Users
A user of the system is allowed to access the Atlas System in some form or fashion. You can create users without SSH or SMB access, but with UI access, and vice-versa.
Basic Operations
Basic operations of Create, List, Update and Destroy are available for users
List all Users
Call to /authorization/user to get all users.
Request Object
+ URL /api/v2/authorization/user + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with each user in the system.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "username": "nolustre", "password": "x", "uid": 1002, "gid": 50, "fullName": "", "homeDirectory": "/dev/null", "shell": "/bin/false", "group": [ { "groupname": "staff", "password": "x", "gid": 50, "users": [] } ] }, { "username": "gitlab-runner", "password": "x", "uid": 995, "gid": 995, "fullName": "GitLab Runner", "homeDirectory": "/home/gitlab-runner", "shell": "/bin/bash", "group": [ { "groupname": "gitlab-runner", "password": "x", "gid": 995, "users": [] } ] }, { "username": "bob_bobson", "password": "x", "uid": 1003, "gid": 50, "fullName": "", "homeDirectory": "/dev/null", "shell": "/bin/false", "group": [ { "groupname": "staff", "password": "x", "gid": 50, "users": [] } ] } ]
Get one User
Call to /authorization/group/$USERNAME/details to get details on a specific user.
Request Object
+ URL /api/v2/authorization/group/$USERNAME/details + Method GET + Parameters user name (string, required, URL param) - the name of the user you'd like to get details about + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with the user you requested.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "username": "bob_bobson", "password": "x", "uid": 1003, "gid": 50, "fullName": "", "homeDirectory": "/dev/null", "shell": "/bin/false", "smb": true, "group": [ { "groupname": "staff", "password": "x", "gid": 50, "users": [] } ], "roles": [ { "id": 5, "hostid": "09e3b2bd", "role_name": "Standardtoken", "role_permissions": "authorization:standard,cron:view,usergroup:view,ipmi:view,job:view,lustre:view,networkconfig:view,interface:view,networkauth:view,networkqos:view,nfs:view,notification:view,pod:view,pool:view,probe:view,role:view,routine:view,service:view,smb:view,snapshot:view,statistic:view,status:view,system:view,systemhealth:view,systemkey:view,process:view,token:view,zfs:view,token:standard", "enabled": true, "createdAt": "2020-09-28T18:01:51.218Z", "updatedAt": "2020-09-28T18:01:51.218Z" } ], "permissions": [ "authorization:standard", "cron:view", "interface:view", "ipmi:view", "job:view", "lustre:view", "networkauth:view", "networkconfig:view", "networkqos:view", "nfs:view", "notification:view", "pod:view", "pool:view", "probe:view", "process:view", "role:view", "routine:view", "service:view", "smb:view", "snapshot:view", "statistic:view", "status:view", "system:view", "systemhealth:view", "systemkey:view", "token:standard", "token:view", "usergroup:view", "zfs:view" ] }
Create a User
Creating a user takes a username and password, as well as many other optional parameters.
Request Object
+ URL /api/v2/authorization/user/create + Method POST + Parameters username (string, required, Body) - The name to be assigned to this user password (string, required, Body) - The password to assign to this user remote (boolean, optional, Body) - Should this user be allowed SSH access groupname (string, optional, Body) - The group to assign this user to uid (number, optional, Body) - The UID to assign to this user rids (string, optional, Body) - A comma delimited list of role ids + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "username": "tim_tomson", "password": "timtomsonpassword", "groupname" : "testing_once_more", "remote": true, "uid": 5678, "rids": "3" }
Response Object
Sending this should get you back a valid response, an object with the user you created.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "username": "tim_tomson", "password": "x", "uid": 5678, "gid": 2222, "fullName": "", "homeDirectory": "/home/tim_tomson", "shell": "/bin/sh", "smb": false, "group": [ { "groupname": "testing_once_more", "password": "x", "gid": 2222, "users": [] } ] }
Update a User
Updating a user takes a username, as well as any other desired parameters to be updated
Request Object
+ URL /api/v2/authorization/user/$USERNAME/update + Method POST + Parameters username (string, required, URL param) - The name of the user to be updated password (string, optional, Body) - The password to assign to this user remote (boolean, optional, Body) - Should this user be allowed SSH access gid (number, optional, Body) - The GID to assign this user to uid (number, optional, Body) - The UID to assign to this user rids (string, optional, Body) - A comma delimited list of role ids + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "password": "timtomsonpassword2", "gid" : 1000, "remote": false, "uid": 6789, "rids": "1,2" }
Response Object
Sending this should get you back a valid response, an object with the user you created.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body { "username": "tim_tomson", "password": "x", "uid": 6789, "gid": 1000, "fullName": "", "homeDirectory": "/dev/null", "shell": "/bin/false", "smb": false, "rids": [ "1", "2" ] }
User Roles
Instead of Updating users with role information, you can manage user to role ties directly. This is useful for Active Directory or otherwise 3rd party managed authorization sources where you want to assign roles to users not managed by the Atlas System
Basic Operations
Basic operations of List, Assign, and Unassign are available for user roles.
List all User to Role ties.
Listing all ties is very simple.
Request Object
+ URL /api/v2/authorization/user/role + Method GET + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body {}
Response Object
Sending this should get you back a valid response, an array with each user to role tie in the system.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 3, "hostid": "09e3b2bd", "username": "open", "rid": 1, "createdAt": "2020-09-15T20:35:45.052Z", "updatedAt": "2020-09-15T20:35:45.052Z", "provider_name": "local" }, { "id": 4, "hostid": "09e3b2bd", "username": "nolustre", "rid": 3, "createdAt": "2020-09-17T23:58:24.533Z", "updatedAt": "2020-09-17T23:58:24.533Z" "provider_name": "local" }, { "id": 6, "hostid": "09e3b2bd", "username": "bob_bobson", "rid": 5, "createdAt": "2020-09-28T18:01:59.533Z", "updatedAt": "2020-09-28T18:01:59.533Z" "provider_name": "my-active-directory" } ]
Get User Role ties for a User
You can also get all role ties for a specific user
Request Object
+ URL /api/v2/authorization/user/role/details + Method POST + Parameters username (string, required, Body) - The name of the user to get ties for + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "username": "open" }
Response Object
Sending this should get you back a valid response, an array with each user to role tie in the system for your user.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 3, "hostid": "09e3b2bd", "username": "open", "rid": 1, "createdAt": "2020-09-15T20:35:45.052Z", "updatedAt": "2020-09-15T20:35:45.052Z", "providerName": "local" } ]
Assign a Role to a User
You can assign a role to a user rather simply
Request Object
+ URL /api/v2/authorization/user/role/assign + Method POST + Parameters username (string, required, Body) - The name of the user to assign rid (number, required, Body) - The role ID number to assign providerName (number, optional, Body) - The provider name associated with this username. If not provided, this value will default to "local". + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "username": "bob_bobson", "rid": 4, "providerName": "my-active-directory" }
Response Object
You will be returned the newly created entry.
+ Headers X-Powered-By: OpenDrives Access-Control-Allow-Origin: * Content-Type: application/json; charset=utf-8 + Body [ { "id": 12, "hostid": "09e3b2bd", "username": "bob_bobson", "rid": 4, "createdAt": "2020-09-28T19:42:27.851Z", "updatedAt": "2020-09-28T19:42:27.851Z", "providerName": "my-active-directory" } ]
Unassign a Role from a User
Similar to Assign, you may also un-assign.
Request Object
+ URL /api/v2/authorization/user/role/unassign + Method POST + Parameters username (string, required, Body) - The name of the user to unassign rid (number, required, Body) - The role ID number to unassign providerName (number, required, Body) - The provider name associated with this username + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "username": "bob_bobson", "rid": 4, "providerName": "local }
SMB Users
SMB user management is handled separately from system users. Use the routes in this section to create, update, and destroy SMB users. Please note that a correlating system user of the same user name must exist prior to creating an SMB user.
Basic Operations
Basic operations of Create, Update, and Destroy are available for SMB users.
Create SMB User
Creates an SMB user by which filesystem SMB shares may be accessed. A correlating system user of the same username must exist in order for this route to be successful.
Request Object
+ URL /api/v2/authorization/user/smb/create + Method POST + Parameters username (string, required, Body) - The name of the smb user to create password (string, required, Body) - The password to assign to this smb user + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "username": "bob_bobson", "password": "burgers" }
Update SMB User
Updates an existing SMB user with a designated password
Request Object
+ URL /api/v2/authorization/user/smb/$USERNAME/update + Method POST + Parameters username (string, required, URL param) - The name of the smb user to create password (string, required, Body) - The password to assign to this smb user + Headers Content-Type: application/json token: ThisIsNotARealTokenGenerateYourOwnToken + Body { "password": "burgers" }
Destroy SMB User
Updates an existing SMB user with a designated password