Users
A user of the system is allowed to access the Atlas System in some form or fashion. You can create users without SSH or SMB access, but with UI access, and vice-versa.
Basic Operations
Basic operations of Create, List, Update and Destroy are available for users
List all Users
Call to /authorization/user to get all users.
Request Object
+ URL
/api/v2/authorization/user
+ Method
GET
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
Sending this should get you back a valid response, an array with each user in the system.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
[
{
"username": "nolustre",
"password": "x",
"uid": 1002,
"gid": 50,
"fullName": "",
"homeDirectory": "/dev/null",
"shell": "/bin/false",
"group": [
{
"groupname": "staff",
"password": "x",
"gid": 50,
"users": []
}
]
},
{
"username": "gitlab-runner",
"password": "x",
"uid": 995,
"gid": 995,
"fullName": "GitLab Runner",
"homeDirectory": "/home/gitlab-runner",
"shell": "/bin/bash",
"group": [
{
"groupname": "gitlab-runner",
"password": "x",
"gid": 995,
"users": []
}
]
},
{
"username": "bob_bobson",
"password": "x",
"uid": 1003,
"gid": 50,
"fullName": "",
"homeDirectory": "/dev/null",
"shell": "/bin/false",
"group": [
{
"groupname": "staff",
"password": "x",
"gid": 50,
"users": []
}
]
}
]
Get one User
Call to /authorization/group/$USERNAME/details to get details on a specific user.
Request Object
+ URL
/api/v2/authorization/group/$USERNAME/details
+ Method
GET
+ Parameters
user name (string, required, URL param) - the name of the user you'd like to get details about
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
Sending this should get you back a valid response, an array with the user you requested.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"username": "bob_bobson",
"password": "x",
"uid": 1003,
"gid": 50,
"fullName": "",
"homeDirectory": "/dev/null",
"shell": "/bin/false",
"smb": true,
"group": [
{
"groupname": "staff",
"password": "x",
"gid": 50,
"users": []
}
],
"roles": [
{
"id": 5,
"hostid": "09e3b2bd",
"role_name": "Standardtoken",
"role_permissions": "authorization:standard,cron:view,usergroup:view,ipmi:view,job:view,lustre:view,networkconfig:view,interface:view,networkauth:view,networkqos:view,nfs:view,notification:view,pod:view,pool:view,probe:view,role:view,routine:view,service:view,smb:view,snapshot:view,statistic:view,status:view,system:view,systemhealth:view,systemkey:view,process:view,token:view,zfs:view,token:standard",
"enabled": true,
"createdAt": "2020-09-28T18:01:51.218Z",
"updatedAt": "2020-09-28T18:01:51.218Z"
}
],
"permissions": [
"authorization:standard",
"cron:view",
"interface:view",
"ipmi:view",
"job:view",
"lustre:view",
"networkauth:view",
"networkconfig:view",
"networkqos:view",
"nfs:view",
"notification:view",
"pod:view",
"pool:view",
"probe:view",
"process:view",
"role:view",
"routine:view",
"service:view",
"smb:view",
"snapshot:view",
"statistic:view",
"status:view",
"system:view",
"systemhealth:view",
"systemkey:view",
"token:standard",
"token:view",
"usergroup:view",
"zfs:view"
]
}
Create a User
Creating a user takes a username and password, as well as many other optional parameters.
Request Object
+ URL
/api/v2/authorization/user/create
+ Method
POST
+ Parameters
username (string, required, Body) - The name to be assigned to this user
password (string, required, Body) - The password to assign to this user
remote (boolean, optional, Body) - Should this user be allowed SSH access
groupname (string, optional, Body) - The group to assign this user to
uid (number, optional, Body) - The UID to assign to this user
rids (string, optional, Body) - A comma delimited list of role ids
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"username": "tim_tomson",
"password": "timtomsonpassword",
"groupname" : "testing_once_more",
"remote": true,
"uid": 5678,
"rids": "3"
}
Response Object
Sending this should get you back a valid response, an object with the user you created.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"username": "tim_tomson",
"password": "x",
"uid": 5678,
"gid": 2222,
"fullName": "",
"homeDirectory": "/home/tim_tomson",
"shell": "/bin/sh",
"smb": false,
"group": [
{
"groupname": "testing_once_more",
"password": "x",
"gid": 2222,
"users": []
}
]
}
Update a User
Updating a user takes a username, as well as any other desired parameters to be updated
Request Object
+ URL
/api/v2/authorization/user/$USERNAME/update
+ Method
POST
+ Parameters
username (string, required, URL param) - The name of the user to be updated
password (string, optional, Body) - The password to assign to this user
remote (boolean, optional, Body) - Should this user be allowed SSH access
gid (number, optional, Body) - The GID to assign this user to
uid (number, optional, Body) - The UID to assign to this user
rids (string, optional, Body) - A comma delimited list of role ids
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"password": "timtomsonpassword2",
"gid" : 1000,
"remote": false,
"uid": 6789,
"rids": "1,2"
}
Response Object
Sending this should get you back a valid response, an object with the user you created.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
{
"username": "tim_tomson",
"password": "x",
"uid": 6789,
"gid": 1000,
"fullName": "",
"homeDirectory": "/dev/null",
"shell": "/bin/false",
"smb": false,
"rids": [
"1",
"2"
]
}
User Roles
Instead of Updating users with role information, you can manage user to role ties directly. This is useful for Active Directory or otherwise 3rd party managed authorization sources where you want to assign roles to users not managed by the Atlas System
Basic Operations
Basic operations of List, Assign, and Unassign are available for user roles.
List all User to Role ties.
Listing all ties is very simple.
Request Object
+ URL
/api/v2/authorization/user/role
+ Method
GET
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{}
Response Object
Sending this should get you back a valid response, an array with each user to role tie in the system.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
[
{
"id": 3,
"hostid": "09e3b2bd",
"username": "open",
"rid": 1,
"createdAt": "2020-09-15T20:35:45.052Z",
"updatedAt": "2020-09-15T20:35:45.052Z",
"provider_name": "local"
},
{
"id": 4,
"hostid": "09e3b2bd",
"username": "nolustre",
"rid": 3,
"createdAt": "2020-09-17T23:58:24.533Z",
"updatedAt": "2020-09-17T23:58:24.533Z"
"provider_name": "local"
},
{
"id": 6,
"hostid": "09e3b2bd",
"username": "bob_bobson",
"rid": 5,
"createdAt": "2020-09-28T18:01:59.533Z",
"updatedAt": "2020-09-28T18:01:59.533Z"
"provider_name": "my-active-directory"
}
]
Get User Role ties for a User
You can also get all role ties for a specific user
Request Object
+ URL
/api/v2/authorization/user/role/details
+ Method
POST
+ Parameters
username (string, required, Body) - The name of the user to get ties for
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"username": "open"
}
Response Object
Sending this should get you back a valid response, an array with each user to role tie in the system for your user.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
[
{
"id": 3,
"hostid": "09e3b2bd",
"username": "open",
"rid": 1,
"createdAt": "2020-09-15T20:35:45.052Z",
"updatedAt": "2020-09-15T20:35:45.052Z",
"providerName": "local"
}
]
Assign a Role to a User
You can assign a role to a user rather simply
Request Object
+ URL
/api/v2/authorization/user/role/assign
+ Method
POST
+ Parameters
username (string, required, Body) - The name of the user to assign
rid (number, required, Body) - The role ID number to assign
providerName (number, optional, Body) - The provider name associated with this username. If not provided, this value will default to "local".
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"username": "bob_bobson",
"rid": 4,
"providerName": "my-active-directory"
}
Response Object
You will be returned the newly created entry.
+ Headers
X-Powered-By: OpenDrives
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
+ Body
[
{
"id": 12,
"hostid": "09e3b2bd",
"username": "bob_bobson",
"rid": 4,
"createdAt": "2020-09-28T19:42:27.851Z",
"updatedAt": "2020-09-28T19:42:27.851Z",
"providerName": "my-active-directory"
}
]
Unassign a Role from a User
Similar to Assign, you may also un-assign.
Request Object
+ URL
/api/v2/authorization/user/role/unassign
+ Method
POST
+ Parameters
username (string, required, Body) - The name of the user to unassign
rid (number, required, Body) - The role ID number to unassign
providerName (number, required, Body) - The provider name associated with this username
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"username": "bob_bobson",
"rid": 4,
"providerName": "local
}
SMB Users
SMB user management is handled separately from system users. Use the routes in this section to create, update, and destroy SMB users. Please note that a correlating system user of the same user name must exist prior to creating an SMB user.
Basic Operations
Basic operations of Create, Update, and Destroy are available for SMB users.
Create SMB User
Creates an SMB user by which filesystem SMB shares may be accessed. A correlating system user of the same username must exist in order for this route to be successful.
Request Object
+ URL
/api/v2/authorization/user/smb/create
+ Method
POST
+ Parameters
username (string, required, Body) - The name of the smb user to create
password (string, required, Body) - The password to assign to this smb user
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"username": "bob_bobson",
"password": "burgers"
}
Update SMB User
Updates an existing SMB user with a designated password
Request Object
+ URL
/api/v2/authorization/user/smb/$USERNAME/update
+ Method
POST
+ Parameters
username (string, required, URL param) - The name of the smb user to create
password (string, required, Body) - The password to assign to this smb user
+ Headers
Content-Type: application/json
token: ThisIsNotARealTokenGenerateYourOwnToken
+ Body
{
"password": "burgers"
}
Destroy SMB User
Updates an existing SMB user with a designated password