General
Atlas Access Control systems allow users and groups to be assigned roles with permissions, allow privileged users to generate Access Tokens for 3rd party API interface, and give access to the system by handling login and logout.
Logging in and out
Logging in and out of the Atlas System requires a valid user account on the system, or on a authentication providing resource attached and configured for the Atlas System.
Login
Call to /authorization/login to log in.
Request Object
+ URL
/api/v2/authorization/login
+ Method
POST
+ Parameters
Internal Providers
- username (string, required, Body) - The username wishing to login
- password (string, required, Body) - The password for the user
- provider_name (string) - Provider name supplied when creating provider (i.e ldap_provider)
External Providers
- provider_name (string, required) - The provider name supplied when creating an external provider
- provider_protocol (string, required) - Protocol used when connecting to external provider (i.e saml, oauth)
+ Headers
Content-Type: application/json
+ Body
Internal Provider
{
"username": "bob_bobson",
"password": "bobbobsonpassword"
"provider_name": "ldap_provider"
}
External Provider
{
"provider_name": "sso_saml_login"
"provider_protocol": "saml"
}
Response Object
Upon sending this request, if you are authorized and attempting to reach an internal provider, you will be sent a token to use for all further requests
For external providers, you will be issued a 302 Redirect to the external provider. Upon authentication, whether valid or not, the external provider will issue another 302 Redirect to the callback URL which was supplied during the setup of the external provider. If no custom callback URL was provided the default route will be used (/api/v2/authorization/login/callback). If you are authorized you will be issued a token to use for all further requests.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"token": "wowWhatA.NormalLookingTokenWouldBeRightHereButNotInTheExample.Documentation1234567890"
}
Misc Functions
Additionally, you can view all available permissions on a system or see what your current access level is
Information about yourself.
Call to /authorization/self to view information about your current login.
Request Object
+ URL
/api/v2/authorization/self
+ Method
GET
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
Sending this will return to you information about the identity of the requester.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"uid": "1003",
"username": "bob_bobson",
"groups": [
"staff",
"staff"
],
"iat": 1601312694,
"exp": 1601917494,
"roles": [
{
"id": 1,
"hostid": "09e3b2bd",
"role_name": "admin",
"role_permissions": "authorization:standard,cloud:touch,cron:view,cron:create,cron:manage,cron:destroy,device:view,filesystem:view,filesystem:manage,event:view,event:destroy,usergroup:view,usergroup:create,usergroup:manage,usergroup:destroy,authprovider:view,authprovider:manage,ha:view,ha:destroy,ha:create,ha:manage,ipmi:view,ipmi:manage,lustre:view,lustre:manage,lustre:create,networkconfig:view,networkconfig:manage,interface:view,interface:manage,interface:create,interface:destroy,networkauth:view,networkauth:manage,networkqos:view,networkqos:create,networkqos:manage,networkqos:destroy,nfs:view,nfs:create,nfs:manage,nfs:destroy,notification:view,notification:create,notification:manage,notification:destroy,pod:view,pod:create,pod:manage,pod:destroy,pool:view,pool:manage,pool:create,pool:destroy,probe:view,probe:manage,role:view,role:create,role:manage,role:destroy,service:view,service:manage,service:destroy,smb:view,smb:create,smb:manage,smb:destroy,snapshot:view,snapshot:create,snapshot:destroy,snapshot:manage,statistic:view,status:view,status:create,status:manage,status:destroy,system:view,system:manage,systemhealth:view,systemhealth:create,systemkey:view,systemkey:create,systemkey:destroy,systemkey:manage,system:special,process:view,process:destroy,token:view,token:standard,token:manage,zfs:view,zfs:create,zfs:manage,zfs:destroy,license:create,license:view,routine:view,routine:create,routine:manage,routine:destroy,job:view,job:create,job:manage,job:destroy,trigger:view,trigger:create,trigger:manage,trigger:destroy,be:view,be:create,be:manage,be:destroy,certificate:view,certificate:create,certificate:manage,certificate:destroy,ctdb:view,ctdb:create,ctdb:manage,ctdb:destroy",
"enabled": true,
"createdAt": "2020-09-09T03:10:21.227Z",
"updatedAt": "2020-09-09T03:10:21.227Z"
}
],
"permissions": [
"authorization:standard",
"authprovider:manage",
"authprovider:view",
"be:create",
"be:destroy",
"be:manage",
"be:view",
"certificate:create",
"certificate:destroy",
"certificate:manage",
"certificate:view",
"cloud:touch",
"cron:create",
"cron:destroy",
"cron:manage",
"cron:view",
"ctdb:create",
"ctdb:destroy",
"ctdb:manage",
"ctdb:view",
"device:view",
"event:destroy",
"event:view",
"filesystem:manage",
"filesystem:view",
"ha:create",
"ha:destroy",
"ha:manage",
"ha:view",
"interface:create",
"interface:destroy",
"interface:manage",
"interface:view",
"ipmi:manage",
"ipmi:view",
"job:create",
"job:destroy",
"job:manage",
"job:view",
"license:create",
"license:view",
"lustre:create",
"lustre:manage",
"lustre:view",
"networkauth:manage",
"networkauth:view",
"networkconfig:manage",
"networkconfig:view",
"networkqos:create",
"networkqos:destroy",
"networkqos:manage",
"networkqos:view",
"nfs:create",
"nfs:destroy",
"nfs:manage",
"nfs:view",
"notification:create",
"notification:destroy",
"notification:manage",
"notification:view",
"pod:create",
"pod:destroy",
"pod:manage",
"pod:view",
"pool:create",
"pool:destroy",
"pool:manage",
"pool:view",
"probe:manage",
"probe:view",
"process:destroy",
"process:view",
"role:create",
"role:destroy",
"role:manage",
"role:view",
"routine:create",
"routine:destroy",
"routine:manage",
"routine:view",
"service:destroy",
"service:manage",
"service:view",
"smb:create",
"smb:destroy",
"smb:manage",
"smb:view",
"snapshot:create",
"snapshot:destroy",
"snapshot:manage",
"snapshot:view",
"statistic:view",
"status:create",
"status:destroy",
"status:manage",
"status:view",
"system:manage",
"system:special",
"system:view",
"systemhealth:create",
"systemhealth:view",
"systemkey:create",
"systemkey:destroy",
"systemkey:manage",
"systemkey:view",
"token:manage",
"token:standard",
"token:view",
"trigger:create",
"trigger:destroy",
"trigger:manage",
"trigger:view",
"usergroup:create",
"usergroup:destroy",
"usergroup:manage",
"usergroup:view",
"zfs:create",
"zfs:destroy",
"zfs:manage",
"zfs:view"
]
}
Available Permissions
Call to /authorization/permissions to view all available permissions
Request Object
+ URL
/api/v2/authorization/permissions
+ Method
GET
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
Sending this will return to you information about permissions that are available.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"dictionary": [
"authprovider:view",
"authprovider:manage",
"authorization:standard",
"be:view",
"be:create",
"be:manage",
"be:destroy",
"ctdb:view",
"ctdb:manage",
"certificate:view",
"certificate:create",
"certificate:destroy",
"certificate:manage",
"cloud:touch",
"cron:view",
"cron:create",
"cron:manage",
"cron:destroy",
"device:view",
"filesystem:view",
"filesystem:manage",
"event:view",
"event:destroy",
"usergroup:view",
"usergroup:create",
"usergroup:manage",
"usergroup:destroy",
"ha:view",
"ha:destroy",
"ha:create",
"ha:manage",
"ipmi:view",
"ipmi:manage",
"job:view",
"job:manage",
"job:create",
"job:destroy",
"license:view",
"license:create",
"lustre:view",
"lustre:manage",
"lustre:create",
"networkconfig:view",
"networkconfig:manage",
"interface:view",
"interface:manage",
"interface:create",
"interface:destroy",
"networkauth:view",
"networkauth:manage",
"networkqos:view",
"networkqos:create",
"networkqos:destroy",
"nfs:view",
"nfs:manage",
"nfs:destroy",
"nfs:create",
"notification:view",
"notification:create",
"notification:manage",
"notification:destroy",
"pod:view",
"pod:create",
"pod:manage",
"pod:destroy",
"pool:view",
"pool:manage",
"pool:create",
"pool:destroy",
"probe:view",
"probe:manage",
"role:view",
"role:create",
"role:manage",
"role:destroy",
"routine:view",
"routine:create",
"routine:manage",
"routine:destroy",
"service:view",
"service:manage",
"service:destroy",
"smb:view",
"smb:manage",
"smb:create",
"smb:destroy",
"snapshot:view",
"snapshot:create",
"snapshot:destroy",
"snapshot:manage",
"statistic:view",
"status:view",
"status:create",
"status:manage",
"status:destroy",
"system:view",
"system:manage",
"systemhealth:view",
"systemhealth:create",
"systemkey:view",
"systemkey:create",
"systemkey:destroy",
"systemkey:manage",
"system:special",
"process:view",
"process:destroy",
"trigger:view",
"trigger:manage",
"trigger:create",
"trigger:destroy",
"token:manage",
"token:view",
"token:standard",
"zfs:view",
"zfs:create",
"zfs:manage",
"zfs:destroy"
]
}