Авторские статьи об OpenSource

Proxmox VE API. Access.


/access



/access


GET
Description: Directory index.
Permissions:

User Permissions Description
all N/A N/A

Return:
array

Name Type Format Description Optional
subdir string N/A N/A

Usage:
HTTP GET /api2/json/access
CLI pvesh get /access



/access/users


GET
Description: User index.
Permissions:

User Permissions Description
all N/A The returned list is restricted to users where you have 'User.Modify' or 'Sys.Audit' permissions on '/access/groups' or on a group the user belongs too. But it always includes the current (authenticated) user.

Parameters:

Name Type Format Description Optional
enabled boolean N/A Optional filter for enable property.

Return:
array

Name Type Format Description Optional
userid string N/A N/A

Usage:
HTTP GET /api2/json/access/users
CLI pvesh get /access/users

POST
Description: Create new user.
Permissions:

User Permissions Description
N/A [u'and', [u'userid-param', u'Realm.AllocateUser'], [u'userid-group', [u'User.Modify'], u'groups_param', 1]] You need 'Realm.AllocateUser' on '/access/realm/' on the realm of user , and 'User.Modify' permissions to '/access/groups/' for any group specified (or 'User.Modify' on '/access/groups' if you pass no groups.

Parameters:

Name Type Format Description Optional
comment string N/A N/A
enable boolean N/A Enable the account (default). You can set this to '0' to disable the accout
firstname string N/A N/A
keys string N/A Keys for two factor auth (yubico).
lastname string N/A N/A
userid string pve-userid User ID
expire integer N/A Account expiration date (seconds since epoch). '0' means no expiration date.
groups string pve-groupid-list N/A
password string N/A Initial password.
email string email-opt N/A

Return:
null
Usage:
HTTP POST /api2/json/access/users
CLI pvesh create /access/users



/access/users/{userid}


GET
Description: Get user configuration.
Permissions:

User Permissions Description
N/A [u'userid-group', [u'User.Modify', u'Sys.Audit']] N/A

Parameters:

Name Type Format Description Optional
userid string pve-userid User ID

Return:

Name Type Format Description Optional
comment string N/A N/A
enable boolean N/A N/A
firstname string N/A N/A
keys string N/A N/A
lastname string N/A N/A
expire integer N/A N/A
groups array N/A N/A
email string N/A N/A

Usage:
HTTP GET /api2/json/access/users/{userid}
CLI pvesh get /access/users/{userid}

PUT
Description: Update user configuration.
Permissions:

User Permissions Description
N/A [u'userid-group', [u'User.Modify'], u'groups_param', 1] N/A

Parameters:

Name Type Format Description Optional
comment string N/A N/A
enable boolean N/A Enable/disable the account.
firstname string N/A N/A
keys string N/A Keys for two factor auth (yubico).
lastname string N/A N/A
userid string pve-userid User ID
expire integer N/A Account expiration date (seconds since epoch). '0' means no expiration date.
groups string pve-groupid-list N/A
email string email-opt N/A
append boolean N/A N/A

Return:
null
Usage:
HTTP PUT /api2/json/access/users/{userid}
CLI pvesh set /access/users/{userid}

DELETE
Description: Delete user.
Permissions:

User Permissions Description
N/A [u'and', [u'userid-param', u'Realm.AllocateUser'], [u'userid-group', [u'User.Modify']]] N/A

Parameters:

Name Type Format Description Optional
userid string pve-userid User ID

Return:
null
Usage:
HTTP DELETE /api2/json/access/users/{userid}
CLI pvesh delete /access/users/{userid}



/access/groups


GET
Description: Group index.
Permissions:

User Permissions Description
all N/A The returned list is restricted to groups where you have 'User.Modify', 'Sys.Audit' or 'Group.Allocate' permissions on /access/groups/.

Return:
array

Name Type Format Description Optional
groupid string N/A N/A

Usage:
HTTP GET /api2/json/access/groups
CLI pvesh get /access/groups

POST
Description: Create new group.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/groups', [u'Group.Allocate']] N/A

Parameters:

Name Type Format Description Optional
comment string N/A N/A
groupid string pve-groupid N/A

Return:
null
Usage:
HTTP POST /api2/json/access/groups
CLI pvesh create /access/groups



/access/groups/{groupid}


GET
Description: Get group configuration.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/groups', [u'Sys.Audit', u'Group.Allocate'], u'any', 1] N/A

Parameters:

Name Type Format Description Optional
groupid string pve-groupid N/A

Return:
object

Name Type Format Description Optional
comment string N/A N/A
members array N/A N/A

Usage:
HTTP GET /api2/json/access/groups/{groupid}
CLI pvesh get /access/groups/{groupid}

PUT
Description: Update group data.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/groups', [u'Group.Allocate']] N/A

Parameters:

Name Type Format Description Optional
comment string N/A N/A
groupid string pve-groupid N/A

Return:
null
Usage:
HTTP PUT /api2/json/access/groups/{groupid}
CLI pvesh set /access/groups/{groupid}

DELETE
Description: Delete group.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/groups', [u'Group.Allocate']] N/A

Parameters:

Name Type Format Description Optional
groupid string pve-groupid N/A

Return:
null
Usage:
HTTP DELETE /api2/json/access/groups/{groupid}
CLI pvesh delete /access/groups/{groupid}



/access/roles


GET
Description: Role index.
Permissions:

User Permissions Description
all N/A N/A

Return:
array

Name Type Format Description Optional
roleid string N/A N/A

Usage:
HTTP GET /api2/json/access/roles
CLI pvesh get /access/roles

POST
Description: Create new role.
Permissions:

User Permissions Description
N/A [u'perm', u'/access', [u'Sys.Modify']] N/A

Parameters:

Name Type Format Description Optional
roleid string pve-roleid N/A
privs string pve-priv-list N/A

Return:
null
Usage:
HTTP POST /api2/json/access/roles
CLI pvesh create /access/roles



/access/roles/{roleid}


GET
Description: Get role configuration.
Permissions:

User Permissions Description
all N/A N/A

Parameters:

Name Type Format Description Optional
roleid string pve-roleid N/A

Return:
Usage:
HTTP GET /api2/json/access/roles/{roleid}
CLI pvesh get /access/roles/{roleid}

PUT
Description: Create new role.
Permissions:

User Permissions Description
N/A [u'perm', u'/access', [u'Sys.Modify']] N/A

Parameters:

Name Type Format Description Optional
roleid string pve-roleid N/A
append boolean N/A N/A
privs string pve-priv-list N/A

Return:
null
Usage:
HTTP PUT /api2/json/access/roles/{roleid}
CLI pvesh set /access/roles/{roleid}

DELETE
Description: Delete role.
Permissions:

User Permissions Description
N/A [u'perm', u'/access', [u'Sys.Modify']] N/A

Parameters:

Name Type Format Description Optional
roleid string pve-roleid N/A

Return:
null
Usage:
HTTP DELETE /api2/json/access/roles/{roleid}
CLI pvesh delete /access/roles/{roleid}



/access/domains


GET
Description: Authentication domain index.
Permissions:

User Permissions Description
world N/A Anyone can access that, because we need that list for the login box (before the user is authenticated).

Return:
array

Name Type Format Description Optional
comment string N/A N/A
realm string N/A N/A
tfa string N/A Two-factor authentication provider.

Usage:
HTTP GET /api2/json/access/domains
CLI pvesh get /access/domains

POST
Description: Add an authentication server.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/realm', [u'Realm.Allocate']] N/A

Parameters:

Name Type Format Description Optional
comment string N/A Description.
domain string N/A AD domain name
realm string pve-realm Authentication domain ID
secure boolean N/A Use secure LDAPS protocol.
default boolean N/A Use this as default realm
tfa string pve-tfa-config Use Two-factor authentication.
user_attr string N/A LDAP user attribute name
base_dn string N/A LDAP base domain name
type string N/A Realm type.
port integer N/A Server port.

Return:
null
Usage:
HTTP POST /api2/json/access/domains
CLI pvesh create /access/domains



/access/domains/{realm}


GET
Description: Get auth server configuration.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/realm', [u'Realm.Allocate', u'Sys.Audit'], u'any', 1] N/A

Parameters:

Name Type Format Description Optional
realm string pve-realm Authentication domain ID

Return:
Usage:
HTTP GET /api2/json/access/domains/{realm}
CLI pvesh get /access/domains/{realm}

PUT
Description: Update authentication server settings.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/realm', [u'Realm.Allocate']] N/A

Parameters:

Name Type Format Description Optional
comment string N/A Description.
domain string N/A AD domain name
realm string pve-realm Authentication domain ID
secure boolean N/A Use secure LDAPS protocol.
default boolean N/A Use this as default realm
tfa string pve-tfa-config Use Two-factor authentication.
user_attr string N/A LDAP user attribute name
base_dn string N/A LDAP base domain name
port integer N/A Server port.
digest string N/A Prevent changes if current configuration file has different SHA1 digest. This can be used to prevent concurrent modifications.
delete string pve-configid-list A list of settings you want to delete.

Return:
null
Usage:
HTTP PUT /api2/json/access/domains/{realm}
CLI pvesh set /access/domains/{realm}

DELETE
Description: Delete an authentication server.
Permissions:

User Permissions Description
N/A [u'perm', u'/access/realm', [u'Realm.Allocate']] N/A

Parameters:

Name Type Format Description Optional
realm string pve-realm Authentication domain ID

Return:
null
Usage:
HTTP DELETE /api2/json/access/domains/{realm}
CLI pvesh delete /access/domains/{realm}



/access/acl


GET
Description: Get Access Control List (ACLs).
Permissions:

User Permissions Description
all N/A The returned list is restricted to objects where you have rights to modify permissions.

Return:
array

Name Type Format Description Optional
roleid string N/A N/A
ugid string N/A N/A
type string N/A N/A
propagate boolean N/A N/A
path string N/A N/A

Usage:
HTTP GET /api2/json/access/acl
CLI pvesh get /access/acl

PUT
Description: Update Access Control List (add or remove permissions).
Permissions:

User Permissions Description
N/A [u'perm-modify', u'{path}'] N/A

Parameters:

Name Type Format Description Optional
users string pve-userid-list List of users.
roles string pve-roleid-list List of roles.
propagate boolean N/A Allow to propagate (inherit) permissions.
groups string pve-groupid-list List of groups.
path string N/A Access control path
delete boolean N/A Remove permissions (instead of adding it).

Return:
null
Usage:
HTTP PUT /api2/json/access/acl
CLI pvesh set /access/acl



/access/ticket


GET
Description: Dummy. Useful for formaters which want to priovde a login page.
Permissions:

User Permissions Description
world N/A N/A

Return:
null
Usage:
HTTP GET /api2/json/access/ticket
CLI pvesh get /access/ticket

POST
Description: Create or verify authentication ticket.
Permissions:

User Permissions Description
world N/A You need to pass valid credientials.

Parameters:

Name Type Format Description Optional
username string N/A User name
realm string pve-realm You can optionally pass the realm using this parameter. Normally the realm is simply added to the username @.
privs string pve-priv-list Verify ticket, and check if user have access 'privs' on 'path'
otp string N/A One-time password for Two-factor authentication.
path string N/A Verify ticket, and check if user have access 'privs' on 'path'
password string N/A The secret password. This can also be a valid ticket.

Return:
object

Name Type Format Description Optional
username string N/A N/A
CSRFPreventionToken string N/A N/A
ticket string N/A N/A

Usage:
HTTP POST /api2/json/access/ticket
CLI pvesh create /access/ticket



/access/password


PUT
Description: Change user password.
Permissions:

User Permissions Description
N/A [u'or', [u'userid-param', u'self'], [u'and', [u'userid-param', u'Realm.AllocateUser'], [u'userid-group', [u'User.Modify']]]] Each user is allowed to change his own password. A user can change the password of another user if he has 'Realm.AllocateUser' (on the realm of user ) and 'User.Modify' permission on /access/groups/ on a group where user is member of.

Parameters:

Name Type Format Description Optional
password string N/A The new password.
userid string pve-userid User ID

Return:
null
Usage:
HTTP PUT /api2/json/access/password
CLI pvesh set /access/password

Proxmox VE API. Cluster.
Proxmox VE API. Storage.
Proxmox VE API. Pools.
Proxmox VE API. Versions.
Proxmox VE API. Nodes.

    Twitter   


Разделы

Главная
Новости
Ворох бумаг
Видео Linux
Игры в Linux
Безопасность
Статьи о FreeBSD
Статьи об Ubuntu
Статьи о Snappy
Статьи об Ubuntu Phone
Статьи о Kubuntu
Статьи о Xubuntu
Статьи о Lubuntu
Статьи об Open Source
Карта сайта

Лучшее на сайте:

1С под Linux.   Ускорение Ubuntu.   21 пример iptables.   Цикл статей о Ceph.   Убунту в дикой среде.   Ubuntu Linux на SSD.   Ubuntu для блондинок.   Поддержка железа в Linux.   BTSync на службе у админа.   Андроид программы в Ubuntu.   Прокидывание портов для p2p.   Анти СПАМ в Postfix.  



Круги Гугл Ада.


Группа поддержки