DX NetOps

 View Only
Expand all | Collapse all

How to create users in Spectrum using RESTful API?

  • 1.  How to create users in Spectrum using RESTful API?

    Posted Apr 28, 2016 02:55 PM

    We're migrating our Spectrum platform from 9.4.3 to 10.1.1 and we want to gather all users from the old platform and to create them in the new one, so we're thinkg about creating a PAM process to do so using REST.

    There's nothing in the documentation about creating users using rest, but models. In case we could create models (representing users), how do we get the relations among users and groups?



  • 2.  Re: How to create users in Spectrum using RESTful API?
    Best Answer

    Posted Apr 28, 2016 03:08 PM

    1.)  Create the Group with /spectrum/restful/model, using mtypeid=0x1040a (UserGroup)

    2.)  Create the User with /spectrum/restful/model, using mtypeid=0x10004 (User)

    3.)  Associate the User with the UserGroup with /spectrum/restful/associations, using relation handle 0x10022 (Has_Member), and providing the User and UserGroup Model_Handle's returned from the above two calls

     

     

    When reverse engineering things like this, I find it's helpful to first do it within the OneClick UI, and then to use the vnmsh "show associations" command to see how it's meant to look.  And then just trying to piece it together and reproduce it using the API calls.  Trial and error gets it done.  :-)

     

    "show relations" is also a good way to find the relation handles (since most are not documented anywhere).



  • 3.  Re: How to create users in Spectrum using RESTful API?

    Posted Apr 28, 2016 03:26 PM

    Thank you!



  • 4.  Re: How to create users in Spectrum using RESTful API?

    Posted Apr 28, 2016 03:45 PM

    You're welcome.

     

    One more tip:

     

    If you have a DSS, run the first two API calls for every landscapeid in your environment.  Without doing this, you may find a User is created in the Master Landscape but not in the rest, and thus won't have access to those other Landscapes.  The association call, however, only needs to be run once using the Master Model Handle's for the User and UesrGroup.



  • 5.  Re: How to create users in Spectrum using RESTful API?

    Posted May 27, 2016 03:42 PM

    Hi Justin,

    How are the passwords assigned? Should I sent them in the URL as clear text or shall I send it as if it were an OID as you may see in the Security_Password (0x11f9a) attribute's value?



  • 6.  Re: How to create users in Spectrum using RESTful API?

    Posted May 27, 2016 03:48 PM

    That's a good question.  We're leveraging LDAP integration, so I never had to be concerned with storing passwords.

     

    I would first try clear-text just to see if it works, and if that fails to then try creating the Octet String.  I have a feeling it'll be the latter, but the clear-text is worth a try.



  • 7.  Re: How to create users in Spectrum using RESTful API?

    Posted Feb 03, 2017 06:57 AM

    Justin, would you mind sharing the exact call you do for each step?

     

    We're trying with this and similar syntax

    /spectrum/restful/model?mtypeid=0x10004&attr=0x1006e&val=test71User

     

    but always get a VALUE_INVALID error message.

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?><create-model-response xmlns="http://www.ca.com/spectrum/restful/schema/response" error="Failure" error-message="SPC-OCC-11813: Error creating the model in landscape spxx: VALUE_INVALID."/>



  • 8.  RE: Re: How to create users in Spectrum using RESTful API?

    Broadcom Employee
    Posted Aug 29, 2019 08:55 AM
    HI Robert,

    Please use single quotes for the URL, it will work fine.

    curl -X POST -H 'Content-type: application/xml' -u spectrum:spectrum 'http://<host>:<port>/spectrum/restful/model?mtypeid=0x10004&attr=0x1006e&val=testUser'

    Thanks.


  • 9.  RE: How to create users in Spectrum using RESTful API?

    Broadcom Employee
    Posted Sep 04, 2019 11:37 AM
    Hi all,

    another way to migrate data ( topology, devices, users, etc ) is by using Modelling Gateway toolkit.
    Fully documented here: https://docops.ca.com/ca-spectrum/9-4-1-to-9-4-4/en/customizing/modeling-gateway-toolkit/export-topology-data-from-ca-spectrum/

    Regards

    ------------------------------
    David Collantes
    Customer Success Architect | Enterprise Software Division
    BROADCOM
    ------------------------------



  • 10.  RE: How to create users in Spectrum using RESTful API?

    Broadcom Employee
    Posted Sep 05, 2019 10:13 AM
    This may help. Here is a KB on some examples of Spectrum user management via REST

    https://ca-broadcomcsm.wolkenservicedesk.com/wolken/esd/knowledgebase_search?articleId=116305

    ------------------------------
    Senior Support Engineer
    Broadcom
    ------------------------------



  • 11.  RE: How to create users in Spectrum using RESTful API?

    Posted Aug 10, 2021 02:04 PM
    Jason,
      can you open access to this KB doc?


  • 12.  RE: How to create users in Spectrum using RESTful API?

    Broadcom Employee
    Posted Aug 11, 2021 12:09 PM

    The following are some Restful examples for managing Spectrum Users. Using a RESTful client, connect to the OneClick server as per the following URLs.

     

    Create a user by issuing the following as a POST request: 

         http://<OC_HOST:OC_PORT>/spectrum/restful/model?landscapeid=<ls_handle>&mtypeid=0x10004&attr=0x1006e&val=<username> 

     

    Delete the user using a DELETE request: 

         http://<OC_HOST:OC_PORT>/spectrum/restful/model/<user_model_handle> 

     

    Associate user with a role using a POST request: 

         http://<OC_HOST:OC_PORT>/spectrum/restful/associations/relation/0x10031/leftmodel/<user_role_handle>/rightmodel/<user_model_handle> 

     

    where 0x10031 = user role association 


    Use Spectrum CLI to obtain the User_Role_handles:

    cd /vnmsh
    ./connect
    ./show models | grep -i LicenseRole

    User_role_handle is shown in left column:

    User roles: 

         0x100016 Operator        0x10453 LicenseRole 

         0x100015 Administrator   0x10453 LicenseRole 

         0x100012 Service Manager 0x10453 LicenseRole 

     

    Create user Group: 

         http://OC_HOST:OC_PORT>/spectrum/restful/model?landscapeid=<ls_handle>&mtypeid=0x1040a&attr=0x1006e&val=<groupname> 

     

    Associate user with group: 

         http://<OC_HOST:OC_PORT>/spectrum/restful/associations/relation/0x10022/leftmodel/<group_handle>/rightmodel/<user_model_handle> 

     

    where 0x10022 = Has_Member association 

     

    Get user role: 

         http://<OC_HOST:OC_PORT>/spectrum/restful/associations/relation/0x00010031/model/<user_model_handle>?side=right 

     

    Get list of users model handles: 

    POST request http://localhost/spectrum/restful/models with the following XML POST body will get you the list of users. 

     

    <?xml version="1.0" encoding="UTF-8"?> 

    <rs:model-request throttlesize="5" 

    xmlns:rs="http://www.ca.com/spectrum/restful/schema/request

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance

    xsi:schemaLocation="http://www.ca.com/spectrum/restful/schema/request ../../../xsd/Request.xsd "> 

    <rs:target-models> 

     <rs:models-search> 

      <rs:search-criteria xmlns="http://www.ca.com/spectrum/restful/schema/filter"> 

       <filtered-models> 

          <equals> 

               <attribute id="AttributeID.MTYPE_HANDLE"> 

                     <value>0x10004</value> <!-- USER --> 

               </attribute> 

          </equals> 

       </filtered-models> 

      </rs:search-criteria> 

     </rs:models-search> 

    </rs:target-models> 

    </rs:model-request>




  • 13.  RE: How to create users in Spectrum using RESTful API?

    Posted Aug 24, 2021 11:38 AM
    How to pass a password for the user ? As a default it picks user name as password .