Multitenancy APIs
APIs for configuring and managing multitenancy in your hub cluster.
To use these APIs, you must add an authorization header to your request. You need an access token to add to the authorization header. To obtain the access token, see Preparing to run component or management API commands.
Where, <cluster_address>
is defined in Foundational service endpoint.
- Account management APIs
- Get information about all accounts
- Create an account
- Get information about an account
- Edit an account
- Delete an account
- Get identity providers that are connected to an account
- Get information about an account administrator
- Get members of an account
- Get information about users by using a search string
- Add users to an account
- Get information about a user by using the User ID
- Update user information
- Delete a user from an account
- User management APIs
- LDAP management APIs
Account management APIs
APIs to create and manage accounts.
Base path: https://<cluster_address>/idmgmt/identity/api/v1/account
Get information about all accounts
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account"
If you want to filter based on the account type, you can use the query parameter ?type=<Custom|System>
. The sample curl command would then resemble the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account?type=Custom"
The response resembles the following code:
[
{
"id": "15cc-c441",
"name": "Coke Account",
"description": "Description for Coke Account",
"createdOn": "2019-08-12T19:14:08.961Z"
},
{
"id": "9df7-d134",
"name": "Pepsi Account",
"description": "Description for Pepsi Account",
"createdOn": "2019-08-12T19:14:36.736Z"
},
{
"id": "id-mycluster-account",
"name": "mycluster Account",
"description": "Description for mycluster Account",
"createdOn": "2019-08-12T19:02:08.343Z"
}
]
Create an account
The sample curl command resembles the following code:
curl -k -X POST \
"https://<cluster_address>/idmgmt/identity/api/v1/account" \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"name": "<account_name>",
"description": "<account_description>"
}'
The response resembles the following code:
{
"id": "15cc-c441",
"name": "Coke Account",
"description": "Description for Coke Account",
"createdOn": "2019-08-12T19:14:08.961Z"
}
Get information about an account
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>"
The response resembles the following code:
{
"id": "15cc-c441",
"name": "Coke Account",
"description": "Description for Coke Account",
"createdOn": "2019-08-12T19:14:08.961Z",
"url": "/identity/api/v1/account/15cc-c441"
}
Edit an account
The sample curl command resembles the following code:
curl -k -X PUT \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>" \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"id": "15cc-c441",
"name": "Coke Account updated",
"description": "Description for Coke Account updated",
"createdOn": "2019-08-12T19:14:08.961Z",
"url": "/identity/api/v1/account/15cc-c441"
}'
The response resembles the following code:
{
"id": "15cc-c441",
"name": "Coke Account updated",
"description": "Description for Coke Account updated",
"createdOn": "2019-08-12T19:14:08.961Z",
"url": "/identity/api/v1/account/15cc-c441"
}
Delete an account
The sample curl command resembles the following code:
ccurl -k -X DELETE \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>"
The response resembles the following code:
{
"count": 1
}
Get identity providers that are connected to an account
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/identityproviders"
The response resembles the following code:
[
{
"name": "Default Identity Provider",
"type": "OIDC",
"provider": {
"clientId": "bd5d397101707382666617643e616ac2",
"clientSecret": "df62cdbd3acc488d30a7708f793e3cef",
"scope": "openid+profile+email",
"endpointUrls": {
"token": "https://mycluster.icp:8443/idprovider/v1/auth/token",
"authorization": "https://mycluster.icp:8443/idprovider/v1/auth/authorize"
}
},
"id": "5d4f34271b2e11001383873a"
}
]
Get information about an account administrator
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/owner"
The response resembles the following code:
[
{
"userId": "fred",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Fred",
"lastName": "",
"email": "fred@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=fred,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account",
"account_role": "PRIMARY_OWNER"
}
]
Get members of an account
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/users"
The response resembles the following code:
[
{
"userId": "fred",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Fred",
"lastName": "",
"email": "fred@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=fred,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account",
"account_role": "PRIMARY_OWNER"
},
{
"userId": "mark",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account",
"account_role": "MEMBER"
}
]
Get information about users by using a search string
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/users?searchString=<search_string>&limit=<limit>"
Where, <search_string>
is any set of characters that you can search, and limit
is the maximum number of records to be returned.
The response resembles the following code:
[
{
"userId": "mark",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account",
"account_role": "MEMBER"
}
]
Add users to an account
The sample curl command resembles the following code:
curl -k -X POST \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/users" \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"userId": "mark",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"account_role": "<account_role>"
}'
Where, <account_role>
is the role to be assigned to the user. The role can be PRIMARY_OWNER
or MEMBER
.
The response resembles the following code:
{
"userId": "mark",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"account_role": "PRIMARY_OWNER",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account"
}
Get information about a user by using the User ID
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/users/<user_ID>"
The response resembles the following code:
{
"userId": "fred",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Fred",
"lastName": "",
"email": "fred@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=fred,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account",
"account_role": "PRIMARY_OWNER"
}
Update user information
The sample curl command resembles the following code:
curl -k -X PUT \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/users/<user_ID>" \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"userId": "mark",
"directoryId": "50f49120-ae51-11e9-9f55-1bb937839969",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "a706-285a-f027-cd87",
"activeAccountName": "Test Account",
"account_role": "<account_role>"
}'
The response resembles the following code:
{
"userId": "mark",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "9df7-d134",
"activeAccountName": "Pepsi Account",
"account_role": "MEMBER"
}
Delete a user from an account
The sample curl command resembles the following code:
curl -k -X DELETE \
-H "Authorization: Bearer $ACCESS_TOKEN" \
"https://<cluster_address>/idmgmt/identity/api/v1/account/<account_ID>/users/<user_ID>"
The response resembles the following code:
Empty
Status: 204 No Content
User management APIs
APIs to manage users.
Assign an account to a user
The sample curl command resembles the following code:
curl -k -X PATCH \
"https://<cluster_address>/idmgmt/identity/api/v1/users/<user_ID>" \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
-d '{
"activeAccountId": "<account_ID>",
"activeAccountName": "<account_name>"
}'
The response resembles the following code:
{
"userId": "mark",
"directoryId": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"firstName": "Mark",
"lastName": "",
"email": "mark@ibm.com",
"lastLogin": "",
"userBaseDN": "uid=mark,ou=people,dc=ibm,dc=com",
"type": "LDAP",
"activeAccountId": "15cc-c441",
"activeAccountName": "Coke Account"
}
Get accounts that are assigned to a user
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/users/<user_ID>/accounts"
The response resembles the following code:
[
{
"id": "9df7-d134",
"name": "Pepsi Account",
"description": "Description for Pepsi Account",
"createdOn": "2019-08-12T19:14:36.736Z"
},
{
"id": "15cc-c441",
"name": "Coke Account updated",
"description": "Description for Coke Account updated",
"createdOn": "2019-08-12T19:14:08.961Z",
"url": "/identity/api/v1/account/15cc-c441"
}
]
LDAP management APIs
APIs to manage LDAP connections.
Get LDAP connection information by using a query parameter
The sample curl command resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/identityprovider?filter%5Binclude%5D%5Bdirectories%5D"
Where, the query parameter is filter[include][directories]
.
The response resembles the following code:
[
{
"name": "Default Identity Provider",
"type": "OIDC",
"provider": {
"clientId": "bd5d397101707382666617643e616ac2",
"clientSecret": "df62cdbd3acc488d30a7708f793e3cef",
"scope": "openid+profile+email",
"endpointUrls": {
"token": "https://mycluster.icp:8443/idprovider/v1/auth/token",
"authorization": "https://mycluster.icp:8443/idprovider/v1/auth/authorize"
}
},
"id": "5d4f34271b2e11001383873a",
"directories": [
{
"id": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"LDAP_ID": "openldap",
"LDAP_REALM": "REALM",
"LDAP_HOST": "9.37.204.115",
"LDAP_PORT": "389",
"LDAP_IGNORECASE": "false",
"LDAP_BASEDN": "dc=ibm,dc=com",
"LDAP_BINDDN": "cn=admin,dc=ibm,dc=com",
"LDAP_TYPE": "Custom",
"LDAP_USERFILTER": "(&(uid=%v)(objectclass=person))",
"LDAP_GROUPFILTER": "(&(cn=%v)(objectclass=groupOfUniqueNames))",
"LDAP_USERIDMAP": "*:uid",
"LDAP_GROUPIDMAP": "*:cn",
"LDAP_GROUPMEMBERIDMAP": "groupOfUniqueNames:uniqueMember",
"LDAP_URL": "ldap://9.37.204.115:389",
"LDAP_PROTOCOL": "ldap"
}
]
}
]
Get LDAP connection information by using the LDAP ID
The response resembles the following code:
curl -k -X GET \
-H 'Accept: application/json' \
-H "Authorization: Bearer $ACCESS_TOKEN" \
-H 'Content-Type: application/json' \
"https://<cluster_address>/idmgmt/identity/api/v1/identityprovider/<identity_provider_ID>"
Where, <identity_provider_ID>
is the ID of the identity provider. To get the LDAP ID, see List LDAP connections.
The response resembles the following code:
[
{
"id": "56d1ed00-bd37-11e9-9764-7d8b6f7c8cce",
"LDAP_ID": "openldap",
"LDAP_REALM": "REALM",
"LDAP_HOST": "9.37.204.115",
"LDAP_PORT": "389",
"LDAP_IGNORECASE": "false",
"LDAP_BASEDN": "dc=ibm,dc=com",
"LDAP_BINDDN": "cn=admin,dc=ibm,dc=com",
"LDAP_TYPE": "Custom",
"LDAP_USERFILTER": "(&(uid=%v)(objectclass=person))",
"LDAP_GROUPFILTER": "(&(cn=%v)(objectclass=groupOfUniqueNames))",
"LDAP_USERIDMAP": "*:uid",
"LDAP_GROUPIDMAP": "*:cn",
"LDAP_GROUPMEMBERIDMAP": "groupOfUniqueNames:uniqueMember",
"LDAP_URL": "ldap://9.37.204.115:389",
"LDAP_PROTOCOL": "ldap"
}
]
{pre}