:view' --excluded
# remove permission
./deploy-identity-service.sh remove-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:deployment:view'
# remove permissions
./deploy-identity-service.sh remove-permission "${request_options[@]}" --service=JOC-INITIAL --role=business-user \
--permission='sos:products:controller:deployment','sos:products:controller:agents:view' |
Initial Operation
Setting up Identity Service, Roles, Permissions and Accounts
| Code Block |
|---|
| language | bash |
|---|
| title | Examples for Renaming and Removing Accounts |
|---|
| linenumbers | true |
|---|
|
# common options for connection to JS7 REST API
request_options=(--url=http://localhost:4446 --user=root --password=root) # store Identity Service
# create Identity Service using password for single-factor authentication
./deploy-identity-service.sh store-service "${request_options[@]}" --service=My-Service --service-type=LDAP --required \
--authentication-scheme=SINGLE-FACTOR
# create roles
./deploy-identity-service.sh store-role "${request_options[@]}" --service=My-Service --role=developer
./deploy-identity-service.sh store-role "${request_options[@]}" --service=My-Service --role=operator
# assign permissions to roles
./deploy-identity-service.sh set-permission "${request_options[@]}" --service=My-Servicde --role=developer \
----permission='sos:products:joc:administration:view','sos:products:joc:auditlog:view','sos:products:joc:calendars:view','sos:products:joc:cluster','sos:products:joc:inventory','sos:products:controller:view','sos:products:controller:agents:view'
# create accounts and assign to roles
|
Resources
- API
- Workflow Deployment Operations
- Workflow Status Operations
- Controller Deployment Operations
- Controller Status Operations
- JOC Cockpit Status Operations
...