Page History
| Table of Contents |
|---|
Introduction
A number of users wish to create JS7 - Identity Services, populate accounts and to JS7 - Manage Roles and Permissions automatically from individual sources such as a database.
- The JS7 - REST Web Service API allows to perform the same operations to manage Identity Services and related objects as offered from the JOC Cockpit GUI.
- The JS7 - PowerShell Module offers simplified access to the REST Web Service API for scripting purposes.
- The PowerShell examples when executed might prove to be instructive for logging of REST API calls when used with the
-debugoption.
- The PowerShell examples when executed might prove to be instructive for logging of REST API calls when used with the
Documentation
The REST Web Service API provides the functionality to automate JS7 operation.
To add the REST Web Service API calls in your preferred language or to use the PowerShell cmdlets
- find the Technical Documentation of the REST Web Service API
find the documentation for PowerShell CLI 2.0 - Cmdlets - Identity Management
Examples
The following examples makes use of the JS7 PowerShell Module to manage Identity Services, accounts, roles, folders and permissions:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
#!/usr/bin/env pwsh
# Parameterization
$Url = "http://localhost:4446"
$ControllerId = "controller"
$TestCaseService = "TestCase_Service"
$TestCaseAccount = "TestCase_User"
$TestCaseRoleApplicationManager = "TestCase_Application_Manager"
$TestCaseRoleIncidentManager = "TestCase_Incident_Manager"
$TestCaseFolder = "/TestCase_Folder"
$TestCasePermissions = @(
"sos:products:controller:view",
"sos:products:controller:agents:view",
"sos:products:controller:deployment:manage",
"sos:products:controller:locks:view",
"sos:products:controller:workflows:view",
"sos:products:controller:orders:view",
"sos:products:controller:deployment:deploy"
)
# Connection
Import-Module JS7
Connect-JS7 -Url $Url -Id $ControllerId | Out-Null
# ----- Create Identity Service, Roles, Folders, Permissions, Accounts -----
# create Identity Service for use with password authentication as a single factor
$service = Set-JS7IAMService -Service $TestCaseService -Type 'JOC' -SingleFactorPassword
# create roles
Set-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager
Set-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleIncidentManager
# limit role to JOC Cockpit inventory folder
Set-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -Folder $TestCaseFolder -Recursive -ControllerId $ControllerId
# add permissions to roles
Set-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleApplicationManager -Permission $TestCasePermissions -ControllerId $ControllerId
Set-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleIncidentManager -Permission $TestCasePermissions -ControllerId $ControllerId
# add account
Set-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount -Role $TestCaseRoleApplicationManager,$TestCaseRoleIncidentManager
# ----- Read Identity Service, Roles, Folders, Permissions, Accounts -----
$service = Get-JS7IAMService -Service $TestCaseService
# read role, assigned folders and permissions
$role = Get-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager
$folders = Get-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId
$rolePermissions = Get-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId
# read account and permissions from any roles assigned the account
$account = Get-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount
$accountPermissions = Get-JS7IAMAccountPermission -Service $TestCaseService -Account $TestCaseAccount
# ---- Manage Accounts -----
# force change of password with next login
Invoke-JS7IAMForcePasswordChange -Service $TestCaseService -Account $TestCaseAccount
# reset to initial password
Invoke-JS7IAMResetPassword -Service $TestCaseService -Account $TestCaseAccount
# disable/enable login for the account
Disable-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount
Enable-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount
Rename-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount -NewAccount "$($TestCaseAccount)2"
Rename-JS7IAMAccount -Service $TestCaseService -Account "$($TestCaseAccount)2" -NewAccount $TestCaseAccount
# ---- Manage Identity Service, Roles, Folders -----
Rename-JS7IAMService -Service $TestCaseService -NewService "$($TestCaseService)2"
Rename-JS7IAMService -Service "$($TestCaseService)2" -NewService $TestCaseService
Rename-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager -NewRole "$($TestCaseRoleApplicationManager)2"
Rename-JS7IAMRole -Service $TestCaseService -Role "$($TestCaseRoleApplicationManager)2" -NewRole $TestCaseRoleApplicationManager
Rename-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId -Folder $TestCaseFolder -NewFolder "$($TestCaseFolder)2"
Rename-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId -Folder "$($TestCaseFolder)2" -NewFolder $TestCaseFolder
# ----- Remove Identity Service, Accounts, Roles, Folders, Permissions ---
# remove account
Remove-JS7IAMAccount -Service $TestCaseService -Account $TestCaseAccount
# remove permissions from role
Get-JS7IAMPermission -Service $TestCaseService -Role $TestCaseRoleApplicationManager -ControllerId $ControllerId | Remove-JS7IAMPermission
# remove folder from role
Remove-JS7IAMFolder -Service $TestCaseService -Role $TestCaseRoleApplicationManager -Folder $TestCaseFolder
# remove roles and any included folders and permissions
Remove-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleApplicationManager
Remove-JS7IAMRole -Service $TestCaseService -Role $TestCaseRoleIncidentManager
# remove Identity Service and any included accounts, roles, folders and permissions
Remove-JS7IAMService -Service $TestCaseService
# Connection
Disconnect-JS7 |
Explanation:
- Line 1: A shebang is used to invoke PowerShell on Unix platforms. For Windows platforms replace this line with:
@@findstr/v"^@@f.*&""%~f0"|pwsh.exe -&goto:eof- Optionally adjust
pwsh.exebypowershell.exeor similar to locate the PowerShell interpreter.
- Line 5: The URL to JOC Cockpit is specified. This is the same URL as used from a user browser to access JOC Cockpit.
- Line 6: The Controller ID is specified during setup of a Controller. Find the Controller ID in the right upper corner of any JOC Cockpit page.
Overview
Content Tools