/
api_policy_group_associations.go
680 lines (572 loc) · 37.7 KB
/
api_policy_group_associations.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
/*
JumpCloud API
# Overview JumpCloud's V2 API. This set of endpoints allows JumpCloud customers to manage objects, groupings and mappings and interact with the JumpCloud Graph. ## API Best Practices Read the linked Help Article below for guidance on retrying failed requests to JumpCloud's REST API, as well as best practices for structuring subsequent retry requests. Customizing retry mechanisms based on these recommendations will increase the reliability and dependability of your API calls. Covered topics include: 1. Important Considerations 2. Supported HTTP Request Methods 3. Response codes 4. API Key rotation 5. Paginating 6. Error handling 7. Retry rates [JumpCloud Help Center - API Best Practices](https://support.jumpcloud.com/support/s/article/JumpCloud-API-Best-Practices) # Directory Objects This API offers the ability to interact with some of our core features; otherwise known as Directory Objects. The Directory Objects are: * Commands * Policies * Policy Groups * Applications * Systems * Users * User Groups * System Groups * Radius Servers * Directories: Office 365, LDAP,G-Suite, Active Directory * Duo accounts and applications. The Directory Object is an important concept to understand in order to successfully use JumpCloud API. ## JumpCloud Graph We've also introduced the concept of the JumpCloud Graph along with Directory Objects. The Graph is a powerful aspect of our platform which will enable you to associate objects with each other, or establish membership for certain objects to become members of other objects. Specific `GET` endpoints will allow you to traverse the JumpCloud Graph to return all indirect and directly bound objects in your organization. | ![alt text](https://s3.amazonaws.com/jumpcloud-kb/Knowledge+Base+Photos/API+Docs/jumpcloud_graph.png \"JumpCloud Graph Model Example\") | |:--:| | **This diagram highlights our association and membership model as it relates to Directory Objects.** | # API Key ## Access Your API Key To locate your API Key: 1. Log into the [JumpCloud Admin Console](https://console.jumpcloud.com/). 2. Go to the username drop down located in the top-right of the Console. 3. Retrieve your API key from API Settings. ## API Key Considerations This API key is associated to the currently logged in administrator. Other admins will have different API keys. **WARNING** Please keep this API key secret, as it grants full access to any data accessible via your JumpCloud console account. You can also reset your API key in the same location in the JumpCloud Admin Console. ## Recycling or Resetting Your API Key In order to revoke access with the current API key, simply reset your API key. This will render all calls using the previous API key inaccessible. Your API key will be passed in as a header with the header name \"x-api-key\". ```bash curl -H \"x-api-key: [YOUR_API_KEY_HERE]\" \"https://console.jumpcloud.com/api/v2/systemgroups\" ``` # System Context * [Introduction](#introduction) * [Supported endpoints](#supported-endpoints) * [Response codes](#response-codes) * [Authentication](#authentication) * [Additional examples](#additional-examples) * [Third party](#third-party) ## Introduction JumpCloud System Context Authorization is an alternative way to authenticate with a subset of JumpCloud's REST APIs. Using this method, a system can manage its information and resource associations, allowing modern auto provisioning environments to scale as needed. **Notes:** * The following documentation applies to Linux Operating Systems only. * Systems that have been automatically enrolled using Apple's Device Enrollment Program (DEP) or systems enrolled using the User Portal install are not eligible to use the System Context API to prevent unauthorized access to system groups and resources. If a script that utilizes the System Context API is invoked on a system enrolled in this way, it will display an error. ## Supported Endpoints JumpCloud System Context Authorization can be used in conjunction with Systems endpoints found in the V1 API and certain System Group endpoints found in the v2 API. * A system may fetch, alter, and delete metadata about itself, including manipulating a system's Group and Systemuser associations, * `/api/systems/{system_id}` | [`GET`](https://docs.jumpcloud.com/api/1.0/index.html#operation/systems_get) [`PUT`](https://docs.jumpcloud.com/api/1.0/index.html#operation/systems_put) * A system may delete itself from your JumpCloud organization * `/api/systems/{system_id}` | [`DELETE`](https://docs.jumpcloud.com/api/1.0/index.html#operation/systems_delete) * A system may fetch its direct resource associations under v2 (Groups) * `/api/v2/systems/{system_id}/memberof` | [`GET`](https://docs.jumpcloud.com/api/2.0/index.html#operation/graph_systemGroupMembership) * `/api/v2/systems/{system_id}/associations` | [`GET`](https://docs.jumpcloud.com/api/2.0/index.html#operation/graph_systemAssociationsList) * `/api/v2/systems/{system_id}/users` | [`GET`](https://docs.jumpcloud.com/api/2.0/index.html#operation/graph_systemTraverseUser) * A system may alter its direct resource associations under v2 (Groups) * `/api/v2/systems/{system_id}/associations` | [`POST`](https://docs.jumpcloud.com/api/2.0/index.html#operation/graph_systemAssociationsPost) * A system may alter its System Group associations * `/api/v2/systemgroups/{group_id}/members` | [`POST`](https://docs.jumpcloud.com/api/2.0/index.html#operation/graph_systemGroupMembersPost) * _NOTE_ If a system attempts to alter the system group membership of a different system the request will be rejected ## Response Codes If endpoints other than those described above are called using the System Context API, the server will return a `401` response. ## Authentication To allow for secure access to our APIs, you must authenticate each API request. JumpCloud System Context Authorization uses [HTTP Signatures](https://tools.ietf.org/html/draft-cavage-http-signatures-00) to authenticate API requests. The HTTP Signatures sent with each request are similar to the signatures used by the Amazon Web Services REST API. To help with the request-signing process, we have provided an [example bash script](https://github.com/TheJumpCloud/SystemContextAPI/blob/master/examples/shell/SigningExample.sh). This example API request simply requests the entire system record. You must be root, or have permissions to access the contents of the `/opt/jc` directory to generate a signature. Here is a breakdown of the example script with explanations. First, the script extracts the systemKey from the JSON formatted `/opt/jc/jcagent.conf` file. ```bash #!/bin/bash conf=\"`cat /opt/jc/jcagent.conf`\" regex=\"systemKey\\\":\\\"(\\w+)\\\"\" if [[ $conf =~ $regex ]] ; then systemKey=\"${BASH_REMATCH[1]}\" fi ``` Then, the script retrieves the current date in the correct format. ```bash now=`date -u \"+%a, %d %h %Y %H:%M:%S GMT\"`; ``` Next, we build a signing string to demonstrate the expected signature format. The signed string must consist of the [request-line](https://tools.ietf.org/html/rfc2616#page-35) and the date header, separated by a newline character. ```bash signstr=\"GET /api/systems/${systemKey} HTTP/1.1\\ndate: ${now}\" ``` The next step is to calculate and apply the signature. This is a two-step process: 1. Create a signature from the signing string using the JumpCloud Agent private key: ``printf \"$signstr\" | openssl dgst -sha256 -sign /opt/jc/client.key`` 2. Then Base64-encode the signature string and trim off the newline characters: ``| openssl enc -e -a | tr -d '\\n'`` The combined steps above result in: ```bash signature=`printf \"$signstr\" | openssl dgst -sha256 -sign /opt/jc/client.key | openssl enc -e -a | tr -d '\\n'` ; ``` Finally, we make sure the API call sending the signature has the same Authorization and Date header values, HTTP method, and URL that were used in the signing string. ```bash curl -iq \\ -H \"Accept: application/json\" \\ -H \"Content-Type: application/json\" \\ -H \"Date: ${now}\" \\ -H \"Authorization: Signature keyId=\\\"system/${systemKey}\\\",headers=\\\"request-line date\\\",algorithm=\\\"rsa-sha256\\\",signature=\\\"${signature}\\\"\" \\ --url https://console.jumpcloud.com/api/systems/${systemKey} ``` ### Input Data All PUT and POST methods should use the HTTP Content-Type header with a value of 'application/json'. PUT methods are used for updating a record. POST methods are used to create a record. The following example demonstrates how to update the `displayName` of the system. ```bash signstr=\"PUT /api/systems/${systemKey} HTTP/1.1\\ndate: ${now}\" signature=`printf \"$signstr\" | openssl dgst -sha256 -sign /opt/jc/client.key | openssl enc -e -a | tr -d '\\n'` ; curl -iq \\ -d \"{\\\"displayName\\\" : \\\"updated-system-name-1\\\"}\" \\ -X \"PUT\" \\ -H \"Content-Type: application/json\" \\ -H \"Accept: application/json\" \\ -H \"Date: ${now}\" \\ -H \"Authorization: Signature keyId=\\\"system/${systemKey}\\\",headers=\\\"request-line date\\\",algorithm=\\\"rsa-sha256\\\",signature=\\\"${signature}\\\"\" \\ --url https://console.jumpcloud.com/api/systems/${systemKey} ``` ### Output Data All results will be formatted as JSON. Here is an abbreviated example of response output: ```json { \"_id\": \"525ee96f52e144993e000015\", \"agentServer\": \"lappy386\", \"agentVersion\": \"0.9.42\", \"arch\": \"x86_64\", \"connectionKey\": \"127.0.0.1_51812\", \"displayName\": \"ubuntu-1204\", \"firstContact\": \"2013-10-16T19:30:55.611Z\", \"hostname\": \"ubuntu-1204\" ... ``` ## Additional Examples ### Signing Authentication Example This example demonstrates how to make an authenticated request to fetch the JumpCloud record for this system. [SigningExample.sh](https://github.com/TheJumpCloud/SystemContextAPI/blob/master/examples/shell/SigningExample.sh) ### Shutdown Hook This example demonstrates how to make an authenticated request on system shutdown. Using an init.d script registered at run level 0, you can call the System Context API as the system is shutting down. [Instance-shutdown-initd](https://github.com/TheJumpCloud/SystemContextAPI/blob/master/examples/instance-shutdown-initd) is an example of an init.d script that only runs at system shutdown. After customizing the [instance-shutdown-initd](https://github.com/TheJumpCloud/SystemContextAPI/blob/master/examples/instance-shutdown-initd) script, you should install it on the system(s) running the JumpCloud agent. 1. Copy the modified [instance-shutdown-initd](https://github.com/TheJumpCloud/SystemContextAPI/blob/master/examples/instance-shutdown-initd) to `/etc/init.d/instance-shutdown`. 2. On Ubuntu systems, run `update-rc.d instance-shutdown defaults`. On RedHat/CentOS systems, run `chkconfig --add instance-shutdown`. ## Third Party ### Chef Cookbooks [https://github.com/nshenry03/jumpcloud](https://github.com/nshenry03/jumpcloud) [https://github.com/cjs226/jumpcloud](https://github.com/cjs226/jumpcloud) # Multi-Tenant Portal Headers Multi-Tenant Organization API Headers are available for JumpCloud Admins to use when making API requests from Organizations that have multiple managed organizations. The `x-org-id` is a required header for all multi-tenant admins when making API requests to JumpCloud. This header will define to which organization you would like to make the request. **NOTE** Single Tenant Admins do not need to provide this header when making an API request. ## Header Value `x-org-id` ## API Response Codes * `400` Malformed ID. * `400` x-org-id and Organization path ID do not match. * `401` ID not included for multi-tenant admin * `403` ID included on unsupported route. * `404` Organization ID Not Found. ```bash curl -X GET https://console.jumpcloud.com/api/v2/directories \\ -H 'accept: application/json' \\ -H 'content-type: application/json' \\ -H 'x-api-key: {API_KEY}' \\ -H 'x-org-id: {ORG_ID}' ``` ## To Obtain an Individual Organization ID via the UI As a prerequisite, your Primary Organization will need to be setup for Multi-Tenancy. This provides access to the Multi-Tenant Organization Admin Portal. 1. Log into JumpCloud [Admin Console](https://console.jumpcloud.com). If you are a multi-tenant Admin, you will automatically be routed to the Multi-Tenant Admin Portal. 2. From the Multi-Tenant Portal's primary navigation bar, select the Organization you'd like to access. 3. You will automatically be routed to that Organization's Admin Console. 4. Go to Settings in the sub-tenant's primary navigation. 5. You can obtain your Organization ID below your Organization's Contact Information on the Settings page. ## To Obtain All Organization IDs via the API * You can make an API request to this endpoint using the API key of your Primary Organization. `https://console.jumpcloud.com/api/organizations/` This will return all your managed organizations. ```bash curl -X GET \\ https://console.jumpcloud.com/api/organizations/ \\ -H 'Accept: application/json' \\ -H 'Content-Type: application/json' \\ -H 'x-api-key: {API_KEY}' ``` # SDKs You can find language specific SDKs that can help you kickstart your Integration with JumpCloud in the following GitHub repositories: * [Python](https://github.com/TheJumpCloud/jcapi-python) * [Go](https://github.com/TheJumpCloud/jcapi-go) * [Ruby](https://github.com/TheJumpCloud/jcapi-ruby) * [Java](https://github.com/TheJumpCloud/jcapi-java)
API version: 2.0
Contact: support@jumpcloud.com
*/
// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
package jcapi2
import (
"bytes"
"context"
"io"
"net/http"
"net/url"
"strings"
)
// PolicyGroupAssociationsApiService PolicyGroupAssociationsApi service
type PolicyGroupAssociationsApiService service
type PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest struct {
ctx context.Context
ApiService *PolicyGroupAssociationsApiService
groupId string
targets *[]string
limit *int32
skip *int32
xOrgId *string
}
// Targets which a \"policy_group\" can be associated to.
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest) Targets(targets []string) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest {
r.targets = &targets
return r
}
// The number of records to return at once. Limited to 100.
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest) Limit(limit int32) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest {
r.limit = &limit
return r
}
// The offset into the records to return.
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest) Skip(skip int32) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest {
r.skip = &skip
return r
}
// Organization identifier that can be obtained from console settings.
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest) XOrgId(xOrgId string) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest {
r.xOrgId = &xOrgId
return r
}
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest) Execute() ([]GraphConnection, *http.Response, error) {
return r.ApiService.GraphPolicyGroupAssociationsListExecute(r)
}
/*
GraphPolicyGroupAssociationsList List the associations of a Policy Group.
This endpoint returns the _direct_ associations of this Policy Group.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Policy Groups and Policies.
#### Sample Request
```
curl -X GET https://console.jumpcloud.com/api/v2/policygroups/{GroupID}/associations?targets=system \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}'
```
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId ObjectID of the Policy Group.
@return PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest
*/
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupAssociationsList(ctx context.Context, groupId string) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest {
return PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest{
ApiService: a,
ctx: ctx,
groupId: groupId,
}
}
// Execute executes the request
// @return []GraphConnection
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupAssociationsListExecute(r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsListRequest) ([]GraphConnection, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
formFiles []formFile
localVarReturnValue []GraphConnection
)
localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyGroupAssociationsApiService.GraphPolicyGroupAssociationsList")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/policygroups/{group_id}/associations"
localVarPath = strings.Replace(localVarPath, "{"+"group_id"+"}", url.PathEscape(parameterValueToString(r.groupId, "groupId")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
localVarFormParams := url.Values{}
if r.targets == nil {
return localVarReturnValue, nil, reportError("targets is required and must be specified")
}
parameterAddToHeaderOrQuery(localVarQueryParams, "targets", r.targets, "csv")
if r.limit != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "limit", r.limit, "")
}
if r.skip != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "skip", r.skip, "")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
// set Content-Type header
localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
if localVarHTTPContentType != "" {
localVarHeaderParams["Content-Type"] = localVarHTTPContentType
}
// to determine the Accept header
localVarHTTPHeaderAccepts := []string{"application/json"}
// set Accept header
localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
if localVarHTTPHeaderAccept != "" {
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.xOrgId != nil {
parameterAddToHeaderOrQuery(localVarHeaderParams, "x-org-id", r.xOrgId, "")
}
if r.ctx != nil {
// API Key Authentication
if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
if apiKey, ok := auth["x-api-key"]; ok {
var key string
if apiKey.Prefix != "" {
key = apiKey.Prefix + " " + apiKey.Key
} else {
key = apiKey.Key
}
localVarHeaderParams["x-api-key"] = key
}
}
}
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
return localVarReturnValue, nil, err
}
localVarHTTPResponse, err := a.client.callAPI(req)
if err != nil || localVarHTTPResponse == nil {
return localVarReturnValue, localVarHTTPResponse, err
}
localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
if localVarHTTPResponse.StatusCode >= 300 {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: localVarHTTPResponse.Status,
}
return localVarReturnValue, localVarHTTPResponse, newErr
}
err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
if err != nil {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: err.Error(),
}
return localVarReturnValue, localVarHTTPResponse, newErr
}
return localVarReturnValue, localVarHTTPResponse, nil
}
type PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest struct {
ctx context.Context
ApiService *PolicyGroupAssociationsApiService
groupId string
xOrgId *string
body *GraphOperationPolicyGroup
}
// Organization identifier that can be obtained from console settings.
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest) XOrgId(xOrgId string) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest {
r.xOrgId = &xOrgId
return r
}
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest) Body(body GraphOperationPolicyGroup) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest {
r.body = &body
return r
}
func (r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest) Execute() (*http.Response, error) {
return r.ApiService.GraphPolicyGroupAssociationsPostExecute(r)
}
/*
GraphPolicyGroupAssociationsPost Manage the associations of a Policy Group
This endpoint manages the _direct_ associations of this Policy Group.
A direct association can be a non-homogeneous relationship between 2 different objects, for example Policy Groups and Policies.
#### Sample Request
```
curl -X POST https://console.jumpcloud.com/api/v2/policygroups/{GroupID}/associations \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}' \
-d '{
"op": "add",
"type": "system",
"id": "{SystemID}"
}'
```
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId ObjectID of the Policy Group.
@return PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest
*/
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupAssociationsPost(ctx context.Context, groupId string) PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest {
return PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest{
ApiService: a,
ctx: ctx,
groupId: groupId,
}
}
// Execute executes the request
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupAssociationsPostExecute(r PolicyGroupAssociationsApiGraphPolicyGroupAssociationsPostRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
formFiles []formFile
)
localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyGroupAssociationsApiService.GraphPolicyGroupAssociationsPost")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/policygroups/{group_id}/associations"
localVarPath = strings.Replace(localVarPath, "{"+"group_id"+"}", url.PathEscape(parameterValueToString(r.groupId, "groupId")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
localVarFormParams := url.Values{}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{"application/json"}
// set Content-Type header
localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
if localVarHTTPContentType != "" {
localVarHeaderParams["Content-Type"] = localVarHTTPContentType
}
// to determine the Accept header
localVarHTTPHeaderAccepts := []string{}
// set Accept header
localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
if localVarHTTPHeaderAccept != "" {
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.xOrgId != nil {
parameterAddToHeaderOrQuery(localVarHeaderParams, "x-org-id", r.xOrgId, "")
}
// body params
localVarPostBody = r.body
if r.ctx != nil {
// API Key Authentication
if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
if apiKey, ok := auth["x-api-key"]; ok {
var key string
if apiKey.Prefix != "" {
key = apiKey.Prefix + " " + apiKey.Key
} else {
key = apiKey.Key
}
localVarHeaderParams["x-api-key"] = key
}
}
}
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
return nil, err
}
localVarHTTPResponse, err := a.client.callAPI(req)
if err != nil || localVarHTTPResponse == nil {
return localVarHTTPResponse, err
}
localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
if localVarHTTPResponse.StatusCode >= 300 {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: localVarHTTPResponse.Status,
}
return localVarHTTPResponse, newErr
}
return localVarHTTPResponse, nil
}
type PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest struct {
ctx context.Context
ApiService *PolicyGroupAssociationsApiService
groupId string
limit *int32
xOrgId *string
skip *int32
filter *[]string
}
// The number of records to return at once. Limited to 100.
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest) Limit(limit int32) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest {
r.limit = &limit
return r
}
// Organization identifier that can be obtained from console settings.
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest) XOrgId(xOrgId string) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest {
r.xOrgId = &xOrgId
return r
}
// The offset into the records to return.
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest) Skip(skip int32) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest {
r.skip = &skip
return r
}
// A filter to apply to the query. **Filter structure**: `<field>:<operator>:<value>`. **field** = Populate with a valid field from an endpoint response. **operator** = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. _Note: v1 operators differ from v2 operators._ **value** = Populate with the value you want to search for. Is case sensitive. Supports wild cards. **EX:** `GET /api/v2/groups?filter=name:eq:Test+Group`
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest) Filter(filter []string) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest {
r.filter = &filter
return r
}
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest) Execute() ([]GraphObjectWithPaths, *http.Response, error) {
return r.ApiService.GraphPolicyGroupTraverseSystemExecute(r)
}
/*
GraphPolicyGroupTraverseSystem List the Systems bound to a Policy Group
This endpoint will return all Systems bound to a Policy Group, either directly or indirectly, essentially traversing the JumpCloud Graph for your Organization.
Each element will contain the type, id, attributes and paths
The `attributes` object is a key/value hash of compiled graph attributes for all paths followed.
The `paths` array enumerates each path from this Policy Group to the corresponding System; this array represents all grouping and/or associations that would have to be removed to deprovision the System from this Policy Group.
See `/members` and `/associations` endpoints to manage those collections.
#### Sample Request
```
curl -X GET https://console.jumpcloud.com/api/v2/policygroups/{GroupID}/systems \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}'
```
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId ObjectID of the Policy Group.
@return PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest
*/
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupTraverseSystem(ctx context.Context, groupId string) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest {
return PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest{
ApiService: a,
ctx: ctx,
groupId: groupId,
}
}
// Execute executes the request
// @return []GraphObjectWithPaths
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupTraverseSystemExecute(r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemRequest) ([]GraphObjectWithPaths, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
formFiles []formFile
localVarReturnValue []GraphObjectWithPaths
)
localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyGroupAssociationsApiService.GraphPolicyGroupTraverseSystem")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/policygroups/{group_id}/systems"
localVarPath = strings.Replace(localVarPath, "{"+"group_id"+"}", url.PathEscape(parameterValueToString(r.groupId, "groupId")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
localVarFormParams := url.Values{}
if r.limit != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "limit", r.limit, "")
}
if r.skip != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "skip", r.skip, "")
}
if r.filter != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "filter", r.filter, "csv")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
// set Content-Type header
localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
if localVarHTTPContentType != "" {
localVarHeaderParams["Content-Type"] = localVarHTTPContentType
}
// to determine the Accept header
localVarHTTPHeaderAccepts := []string{"application/json"}
// set Accept header
localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
if localVarHTTPHeaderAccept != "" {
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.xOrgId != nil {
parameterAddToHeaderOrQuery(localVarHeaderParams, "x-org-id", r.xOrgId, "")
}
if r.ctx != nil {
// API Key Authentication
if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
if apiKey, ok := auth["x-api-key"]; ok {
var key string
if apiKey.Prefix != "" {
key = apiKey.Prefix + " " + apiKey.Key
} else {
key = apiKey.Key
}
localVarHeaderParams["x-api-key"] = key
}
}
}
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
return localVarReturnValue, nil, err
}
localVarHTTPResponse, err := a.client.callAPI(req)
if err != nil || localVarHTTPResponse == nil {
return localVarReturnValue, localVarHTTPResponse, err
}
localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
if localVarHTTPResponse.StatusCode >= 300 {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: localVarHTTPResponse.Status,
}
return localVarReturnValue, localVarHTTPResponse, newErr
}
err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
if err != nil {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: err.Error(),
}
return localVarReturnValue, localVarHTTPResponse, newErr
}
return localVarReturnValue, localVarHTTPResponse, nil
}
type PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest struct {
ctx context.Context
ApiService *PolicyGroupAssociationsApiService
groupId string
limit *int32
xOrgId *string
skip *int32
filter *[]string
}
// The number of records to return at once. Limited to 100.
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest) Limit(limit int32) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest {
r.limit = &limit
return r
}
// Organization identifier that can be obtained from console settings.
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest) XOrgId(xOrgId string) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest {
r.xOrgId = &xOrgId
return r
}
// The offset into the records to return.
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest) Skip(skip int32) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest {
r.skip = &skip
return r
}
// A filter to apply to the query. **Filter structure**: `<field>:<operator>:<value>`. **field** = Populate with a valid field from an endpoint response. **operator** = Supported operators are: eq, ne, gt, ge, lt, le, between, search, in. _Note: v1 operators differ from v2 operators._ **value** = Populate with the value you want to search for. Is case sensitive. Supports wild cards. **EX:** `GET /api/v2/groups?filter=name:eq:Test+Group`
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest) Filter(filter []string) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest {
r.filter = &filter
return r
}
func (r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest) Execute() ([]GraphObjectWithPaths, *http.Response, error) {
return r.ApiService.GraphPolicyGroupTraverseSystemGroupExecute(r)
}
/*
GraphPolicyGroupTraverseSystemGroup List the System Groups bound to Policy Groups
This endpoint will return all System Groups bound to a Policy Group, either directly or indirectly, essentially traversing the JumpCloud Graph for your Organization.
Each element will contain the type, id, attributes and paths.
The `attributes` object is a key/value hash of compiled graph attributes for all paths followed.
The `paths` array enumerates each path from this Policy Group to the corresponding System Group; this array represents all grouping and/or associations that would have to be removed to deprovision the System Group from this Policy Group.
See `/members` and `/associations` endpoints to manage those collections.
#### Sample Request
```
curl -X GET https://console.jumpcloud.com/api/v2/policygroups/{GroupID}/systemgroups \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-H 'x-api-key: {API_KEY}'
```
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@param groupId ObjectID of the Policy Group.
@return PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest
*/
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupTraverseSystemGroup(ctx context.Context, groupId string) PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest {
return PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest{
ApiService: a,
ctx: ctx,
groupId: groupId,
}
}
// Execute executes the request
// @return []GraphObjectWithPaths
func (a *PolicyGroupAssociationsApiService) GraphPolicyGroupTraverseSystemGroupExecute(r PolicyGroupAssociationsApiGraphPolicyGroupTraverseSystemGroupRequest) ([]GraphObjectWithPaths, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
formFiles []formFile
localVarReturnValue []GraphObjectWithPaths
)
localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "PolicyGroupAssociationsApiService.GraphPolicyGroupTraverseSystemGroup")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/policygroups/{group_id}/systemgroups"
localVarPath = strings.Replace(localVarPath, "{"+"group_id"+"}", url.PathEscape(parameterValueToString(r.groupId, "groupId")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
localVarFormParams := url.Values{}
if r.limit != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "limit", r.limit, "")
}
if r.skip != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "skip", r.skip, "")
}
if r.filter != nil {
parameterAddToHeaderOrQuery(localVarQueryParams, "filter", r.filter, "csv")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
// set Content-Type header
localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
if localVarHTTPContentType != "" {
localVarHeaderParams["Content-Type"] = localVarHTTPContentType
}
// to determine the Accept header
localVarHTTPHeaderAccepts := []string{"application/json"}
// set Accept header
localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
if localVarHTTPHeaderAccept != "" {
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.xOrgId != nil {
parameterAddToHeaderOrQuery(localVarHeaderParams, "x-org-id", r.xOrgId, "")
}
if r.ctx != nil {
// API Key Authentication
if auth, ok := r.ctx.Value(ContextAPIKeys).(map[string]APIKey); ok {
if apiKey, ok := auth["x-api-key"]; ok {
var key string
if apiKey.Prefix != "" {
key = apiKey.Prefix + " " + apiKey.Key
} else {
key = apiKey.Key
}
localVarHeaderParams["x-api-key"] = key
}
}
}
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
return localVarReturnValue, nil, err
}
localVarHTTPResponse, err := a.client.callAPI(req)
if err != nil || localVarHTTPResponse == nil {
return localVarReturnValue, localVarHTTPResponse, err
}
localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
if localVarHTTPResponse.StatusCode >= 300 {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: localVarHTTPResponse.Status,
}
return localVarReturnValue, localVarHTTPResponse, newErr
}
err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
if err != nil {
newErr := &GenericOpenAPIError{
body: localVarBody,
error: err.Error(),
}
return localVarReturnValue, localVarHTTPResponse, newErr
}
return localVarReturnValue, localVarHTTPResponse, nil
}