1 of 21 9/22/11 10:41 AM



Similar documents
Getting Started With Halo for Windows For CloudPassage Halo

Server Account Management

Web Application Firewall

CloudPassage Halo Technical Overview

How to Configure Captive Portal

RoomWizard Synchronization Software Manual Installation Instructions

VMware vcenter Log Insight Security Guide

Tenable for CyberArk

Startup guide for Zimonitor

Getting Started With Halo for Windows

IBM Security QRadar SIEM Version MR1. Vulnerability Assessment Configuration Guide

CloudPassage Halo Technical Overview

LifeSize UVC Access Deployment Guide

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

AusCERT Remote Monitoring Service (ARMS) User Guide for AusCERT Members

Using RADIUS Agent for Transparent User Identification

IP Filtering for Patton RAS Products

Remote Access API 2.0

without the fixed perimeters of legacy security.

IBM Cloud Manager with OpenStack. REST API Reference, version 4.1

Git Fusion Guide August 2015 Update

Comodo MyDLP Software Version 2.0. Installation Guide Guide Version Comodo Security Solutions 1255 Broad Street Clifton, NJ 07013

User and Programmer Guide for the FI- STAR Monitoring Service SE

Lab Objectives & Turn In

Moving to Plesk Automation 11.5

Flight Workflow User's Guide. Release

File Transfer Examples. Running commands on other computers and transferring files between computers

Architecture and Data Flow Overview. BlackBerry Enterprise Service Version: Quick Reference

Fairsail REST API: Guide for Developers

vcloud Air Platform Programmer's Guide

API documentation - 1 -

F-SECURE MESSAGING SECURITY GATEWAY

Dynamic DNS How-To Guide

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

Setting Up Scan to SMB on TaskALFA series MFP s.

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

Click Studios. Passwordstate. Installation Instructions

Dashboard Admin Guide

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

F-Secure Messaging Security Gateway. Deployment Guide

My FreeScan Vulnerabilities Report

Freshservice Discovery Probe User Guide

Automating Server Firewalls

Cloud Elements! Marketing Hub Provisioning and Usage Guide!

vcloud Director User's Guide

Preinstallation Requirements Guide

PC Monitor Enterprise Server. Setup Guide

Using TestLogServer for Web Security Troubleshooting

Dragonframe License Manager User Guide Version 1.2.2

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Chapter 3 Restricting Access From Your Network

Integration Client Guide

Compute RESTful API. Programmer s Guide. Revision 1.4 (11/10/2013) COMPUTE RESTFUL API

VMware Identity Manager Connector Installation and Configuration

OS Installation: CentOS 5.8

API Reference Guide. API Version 1. Copyright Platfora 2016

How To Set Up An Ip Firewall On Linux With Iptables (For Ubuntu) And Iptable (For Windows)

Configuring Security Features of Session Recording

Administrators guide to the Matrix Control Panel. Linux

Healthstone Monitoring System

Ansible Tower API Guide

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

API V2.0. Documentation 7/28/2014

qliqdirect Active Directory Guide

Cloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA

Qualys API V1. User Guide. Version 8.6

EMC NetWorker. Security Configuration Guide. Version 8.2 SP REV 02

Web Browsing Examples. How Web Browsing and HTTP Works

Infinitel HotSpotWeb User Manual

Step-By-Step Guide to Deploying Lync Server 2010 Enterprise Edition

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

NAT TCP SIP ALG Support

IBM Endpoint Manager Version 9.2. Patch Management for SUSE Linux Enterprise User's Guide

Shipping Services Files (SSF) Secure File Transmission Account Setup

EMC ViPR Controller. ViPR Controller REST API Virtual Data Center Configuration Guide. Version

TREK HOSC PAYLOAD ETHERNET GATEWAY (HPEG) USER GUIDE

How to Configure Active Directory based User Authentication

Presented by Henry Ng

Parallels Plesk Panel

How To Set Up A Network Map In Linux On A Ubuntu 2.5 (Amd64) On A Raspberry Mobi) On An Ubuntu (Amd66) On Ubuntu 4.5 On A Windows Box

Configuring User Identification via Active Directory

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

HowTo: Logging, reporting, log-analysis and log server setup Version 2007nx Release 3. Log server version 2.0

Chapter 6 Virtual Private Networking Using SSL Connections

Instructions for Adding a MacOS 10.4.x Server to ASURITE for File Sharing. Installation Section

Apache Server Implementation Guide

Configuring Global Protect SSL VPN with a user-defined port

Click Studios. Passwordstate. Installation Instructions

Configuring Basic Settings

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

McAfee Vulnerability Manager 7.0.2

Discovery Guide. Secret Server. Table of Contents

OCS Training Workshop LAB14. Setup

NetIQ Advanced Authentication Framework - MacOS Client

SUSE Manager in the Public Cloud. SUSE Manager Server in the Public Cloud

Rebasoft Auditor Quick Start Guide

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Transcription:

This document is a detailed reference guide that describes all the API operations for the CloudPassage. In addition, it provides sample requests, responses, and errors for the supported APIs. CloudPassage provides a collection of REST APIs which accept and return JSON-formatted data. CloudPassage s REST APIs provide access to resources via URI paths. To use a REST API, your application will make an HTTP request and parse the response. The request and response format are JSON and your methods will be the standard HTTP methods like GET, PUT, POST and DELETE. Because the REST API is based on open standards, you can use any web development language to access the API. API The s are version controlled. The current version of the is 1. The API version is independent of the CloudPassage Halo daemon release number. The version number of an API appears in its URI. For example, use this URI structure to request version 1 of the CloudPassage REST API: https://portal.cloudpassage.com/api/1/firewall_policies/ API Each call to a has to be authenticated using the customer s key. To authenticate the API call, include your API key in the x-cpauth-access field in the request header. This key may be found through the web user interface under: Settings > Site Administration > API Keys. Example: x-cpauth-access: cf04666d2d8fb834c65dc1fbd17qwert1 In case of an authentication error, a 401 (Unauthorized) HTTP response is returned. and HTTP Codes The CloudPassage REST API is served over HTTPS. To ensure data privacy unencrypted HTTP is not supported. Retrieving Resources with the HTTP GET Method You can retrieve a representation of a resource by GETting its URL. Possible GET Status Codes Code Status Explanation 200 OK The request was successful and the response body contains the representation requested. 401 Unauthorized The supplied credentials, if any, are not sufficient to access the resource. 404 Not Found Resource not found. 500 Server Error We couldn t return the representation due to an internal server error. Creating or Updating Resources with the HTTP POST and PUT Creating or updating a resource involves performing an HTTP PUT or HTTP POST to a resource URL. In the PUT or POST, you represent the properties of the object you wish to update as JSON objects. Be sure to set the HTTP Content-Type header to application/json for your requests if you are writing your own client. Possible POST or PUT Status Codes Code Status Explanation 204 No Content The request was successful. 201 Created The request was successful, we created a new resource and the response body contains the representation. 202 Accepted The request was successful, new resource was accepted for processing. 400 Bad Request The data given in the POST or PUT failed validation. Inspect the response body for details. 401 Unauthorized The supplied credentials, if any, are not sufficient to create or update the resource. 404 Not Found Resource not found. 500 Server Error We couldn t create or update the resource. Please try again. Deleting Resources with the HTTP DELETE Method To delete a resource make an HTTP DELETE request to the resource s URL. Not all CloudPassage REST API resources support DELETE operation. Possible DELETE Status Codes Code Status Explanation 204 No Content The request was successful; the resource was deleted. 1 of 21 9/22/11 10:41 AM

Code Status Explanation 401 Unauthorized The supplied credentials, if any, are not sufficient to delete the resource. 404 Not Found Resource not found. 500 Server Error We couldn t delete the resource. Please try again. Custom Error Messages Validation Errors In case of a validation error, a 422 (Unprocessable Entity) HTTP response will be returned. The response body will contain error details: Status: 422 "message" => "Validation Failed", "errors" => [ "code" : "taken", "field" : "name" ] Resource Not Found Errors In case of a resource not found error, a 404 (Not Found) HTTP response will be returned. The response body will contain error details: Status: 404 "resource" => "FirewallRule", "field" => "id", "value" => "3e74aaf07288012e23f3442c031a719c" Server errors In case of a server error, a 500 (Internal Server Error) HTTP response will be returned. The response body will contain error details: Status: 500 "code" : 500, "message" : "Internal Server Error", "details" : <backtrace here> API Server Groups Object Representation Core server group fields id name tag policy_ids firewall_policy_id A unique string identifier for this server group. A unique name for this server group. Optional. A unique tag assigned to this server group. Tag is used to assign daemons to the group. Daemon started with the specific tag will be assigned to the group with that tag. Tag should start with a letter and contain only letters, numbers,. (dot), - (dash), and _ (underscore). An array of one or more configuration policy identifiers assigned to this server group. Optional Firewall policy identifier assigned to this server group. s present only in server group details cve_exception_ids Optional An array of common vulnerabilities and exposures exception identifiers. List server groups GET https://portal.cloudpassage.com/api/1/groups Search server groups that use specific configuration policy GET https://portal.cloudpassage.com/api/1/groups?search[policy_id]=policy_id 2 of 21 9/22/11 10:41 AM

"groups": [ "url": "https://portal.cloudpassage.com/api/1/groups/1e9d5320a9b9012e0e53442c030d794d", "firewall_policy_id": null, "exception_ids": [ "name": "Unassigned", "policy_ids": ["96cb9470a9b9012e0e56442c030d794d" "id": "1e9d5320a9b9012e0e53442c030d794d", "tag": null, "url": "https://portal.cloudpassage.com/api/1/groups/1ea83e60a9b9012e0e53442c030d794d", "firewall_policy_id": null, "exception_ids": [ "name": "Retired", "policy_ids": ["96cb9470a9b9012e0e56442c030d794d" "id": "1ea83e60a9b9012e0e53442c030d794d", "tag": null, "url": "https://portal.cloudpassage.com/api/1/groups/1ea85fd0a9b9012e0e53442c030d794d", "firewall_policy_id": null, "exception_ids": [ "name": "Unretired", "policy_ids": ["96cb9470a9b9012e0e56442c030d794d" "id": "1ea85fd0a9b9012e0e53442c030d794d", "tag": null ] Get a single server group GET https://portal.cloudpassage.com/api/1/groups/id "group": "url": "https://portal.cloudpassage.com/api/1/groups/1e9d5320a9b9012e0e53442c030d794d", "firewall_policy_id": null, "exception_ids": [ "name": "Unassigned", "policy_ids": ["96cb9470a9b9012e0e56442c030d794d" "id": "1e9d5320a9b9012e0e53442c030d794d", "tag": null Create a new server group POST https://portal.cloudpassage.com/api/1/groups "group": "firewall_policy_id": null, "name": "Load Balancers", "policy_ids": ["96cb9470a9b9012e0e56442c030d794d" "tag": "load_balancers" Status: 201 Location: https://portal.cloudpassage.com/api/1/groups/e04b92e0b61e012ec6e8404096c01709 "group": "firewall_policy_id": null, "cve_exception_ids": [ "tag": "load_balancers", "policy_ids": ["96cb9470a9b9012e0e56442c030d794d" "name": "Load Balancers", "url": "https://portal.cloudpassage.com/api/1/groups/e04b92e0b61e012ec6e8404096c01709", "id": "e04b92e0b61e012ec6e8404096c01709" Update server group attributes PUT https://portal.cloudpassage.com/api/1/groups/id 3 of 21 9/22/11 10:41 AM

"group": "name": "Test Groups", "tag": "load_balancers" Assign a firewall policy to the server group PUT https://portal.cloudpassage.com/api/1/groups/id "group": "firewall_policy_id": "96cb9470a9b9012e0e56442c030d794c" To remove a firewall policy from the server group PUT https://portal.cloudpassage.com/api/1/groups/id "group": "firewall_policy_id": null Assign several configuration policies to the server group PUT https://portal.cloudpassage.com/api/1/groups/id "group": "policy_ids": ["96cb9470a9b9012e0e56442c030d794d", "96cb9470a9b9012e0e56442c030d794f"] Delete server group without any servers DELETE https://portal.cloudpassage.com/api/1/groups/id : Delete server group and move group s servers into Unassigned group DELETE https://portal.cloudpassage.com/api/1/groups/id?move_to_unassigned=true : To list common vulnerabilities and exposures exception identifiers applied to a server group 4 of 21 9/22/11 10:41 AM

GET https://portal.cloudpassage.com/api/1/groups/id "group": "firewall_policy_id": null, "cve_exception_ids": ["302ed800b61a012ec6e8404096c01709" "tag": "", "policy_ids": ["7bef46c072b1012ec681404096c01709", "8883c860b0ce012ec6a4404096c01709" "name": "Unassigned", "url": "https://portal.cloudpassage.com/api/1/groups/8cdc2200b576012ec6d7404096c01709", "id": "8cdc2200b576012ec6d7404096c01709" To list details of a common vulnerability and exposure exception identifier GET https://portal.cloudpassage.com/api/1/cve_exceptions/id "cve_exception": "package_name": "bzip2.x86_64", "server_id": null, "expires_at": "2011-09-01T23:59:59Z", "package_version": "1.0.3", "created_at": "2011-08-31T16:14:12Z", "id": "302ed800b61a012ec6e8404096c01709", "group_id": "8cdc2200b576012ec6d7404096c01709" Servers Object Representation Core server fields id hostname state connecting_ip_address interfaces A unique identifier of the server. A calculated hostname of the server. A state of the server. Currently, only active servers are returned. The last reported IP address of the server. A list of reported network interfaces that are present on the server. List active servers in the group If a server is inactive or missing it will not be in the response. GET https://portal.cloudpassage.com/api/1/groups/group_id/servers List active servers GET https://portal.cloudpassage.com/api/1/servers "servers": [ "hostname": "svm-rh55", "connecting_ip_address": "185.106.128.133", "interfaces": [ "ip_address": "10.179.227.6", "name": "eth1", "ip_address": "185.106.128.133", "name": "eth0" "state": "active", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452", "id": "1206942686a8a6da1586c8aaeac10452", "hostname": "domu-12-31-39-0c-92-fc", "connecting_ip_address": "51.17.24.4", "interfaces": [ "ip_address": "10.215.119.10", 5 of 21 9/22/11 10:41 AM

] "name": "eth0" "state": "active", "url": "https://portal.cloudpassage.com/api/1/servers/a731945fa16309d945a205f9c37f8e67", "id": "a731945fa16309d945a205f9c37f8e67" List active servers that have specific user account GET https://portal.cloudpassage.com/api/1/servers?search[username]=username GET https://portal.cloudpassage.com/api/1/servers?search[uid]=uid "servers": [ "hostname": "svm-rh55", "accounts": [ "last_login_at": "2011-08-16T14:47:47Z", "uid": "500", "comment": "", "gid": "500", "home": "/home/bob", "username": "bob", "shell": "/bin/bash", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452/accounts/bob", "last_login_from": "c-55-124-81-458.hsd1.md.comcast.net pts/0" "connecting_ip_address": "185.106.128.133", "interfaces": [ "ip_address": "10.179.227.6", "name": "eth1", "ip_address": "185.106.128.133", "name": "eth0" "state": "active", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452", "id": "1206942686a8a6da1586c8aaeac10452" ] Move server into server group PUT https://portal.cloudpassage.com/api/1/servers/id "server" : "group_id" : "94a90ae07284012e23f3442c031a719c" Remove server from a server group You must first pull the group_id for the unassigned group by using the following request: GET https://portal.cloudpassage.com/api/1/groups Then assign the server to the unassigned group id PUT https://portal.cloudpassage.com/api/1/servers/id "server" : "group_id" : "unassigned_group_id" List of server issues 6 of 21 9/22/11 10:41 AM

GET https://portal.cloudpassage.com/api/1/servers/id/issues : "connecting_ip_address": "185.106.128.133", "id": "1206942686a8a6da1586c8aaeac10452", "hostname": "newhost.domain.com", "state": "active", "sca": "policies": [ "Policy For Servers" "critical_findings_count": 2, "status": "completed_with_errors", "findings": [ "critical": true, "details": [ "scan_status": "ok", "expected": "enforcing", "config_key": "SELINUX", "type": "configuration", "actual": "disabled", "target": "/etc/selinux/config", "status": "bad", "scan_status": "ok", "expected": "targeted", "config_key": "SELINUXTYPE", "type": "configuration", "actual": "targeted", "target": "/etc/selinux/config", "status": "good" "rule_name": "Enable SELinux", "status": "bad", "critical": true, "details": [ "scan_status": "ok", "expected": "/etc/issue", "config_key": "Banner", "type": "configuration", "actual": "/etc/issue.net", "target": "/etc/ssh/sshd_config", "status": "bad" "rule_name": "Enable a Warning Banner", "status": "bad", "critical": false, "details": [ "scan_status": "not_found", "expected": "SymLinksIfOwnerMatch", "config_key": "Options", "type": "configuration", "actual": null, "target": "/etc/httpd/conf/httpd.conf", "status": "indeterminate" "rule_name": "APACHE: Restrict Web Directory", "status": "indeterminate", "critical": false, "details": [ "scan_status": "not_found", "expected": "/chroot/apache", "config_key": "SecChrootDir", "type": "configuration", "actual": null, "target": "/etc/httpd/conf/httpd.conf", "status": "indeterminate" "rule_name": "APACHE: Run Apache in a chroot Jail if Possible", "status": "indeterminate", "critical": false, "details": [ "scan_status": "not_found", 7 of 21 9/22/11 10:41 AM

"expected": "speling_module modules/mod_speling.so", "config_key": "#LoadModule", "type": "configuration", "actual": null, "target": "/etc/httpd/conf/httpd.conf", "status": "indeterminate" "rule_name": "APACHE: URL Correction on Misspelled Entries", "status": "indeterminate" "non_critical_findings_count": 3, "svm": "critical_findings_count": 1, "status": "completed_clean", "findings": [ "critical": true, "cve_entries": [ "suppressed": false, "cve_entry": "CVE-2008-3916", "suppressed": false, "cve_entry": "CVE-2006-6939" "package_version": "0.2", "status": "bad", "package_name": "ed.x86_64", "critical": false, "cve_entries": [ "suppressed": false, "cve_entry": "CVE-2009-3490", "suppressed": false, "cve_entry": "CVE-2010-2252" "package_version": "1.11.4", "status": "bad", "package_name": "wget.x86_64" "non_critical_findings_count": 1 Configuration Policies Object Representation Core server fields id name description used_by A unique identifier of the configuration policy. A name given to the configuration policy. Optional. A description of the configuration policy. Read-only. A list of server group identifiers of server groups that use the configuration policy. List configuration policies GET https://portal.cloudpassage.com/api/1/policies : "policies": [ "used_by": [ "name": "AcmeCorp - AMI (Amazon)", "id": "7bbea00072b1012ec681404096c01709" "description": "This configuration security policy has been configured for a default Amazon Linux distribution. "name": "AMI - Core OS Policy", "id": "7bcb0a0072b1012ec681404096c01709", "used_by": [ "description": null, "name": "Basic Linux Gotchas Copy", "id": "a44c24a07da6012ec688404096c01709" 8 of 21 9/22/11 10:41 AM

] Server Accounts Object Representation Core server account fields username A username of the server account. uid A user id of the server account. gid A group id of the server account. home A home directory of the server account. shell A server s account shell. comment A comment for the server account. last_login_at The last time the server account logged on in UTC time (if available) last_login_from The last domain and port the account logged on from (if available) s present only in server account details home_exists groups last_password_change days_warn_before_password_expiration minimum_days_between_password_changes maximum_days_between_password_changes disabled_after_days_inactive days_since_disabled ssh_authorized_keys sudo_access Whether or not the server account s home directory exists or not Any groups the account belongs to (if any) When the account s password was last changed (if available) How soon the account is warned about password expiration (if available) The date before which the account s password may be changed (if available) The date before which the account s password must be changed (if available) How many days of inactivity before the account is disabled (if available) How many days since the account was disabled (if available) An array of any authorized SSH keys belonging to the account (if available) A list of sudo access rules for the account, both as a member of a group and as a user (if available) List server accounts GET https://portal.cloudpassage.com/api/1/servers/server_id/accounts Search server accounts by username or uid GET https://portal.cloudpassage.com/api/1/servers/server_id/accounts?search[username]=username GET https://portal.cloudpassage.com/api/1/servers/server_id/accounts?search[uid]=uid "accounts": [ "last_login_at": null, "uid": "3", "comment": "adm", "gid": "4", "home": "/var/adm", "username": "adm", "shell": "/sbin/nologin", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452/accounts/adm", "last_login_from": null, "last_login_at": null, "uid": "70", "comment": "Avahi daemon", "gid": "70", "home": "/", "username": "avahi", "shell": "/sbin/nologin", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452/accounts/avahi", "last_login_from": null, "last_login_at": null, "uid": "100", "comment": "avahi-autoipd", "gid": "101", "home": "/var/lib/avahi-autoipd", "username": "avahi-autoipd", 9 of 21 9/22/11 10:41 AM

"shell": "/sbin/nologin", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452/accounts/avahi-autoipd", "last_login_from": null, "last_login_at": null, "uid": "1", "comment": "bin", "gid": "1", "home": "/bin", "username": "bin", "shell": "/sbin/nologin", "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452/accounts/bin", "last_login_from": null... ] Get server account details GET https://portal.cloudpassage.com/api/1/servers/server_id/accounts/username : "account": "maximum_days_between_password_changes": 99999, "days_warn_before_password_expiration": 7, "last_login_at": "2011-08-16T14:47:47Z", "uid": "500", "disabled_after_days_inactive": null, "comment": "", "gid": "500", "home": "/home/bob", "groups": "wheel, bob", "home_exists": true, "days_since_disabled": null, "last_password_change": "2011-08-02", "sudo_access": [ "as_group": [ ["%wheel ALL = (ALL) ALL"] ] "username": "bob", "ssh_authorized_keys": [ "type": "rsa", "comment": "bob@bobs-macbook-pro.local" "shell": "/bin/bash", "minimum_days_between_password_changes": 0, "url": "https://portal.cloudpassage.com/api/1/servers/1206942686a8a6da1586c8aaeac10452/accounts/bob", "ssh_acl": "rwx------", "last_login_from": "c-22-156-23-228.hsd1.md.comcast.net pts/0" Create server account Creating a new server account is done asynchronously. On successful call 202 (Accepted) status will be returned with information about the created server command. POST https://portal.cloudpassage.com/api/1/servers/server_id/accounts "account": "username" : "bob", "comment" : "User Bob", "groups" : "wheel,users", "password" : "length" : 10, "include_special" : true, "include_numbers" : true, "include_uppercase" : false Status: 202 Location: https://portal.cloudpassage.com/api/1/servers/bd49ce6e06448012e21a713ce62c039c/commands/ac49ce6e06448012e21a7 "command" : id => "ac49ce6e06448012e21a713ce62c039c", uri => "https://portal.cloudpassage.com/api/1/servers/bd49ce6e06448012e21a713ce62c039c/commands/ac49ce6e06448012e21 name => "Create Account", 10 of 21 9/22/11 10:41 AM

status => "queued", created_at => "2011-10-10T10:10:10Z", updated_at => "2011-10-10T10:10:10Z" Reset password for server account Reseting password for server account is done asynchronously. On successful call 202 (Accepted) status will be returned with information about the created server command. PUT https://portal.cloudpassage.com/api/1/servers/server_id/accounts/username/password "password" : "length" : 10, "include_special" : true, "include_numbers" : true, "include_uppercase" : false Status: 202 Location: https://portal.cloudpassage.com/api/1/servers/bd49ce6e06448012e21a713ce62c039c/commands/ac49ce6e06448012e21a7 "command" : id => "ac49ce6e06448012e21a713ce62c039c", uri => "https://portal.cloudpassage.com/api/1/servers/bd49ce6e06448012e21a713ce62c039c/commands/ac49ce6e06448012e21 name => "Reset Password", status => "queued", created_at => "2011-10-10T10:10:10Z", updated_at => "2011-10-10T10:10:10Z" Disable server account Disabling server account is done asynchronously. On successful call 202 (Accepted) status will be returned with information about the created server command. PUT https://portal.cloudpassage.com/api/1/servers/server_id/accounts/username "account" : "active" : false Status: 202 Location: https://portal.cloudpassage.com/api/1/servers/hkjhlkhlk/commands/ac49ce6e06448012e21a713ce62c039c "command" : id => "ac49ce6e06448012e21a713ce62c039c", uri => "https://portal.cloudpassage.com/api/1/servers/hkjhlkhlk/commands/ac49ce6e06448012e21a713ce62c039c", name => "Disable Account", status => "queued", created_at => "2011-10-10T10:10:10Z", updated_at => "2011-10-10T10:10:10Z" Remove server account Removing a server account is done asynchronously. On successful call 202 (Accepted) status will be returned with information about the created server command. DELETE https://portal.cloudpassage.com/api/1/servers/server_id/accounts/username Status: 202 Location: https://portal.cloudpassage.com/api/1/servers/hkjhlkhlk/commands/ac49ce6e06448012e21a713ce62c039c "command" : id => "ac49ce6e06448012e21a713ce62c039c", 11 of 21 9/22/11 10:41 AM

uri => "https://portal.cloudpassage.com/api/1/servers/hkjhlkhlk/commands/ac49ce6e06448012e21a713ce62c039c", name => "Remove Account", status => "queued", created_at => "2011-10-10T10:10:10Z", updated_at => "2011-10-10T10:10:10Z" Server Commands Object Representation id name status created_at updated_at result A unique identifier of the server command. A name of the command. Get command details A status of the command. Possible values queued, pending, completed, failed. A timestamp when command was created. A timestamp when command was last updated. A result of the command execution once command is finished. GET https://portal.cloudpassage.com/api/1/servers/server_id/commands/id "command" : "id" : "ac49ce6e06448012e21a713ce62c039c", "uri" : "https://portal.cloudpassage.com/api/1/servers/hkjhlkhlk/commands/ac49ce6e06448012e21a713ce62c039c", "name" : "Remove Account", "status: : "completed", "created_at" : "2011-10-10T10:10:10Z", "updated_at" : "2011-10-10T10:11:12Z", "result : "done" Firewall Policies Object Representation Core server account fields id name description used_by A unique identifier of the firewall policy. A unique name given to the firewall policy. Optional. A description of the firewall policy. Read-only. The identifiers and names of server groups that use the firewall policy. List firewall policies GET https://portal.cloudpassage.com/api/1/firewall_policies/ : "used_by": [ "name": "Group One", "id": "f5e1ada0a4c0012ec693404096c01709" "description": "", "name": "SSH-Only", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/7ba8ebc072b1012ec681404096c01709", "id": "7ba8ebc072b1012ec681404096c01709", "used_by": [ "description": "Firewall policy for the Load Balancer server group with connections to the Internet and to the "name": "Load Balancer", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/7ba8a00072b1012ec681404096c01709", "id": "7ba8a00072b1012ec681404096c01709", "used_by": [ "description": "Firewall policy for the Web-Apps server group with connections to the Load Balancers server gro 12 of 21 9/22/11 10:41 AM

] "name": "Web-Apps", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/7ba8c5d072b1012ec681404096c01709", "id": "7ba8c5d072b1012ec681404096c01709" Get firewall policy details including firewall rules GET https://portal.cloudpassage.com/api/1/firewall_policies/id : "firewall_policy" : "id" : "b1553ab07287012e23f3442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/b1553ab07287012e23f3442c031a719c" "name" : "policy one", "description" : "", "used_by" : [ "id" : "b6dd45907287012e23f3442c031a719c", "name" : "group one" "firewall_rules" : [ "id" : "d09ac7d07287012e23f3442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/b1553ab07287012e23f3442c031a719c/firewall_rules "chain" : "INPUT", "active" : true, "firewall_interface" : null, "firewall_source": "name": "any", "id": "649acdf06ac8012e23ce442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_zones/649acdf06ac8012e23ce442c031a719c" "type": "FirewallZone", "ip_address": "0.0.0.0/0", "firewall_service": "name": "smtp", "port": "25", "protocol": "tcp", "id": "649871106ac8012e23ce442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_services/649871106ac8012e23ce442c031a719c", "connection_states" : "NEW, ESTABLISHED", "action" : "ACCEPT", "log" : false, "id" : "d63c5b707287012e23f3442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/b1553ab07287012e23f3442c031a719c/firewall_rules "chain" : "INPUT", "active" : true, "firewall_interface": "name": "eth0", "id": "649ce6e06ac8012e23ce442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_interaces/649ce6e06ac8012e23ce442c031a719c", "firewall_source" : null, "firewall_service" : null, "connection_states" : null, "action" : "REJECT", "log" : true, "id" : "da80ec907287012e23f3442c031a719c", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/b1553ab07287012e23f3442c031a719c/firewall_rules "chain" : "OUTPUT", "active" : true, "firewall_interface" : null, "firewall_target" : null, "firewall_service" : null, "connection_states" : null, "action" : "ACCEPT", "log" : false ] Create new firewall policy POST https://portal.cloudpassage.com/api/1/firewall_policies 13 of 21 9/22/11 10:41 AM

"firewall_policy" : "name" : "policy one", "description" : "my new policy", "firewall_rules" : [ "chain" : "INPUT", "active" : true, "firewall_interface" : null, "firewall_source" : "c26c6a50b190012ec6b4404096c01709", "firewall_service" : "7b6409a072b1012ec681404096c01709", "connection_states" : "NEW, ESTABLISHED", "action" : "ACCEPT", "log" : false, "chain" : "INPUT", "active" : true, "firewall_interface" : "7b881ca072b1012ec681404096c01709", "firewall_source" : null, "firewall_service" : null, "connection_states" : null, "action" : "REJECT", "log" : true, "chain" : "OUTPUT", "active" : true, "firewall_interface" : "7b881ca072b1012ec681404096c01709", "firewall_destination" : null, "firewall_service" : null, "connection_states" : null, "action" : "ACCEPT", "log" : false ] Status: 201 Location: https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709 "firewall_policy": "used_by": [ "description": "my new policy", "firewall_rules": [ "firewall_service": "port": "53", "protocol": "TCP", "name": "dns AXFR", "url": "https://portal.cloudpassage.com/api/1/firewall_services/7b6409a072b1012ec681404096c01709", "id": "7b6409a072b1012ec681404096c01709", "log": false, "active": true, "action": "ACCEPT", "chain": "INPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_r "id": "812d3bf0b27b012ec6c4404096c01709", "connection_states": "NEW, ESTABLISHED", "log": true, "active": true, "firewall_interface": "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=7b881ca072b1012ec681404096c01709", "id": "7b881ca072b1012ec681404096c01709", "action": "REJECT", "chain": "INPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_r "id": "812f26a0b27b012ec6c4404096c01709", "connection_states": null, "log": false, "active": true, "firewall_interface": "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=7b881ca072b1012ec681404096c01709", "id": "7b881ca072b1012ec681404096c01709", "action": "ACCEPT", "chain": "OUTPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_r "id": "81304d50b27b012ec6c4404096c01709", "connection_states": null "name": "policy one", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709", "id": "812b7500b27b012ec6c4404096c01709" 14 of 21 9/22/11 10:41 AM

Update name or description for the firewall policy To update firewall rules within the policy use firewall rules API. PUT https://portal.cloudpassage.com/api/1/firewall_policies/id "firewall_policy" : "name" : "policy one" Delete firewall policy Deletes an existing firewall policy. If firewall policy is used by one or more server groups 422 error will be returned. DELETE https://portal.cloudpassage.com/api/1/firewall_policies/id Firewall Rules Object Representation Core firewall rule fields id chain active firewall_interface firewall_source firewall_target firewall_service connection_states action log A unique identifier of the firewall rule. Whether the firewall rule covers INPUT or OUTPUT connections. Allowed values are INPUT and OUTPUT. Whether the firewall rule is active or not. The specified firewall interface for this rule. Specify the ID of the interface you wish to use. The specified source/zone for an INPUT rule. Specify the ID and type of source you wish to use. Allowed values for type are FirewallZone or Group. The specified source/zone for an OUTPUT rule. Specify the ID and type of destination you wish to use. Allowed values for type are FirewallZone or Group. The specified firewall service for this rule. Specify the ID of the service you wish to use. The specified firewall connection state(s) fot this rule. NEW, RELATED, and ESTABLISHED are allowed. The specified action to take if this rule is matched. Allowed values are ACCEPT, DROP, and REJECT. Whether matches to this rule are logged or not. s present only in firewall rule details position The position order of the rule in the chain. List firewall rules in firewall policy GET https://portal.cloudpassage.com/api/1/firewall_policies/firewall_policy_id/firewall_rules/ "firewall_rules": [ "firewall_service": "port": "53", "protocol": "TCP", "name": "dns AXFR", "url": "https://portal.cloudpassage.com/api/1/firewall_services/7b6409a072b1012ec681404096c01709", "id": "7b6409a072b1012ec681404096c01709", "log": false, "active": true, "action": "ACCEPT", "chain": "INPUT", 15 of 21 9/22/11 10:41 AM

"url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_rules "id": "812d3bf0b27b012ec6c4404096c01709", "connection_states": "NEW, ESTABLISHED", "log": true, "active": true, "firewall_interface": "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=7b881ca072b1012ec681404096c01709", "id": "7b881ca072b1012ec681404096c01709", "action": "REJECT", "chain": "INPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_rules "id": "812f26a0b27b012ec6c4404096c01709", "connection_states": null, "log": false, "active": true, "firewall_interface": "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=7b881ca072b1012ec681404096c01709", "id": "7b881ca072b1012ec681404096c01709", "action": "ACCEPT", "chain": "OUTPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_rules "id": "81304d50b27b012ec6c4404096c01709", "connection_states": null ] Get firewall rule details GET https://portal.cloudpassage.com/api/1/firewall_policies/firewall_policy_id/firewall_rules/id "firewall_rule": "log": false, "active": true, "position": 1, "firewall_interface": "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=7b881ca072b1012ec681404096c01709", "id": "7b881ca072b1012ec681404096c01709", "action": "ACCEPT", "chain": "OUTPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_rules "id": "81304d50b27b012ec6c4404096c01709", "connection_states": null Add a new firewall rule to the firewall policy Note that when creating a firewall rule, the source or destination needs to specify whether the zone type is FirewallZone or Group. Position of the rule in the policy is determined by position value. Rules are numbered from 1 for each chain. To add new rule to the very end of the chain, set the value of the position attribute to last. POST https://portal.cloudpassage.com/api/1/firewall_policies/firewall_policy_id/firewall_rules "firewall_rule" : "chain" : "INPUT", "active" : true, "firewall_interface" : "7b881ca072b1012ec681404096c01709", "firewall_service" : "7b6409a072b1012ec681404096c01709", "connection_states" : "NEW, ESTABLISHED", "action" : "ACCEPT", "log" : false, "position": 4 Status: 201 Location: https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_rules/99b71 16 of 21 9/22/11 10:41 AM

"firewall_rule": "firewall_service": "port": "53", "protocol": "TCP", "name": "dns AXFR", "url": "https://portal.cloudpassage.com/api/1/firewall_services/7b6409a072b1012ec681404096c01709", "id": "7b6409a072b1012ec681404096c01709", "log": false, "active": true, "position": 4, "firewall_interface": "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=7b881ca072b1012ec681404096c01709", "id": "7b881ca072b1012ec681404096c01709", "action": "ACCEPT", "chain": "INPUT", "url": "https://portal.cloudpassage.com/api/1/firewall_policies/812b7500b27b012ec6c4404096c01709/firewall_rules "id": "99b71970b27c012ec6c4404096c01709", "connection_states": "NEW, ESTABLISHED" Delete firewall rule DELETE https://portal.cloudpassage.com/api/1/firewall_policies/firewall_policy_id/firewall_rules/id Update firewall rule Note that when updating a firewall rule and specifying the source or destination, you also need to specify whether the zone type is FirewallZone or Group. To move rule to a new position specify new position. PUT https://portal.cloudpassage.com/api/1/firewall_policies/firewall_policy_id/firewall_rules/id "firewall_rule" : "firewall_interface" : "649cf9806ac8012e23ce442c031a719c", Move a firewall rule to a desired position Rules within a policy may be ordered. To see the current order execute the API call to list the details of the firewall policy. The rules will be listed in order. Positions accepted are whole numbers with 1 being the first position. Alternatively, you may use position : last for the rule to be moved to the last position. PUT https://portal.cloudpassage.com/api/1/firewall_policies/firewall_policy_id/firewall_rules/id "firewall_rule" : "position" : position Firewall Interfaces Object Representation id name A unique identifier of the firewall interface. A unique name given to the firewall interface. 17 of 21 9/22/11 10:41 AM

system Denotes whether the firewall interface is built-in/system or not. These interfaces can not be updated or deleted. List firewall interfaces GET https://portal.cloudpassage.com/api/1/firewall_interfaces/ "firewall_interfaces": [ "name": "eth0", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=5a9a36906ac7012ea3c240403472c9f3", "id": "5a9a36906ac7012ea3c240403472c9f3", "name": "eth0:1", "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=5a9a65806ac7012ea3c240403472c9f3", "id": "5a9a65806ac7012ea3c240403472c9f3", "name": "eth0:15", "system": false, "url": "https://portal.cloudpassage.com/api/1/firewall_interfaces?id=5a9b5b406ac7012ea3c240403472c9f3", "id": "5a9b5b406ac7012ea3c240403472c9f3" ] Get firewall interface details GET https://portal.cloudpassage.com/api/1/firewall_interfaces/id "firewall_interface": "name": "eth0:15", "system": false, "url": "https://ninja.cloudpassage.com/api/1/firewall_interfaces?id=5a9b5b406ac7012ea3c240403472c9f3", "id": "5a9b5b406ac7012ea3c240403472c9f3" Create a new firewall interface POST https://portal.cloudpassage.com/api/1/firewall_interfaces "firewall_interface" : "name" : "eth0:16" Status: 201 Location: https://portal.cloudpassage.com/api/1/firewall_interfaces/2e542e3f344a07288012e22c031a719c "firewall_interface": "name": "eth0:16", "system": false, "url": "https://ninja.cloudpassage.com/api/1/firewall_interfaces?id=648e7d40ae4f012ea3f340403472c9f3", "id": "648e7d40ae4f012ea3f340403472c9f3" Delete firewall interface DELETE https://portal.cloudpassage.com/api/1/firewall_interfaces/id Sample : Firewall Services Object Representation 18 of 21 9/22/11 10:41 AM

id name protocol port system A unique identifier of the firewall service. A unique name given to the firewall service. The specified protocol of the firewall service. TCP, UDP, and ICMP are allowed. The specified port(s) of the firewall service. Denotes whether the firewall service is built-in/system or not. System firewall services can not be updated or deleted. List firewall services GET https://portal.cloudpassage.com/api/1/firewall_services/ "firewall_services": [ "port": "53", "protocol": "TCP", "name": "dns AXFR", "url": "https://portal.cloudpassage.com/api/1/firewall_services/5a8ce2e06ac7012ea3c240403472c9f3", "id": "5a8ce2e06ac7012ea3c240403472c9f3", "port": "53", "protocol": "UDP", "name": "dns query", "url": "https://portal.cloudpassage.com/api/1/firewall_services/5a8cc0a06ac7012ea3c240403472c9f3", "id": "5a8cc0a06ac7012ea3c240403472c9f3", "port": "5432", "protocol": "TCP", "name": "postgres", "system": false, "url": "https://portal.cloudpassage.com/api/1/firewall_services/5a8e66606ac7012ea3c240403472c9f3", "id": "5a8e66606ac7012ea3c240403472c9f3" ] Get firewall service details GET https://portal.cloudpassage.com/api/1/firewall_services/id "firewall_service": "port": "5432", "protocol": "TCP", "name": "postgres", "system": false, "url": "https://portal.cloudpassage.com/api/1/firewall_services/5a8e66606ac7012ea3c240403472c9f3", "id": "5a8e66606ac7012ea3c240403472c9f3" Create a new firewall service POST https://portal.cloudpassage.com/api/1/firewall_services "firewall_service" : "name" : "rails", "protocol" : "tcp", "port" : "3000" Status: 201 Location: https://portal.cloudpassage.com/api/1/firewall_service/d9887180ae4e012ea3f340403472c9f3 "firewall_service": "port": "3000", "protocol": "TCP", "name": "rails", "system": false, "url": "https://portal.cloudpassage.com/api/1/firewall_services/d9887180ae4e012ea3f340403472c9f3", 19 of 21 9/22/11 10:41 AM

"id": "d9887180ae4e012ea3f340403472c9f3" Delete firewall service DELETE https://portal.cloudpassage.com/api/1/firewall_services/id Firewall Zones Object Representation id A unique identifier of the firewall zone. name A unique name given to the firewall zone. ip_address The specified IP address(es) of the firewall zone. system Denotes whether the firewall zone is built-in/system or not. These zones can not be updated or deleted. used_by Read-only. The list of firewall policies that use this firewall zone. List firewall zones GET https://portal.cloudpassage.com/api/1/firewall_zones/ "firewall_zones": [ "ip_address": "0.0.0.0/0", "used_by": [ "name": "CentOS firewall policy", "id": "5ab5a3106ac7012ea3c240403472c9f3", "name": "Drop everything in all directions policy", "id": "5ab8a7e06ac7012ea3c240403472c9f3" "name": "any", "url": "https://portal.cloudpassage.com/api/1/firewall_zones/5a935b306ac7012ea3c240403472c9f3", "id": "5a935b306ac7012ea3c240403472c9f3", "ip_address": "10.1.2.1, 102.19.6.14", "used_by": [ "name": "DevelopmentCo", "system": false, "url": "https://portal.cloudpassage.com/api/1/firewall_zones/5a9585706ac7012ea3c240403472c9f3", "id": "5a9585706ac7012ea3c240403472c9f3" ] Get firewall zone details GET https://portal.cloudpassage.com/api/1/firewall_zones/id "firewall_zone": "ip_address": "10.1.2.1, 102.19.6.14", "used_by": [ "name": "DevelopmentCo", "system": false, "url": "https://ninja.cloudpassage.com/api/1/firewall_zones/5a9585706ac7012ea3c240403472c9f3", "id": "5a9585706ac7012ea3c240403472c9f3" Create a new firewall zone POST https://portal.cloudpassage.com/api/1/firewall_zones 20 of 21 9/22/11 10:41 AM

"firewall_zone" : "name" : "databases", "ip_address" : "10.10.10.1,10.10.10.2,10.10.10.3" : Status: 201 Location: https://portal.cloudpassage.com/api/1/firewall_zones/002736c0ae4b012ea3f240403472c9f3 "firewall_zone": "ip_address": "10.10.10.1,10.10.10.2,10.10.10.3", "used_by": [ "name": "databases", "system": false, "url": "https://portal.cloudpassage.com/api/1/firewall_zones/002736c0ae4b012ea3f240403472c9f3", "id": "002736c0ae4b012ea3f240403472c9f3" Clone a firewall zone To clone a firewall zone, first fetch the firewall zone details to clone, then create the new firewall zone by using the create firewall zone call, with the new name and IP address(es) details. Update firewall zone PUT https://portal.cloudpassage.com/api/1/firewall_zones/id "firewall_zone" : "ip_address" : "10.10.10.4" : Delete firewall zone Only non-system firewall zones that are not used by firewall policies can be deleted. Attempting to delete a system firewall zone or a firewall zone that is used by firewall policies will result in 422 error. DELETE https://portal.cloudpassage.com/api/1/firewall_zones/id 21 of 21 9/22/11 10:41 AM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information