Introduction
A number of users wish to create JS7 - Identity Services, populate accounts and to JS7 - Manage Roles and Permissions automatically from individual sources such as a database.
- The JS7 - REST Web Service API allows the same operations for managing Identity Services to be performed as are available in the JOC Cockpit GUI.
- The JS7 - PowerShell Module allows simplified access to the REST Web Service API for scripting purposes.
- Executing the PowerShell examples provided here might prove to be instructive for logging REST API calls when used with the
-debug
option.
- Executing the PowerShell examples provided here might prove to be instructive for logging REST API calls when used with the
Documentation
The REST Web Service API can be used to automate operation of JS7.
To add REST Web Service API calls in your preferred language or use the PowerShell cmdlets, refer to:
- the Technical Documentation of the REST Web Service API
the documentation for PowerShell CLI 2.0 - Cmdlets - Identity Management
Examples
The following examples use the JS7 PowerShell Module to manage Identity Services, accounts, roles, folders and permissions:
Example for use of PowerShell cmdlets
#!/usr/bin/env pwsh # Parameterization $Url = "http://localhost:4446" $ControllerId = "controller" $TestCaseService = "TestCase_Service" $TestCaseAccount = "TestCase_User" $TestCaseRoleApplicationManager = "TestCase_Application_Manager" $TestCaseRoleIncidentManager = "TestCase_Incident_Manager" $TestCaseFolder = "/TestCase_Folder" $TestCasePermissions = @( "sos:products:controller:view", "sos:products:controller:agents:view", "sos:products:controller:deployment:manage", "sos:products:controller:locks:view", "sos:products:controller:workflows:view", "sos:products:controller:orders:view", "sos:products:controller:deployment:deploy" ) # Connection Import-Module JS7 Connect-JS7 -Url $Url -Id $ControllerId | Out-Null # ----- Create Identity Service, Roles, Folders, Permissions, Accounts ----- # create Identity Service for use with password authentication as a single factor $service = Set-JS7IAMService -Service $TestCaseService -Type 'JOC' -SingleFactorPassword # create roles Set-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager Set-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleIncidentManager # limit role to JOC Cockpit inventory folder Set-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -Folder $TestCaseFolder -Recursive -ControllerId $ControllerId # add permissions to roles Set-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleApplicationManager -Permission $TestCasePermissions -ControllerId $ControllerId Set-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleIncidentManager -Permission $TestCasePermissions -ControllerId $ControllerId # add account Set-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount -Role $TestCaseRoleApplicationManager,$TestCaseRoleIncidentManager # ----- Read Identity Service, Roles, Folders, Permissions, Accounts ----- $service = Get-JS7IAMService -Service $TestCaseService # read role, assigned folders and permissions $role = Get-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager $folders = Get-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId $rolePermissions = Get-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId # read account and permissions from any roles assigned the account $account = Get-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount $accountPermissions = Get-JS7IAMAccountPermission -Service $TestCaseService -Account $TestCaseAccount # ---- Manage Accounts ----- # force change of password with next login Invoke-JS7IAMForcePasswordChange -Service $TestCaseService -Account $TestCaseAccount # reset to initial password Invoke-JS7IAMResetPassword -Service $TestCaseService -Account $TestCaseAccount # disable/enable login for the account Disable-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount Enable-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount Rename-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount -NewAccount "$($TestCaseAccount)2" Rename-JS7IAMAccount -Service $TestCaseService -Account "$($TestCaseAccount)2" -NewAccount $TestCaseAccount # ---- Manage Identity Service, Roles, Folders ----- Rename-JS7IAMService -Service $TestCaseService -NewService "$($TestCaseService)2" Rename-JS7IAMService -Service "$($TestCaseService)2" -NewService $TestCaseService Rename-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager -NewRole "$($TestCaseRoleApplicationManager)2" Rename-JS7IAMRole -Service $TestCaseService -Role "$($TestCaseRoleApplicationManager)2" -NewRole $TestCaseRoleApplicationManager Rename-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId -Folder $TestCaseFolder -NewFolder "$($TestCaseFolder)2" Rename-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId -Folder "$($TestCaseFolder)2" -NewFolder $TestCaseFolder # ----- Remove Identity Service, Accounts, Roles, Folders, Permissions --- # remove account Remove-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount # remove permissions from role Get-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId | Remove-JS7IAMPermission # remove folder from role Remove-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -Folder $TestCaseFolder # remove roles and any included folders and permissions Remove-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager Remove-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleIncidentManager # remove Identity Service and any included accounts, roles, folders and permissions Remove-JS7IAMService -Service $TestCaseService # Connection Disconnect-JS7
Explanation:
- Line 1: A shebang is used to invoke PowerShell on Unix platforms. For Windows platforms replace this line with:
@@findstr
/v
"^@@f.*&"
"%~f0"
|pwsh.exe -&goto:eof
- Optionally adjust
pwsh.exe
bypowershell.exe
or similar to locate the PowerShell interpreter.
- Line 5: The URL to JOC Cockpit is specified. This is the same URL as used from a client browser to access JOC Cockpit.
- Line 6: The Controller ID is specified during setup of a Controller. The Controller ID can be found in the upper right hand corner of any JOC Cockpit page.
Overview
Content Tools