Authentication

POST /login

Start an OpsCenter session. A example using cURL is provided.

Returns a json object with a token for the session. This token can be passed as an opscenter-session header to authenticate future requests in the session. A cookie for the same purpose will also be set for clients that support them.

Example:

curl -X POST -d '{"username":"admin","password":"test"}' 'http://localhost:8888/login'

Output:

{"sessionid": "d6c5e198b9b5ffeab9fd8dea6fb012aa"}

Example with SSL:

curl -X POST -d '{"username":"admin","password":"admin"}' \
  -k --cert /var/lib/opscenter/ssl/opscenter.pem \
  --key /var/lib/opscenter/ssl/opscenter.key 'https://localhost:8443/login'

Output:

{"sessionid": "d6c5e198b9b5ffeab9fd8dea6fb012aa"}
GET /logout

End an OpsCenter session. A example using cURL is provided.

Example:

curl -X GET -H 'opscenter-session: 1948fa886a91a1905a29192cf209114d' 'http://localhost:8888/logout'

Output:

{}

User Administration Methods

GET /permissions/user

Get a map of permissions for the currently authenticated user.

Returns a json object with a mapping of permissions for every cluster.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' http://127.0.0.1:8888/permissions/user

Output:

{"Test_Cluster": {"View Cluster": true}}
GET /permissions/roles

Get a list of all roles in opscenter (requires permissions).

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' http://127.0.0.1:8888/permissions/roles

Output:

{"roles": ["user"]}
GET /permissions/roles/{role_id}

Get all permissions for a specific role.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' http://127.0.0.1:8888/permissions/roles/test_role

Output:

{"Test_Cluster": {"View Cluster": true}
PUT /permissions/roles/{role_id}

Update all permissions for a specific role.

No output.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'Accept: application/json' -H 'opscenter-session: 12345ABC' \
  -X PUT -d '{"Test_Cluster": {"View Cluster": true}}' http://127.0.0.1:8888/permissions/roles/test_role
POST /permissions/roles/{role_id}

Create permissions for a specific role.

No output.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' -H 'Accept: application/json' \
  -X POST -d '{"Test_Cluster": {"View Cluster": true}}' http://127.0.0.1:8888/permissions/roles/test_role
DELETE /permissions/roles/{role_id}

Delete all permissions for a specific role.

No output.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' \
  -X DELETE http://127.0.0.1:8888/permissions/roles/test_role
GET /users

Get the list of all users.

Example:

Note: The value for opscenter-session comes from the /login method. Also in addition to the roles property, the role property will be present in the response if the given user has 0 or 1 roles for backwards compatibility. The role property will be removed in future versions of OpsCenter.

curl -H 'opscenter-session: 12345ABC' http://127.0.0.1:8888/users

Output:

[
    {
        "roles": ["power_user"],
        "username": "testuser"
    }
]
GET /users/{username}

Gets the role of a user.

Returns username/role.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' http://127.0.0.1:8888/users/testuser

Output:

{"username": "testuser", "role": "power_user", "roles": ["power_user"]}
POST /users/{username}

Creates a new user, accepts a json map with password and role.

No Output.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' \
  -H 'Accept: application/json' \
  -d '{"password": "test", "role": "test_role"}' \
  -X POST http://127.0.0.1:8888/users/testuser
PUT /users/{username}

Updates an existing user, accepts a json map with a password, a role, or both.

Users can update their own password - they must supply the additional “old_password” param which must match their current password. Users can update their own role only if they are an admin user.

No Output.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -H 'opscenter-session: 12345ABC' \
  -H 'Accept: application/json' \
  -d '{"password": "test", "old_password": "changeme" }' \
  -X PUT http://127.0.0.1:8888/users/testuser
curl -H 'opscenter-session: 12345ABC' \
  -H 'Accept: application/json' \
  -d '{"password": "test", "role": "test_role"}' \
  -X PUT http://127.0.0.1:8888/users/otheruser
DELETE /users/{username}

Deletes an existing user

No Output.

Example:

Note: The value for opscenter-session comes from the /login method.

curl -X DELETE -H 'opscenter-session: 12345ABC' http://127.0.0.1:8888/users/testuser