Module netapp_ontap.resources.account
Copyright © 2019 NetApp Inc. All rights reserved.
Overview
This API displays and manages the configuration of scoped user accounts.
Newly created user accounts might need to be updated for many reasons. For example, a user account might need to use a different application or its role might need to be modified. According to a policy, the password or authentication source of a user account might need to be changed, or a user account might need to be locked or deleted from the system. This API allows you to make these changes to user accounts. Specify the owner UUID and the user account name in the URI path. The owner UUID corresponds to the UUID of the SVM for which the user account has been created and can be obtained from the response body of GET call performed on one of the following APIs: /api/security/accounts for all user accounts /api/security/accounts/?scope=cluster for cluster-scoped user accounts /api/security/accounts/?scope=svm for SVM-scoped accounts /api/security/accounts/?owner.name=Examples
Retrieving the user account details
# The API:
GET "/api/security/accounts/{owner.uuid}/{name}"
# The call:
curl -k -u <cluster_admin>:<password> -X GET "https://<mgmt-ip>/api/security/accounts/aef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1"
# The response:
{
"owner": {
"uuid": "aaef7c38-4bd3-11e9-b238-0050568e2e25",
"name": "svm1",
"_links": {
"self": {
"href": "/api/svm/svms/aaef7c38-4bd3-11e9-b238-0050568e2e25"
}
}
},
"name": "svm_user1",
"applications": [
{
"application": "ssh",
"authentication_methods": [
"password"
],
"second_authentication_method": "none"
}
],
"role": {
"name": "vsadmin",
"_links": {
"self": {
"href": "/api/svms/aaef7c38-4bd3-11e9-b238-0050568e2e25/admin/roles/vsadmin"
}
}
},
"locked": false,
"scope": "svm",
"_links": {
"self": {
"href": "/api/security/accounts/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1"
}
}
}
Updating the applications and role in a user account
Specify the desired configuration in the form of tuples (of applications and authentication methods) and the role. All other previously configured applications that are not specified in the "applications" parameter of the PATCH request will be de-provisioned for the user account.
# The API:
PATCH "/api/security/accounts/{owner.uuid}/{name}"
# The call to update the applications and role:
curl -k -u <cluster-admin>:<password> -X PATCH "https://<mgmt-ip>/api/security/accounts/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1" -d '{"applications":[{"application":"http","authentication_methods":["domain"]},{"application":"ontapi","authentication_methods":["password"]}],"role":"vsadmin-backup"}'
# The call to update only the role:
curl -k -u <cluster-admin>:<password> -X PATCH "https://<mgmt-ip>/api/security/accounts/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1" -d '{"role":"vsadmin-protocol"}'
Updating the password for a user account
# The API:
PATCH "/api/security/accounts/{owner.uuid}/{name}"
# The call:
curl -k -u <cluster-admin>:<password> -X PATCH "https://<mgmt-ip>/api/security/accounts/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1" -d '{"password":"newp@ssw@rd2"}'
Locking a user account
The API:
PATCH "/api/security/accounts/{owner.uuid}/{name}"
The call:
curl -k -u <cluster-admin>:<password> -X PATCH "https://<mgmt-ip>/api/security/accounts/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1" -d '{"locked":"true"}'
Deleting a user account
# The API:
DELETE "/api/security/accounts/{owner.uuid}/{name}"
# The call:
curl -k -u <cluster_admin>:<password> -X DELETE "https://<mgmt-ip>/api/security/accounts/aaef7c38-4bd3-11e9-b238-0050568e2e25/svm_user1"
Classes
class Account (*args, **kwargs)
-
Allows interaction with Account objects on the host
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def delete_collection(*args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes a user account.
Required parameters
name
- Account name to be deleted.owner.uuid
- UUID of the SVM housing the user account to be deleted.
Related ONTAP commands
security login delete
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find(*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves a list of user accounts in the cluster.
Related ONTAP commands
security login show
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found or if more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object.Raises
NetAppRestError
: If the API call did not return exactly 1 matching resource. def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable
-
Retrieves a list of user accounts in the cluster.
Related ONTAP commands
security login show
Learn more
Fetch a list of all objects of this type from the host.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates a user account. Locks or unlocks a user account and/or updates the role, applications, and/or password for the user account.
Required parameters
name
- Account name to be updated.owner.uuid
- UUID of the SVM housing the user account to be updated.
Optional parameters
applications
- Array of one or more tuples (of application and authentication methods).role
- RBAC role for the user account.password
- Password for the user account (if the authentication method is opted as password for one or more of applications).second_authentication_method
- Needed for MFA and only supported for ssh application. Defaults tonone
if not supplied.comment
- Comment for the user account (e.g purpose of this account).locked
- Set to true/false to lock/unlock the account.
Related ONTAP commands
security login create
security login modify
security login password
security login lock
security login unlock
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Deletes a user account.
Required parameters
name
- Account name to be deleted.owner.uuid
- UUID of the SVM housing the user account to be deleted.
Related ONTAP commands
security login delete
Learn more
Send a deletion request to the host for this object.
Args
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get(self, **kwargs) -> NetAppResponse
-
Retrieves a specific user account.
Related ONTAP commands
security login show
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Updates a user account. Locks or unlocks a user account and/or updates the role, applications, and/or password for the user account.
Required parameters
name
- Account name to be updated.owner.uuid
- UUID of the SVM housing the user account to be updated.
Optional parameters
applications
- Array of one or more tuples (of application and authentication methods).role
- RBAC role for the user account.password
- Password for the user account (if the authentication method is opted as password for one or more of applications).second_authentication_method
- Needed for MFA and only supported for ssh application. Defaults tonone
if not supplied.comment
- Comment for the user account (e.g purpose of this account).locked
- Set to true/false to lock/unlock the account.
Related ONTAP commands
security login create
security login modify
security login password
security login lock
security login unlock
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Creates a new user account.
Required parameters
name
- Account name to be created.applications
- Array of one or more application tuples (of application and authentication methods).
Optional parameters
owner.name
orowner.uuid
- Name or UUID of the SVM for an SVM-scoped user account. If not supplied, a cluster-scoped user account is created.role
- RBAC role for the user account. Defaulted toadmin
for cluster user account and tovsadmin
for SVM-scoped account.password
- Password for the user account (if the authentication method is opted as password for one or more of applications).second_authentication_method
- Needed for MFA and only supported for ssh application. Defaults tonone
if not supplied.comment
- Comment for the user account (e.g purpose of this account).locked
- Locks the account after creation. Defaults tofalse
if not supplied.
Related ONTAP commands
security login create
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class AccountSchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)
-
The fields of the Account object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.schema.BaseSchema
- marshmallow.base.SchemaABC
Class variables
var applications
-
The applications field of the account.
var comment
-
Optional comment for the user account.
var links
-
The links field of the account.
var locked
-
Locked status of the account.
var name
-
User or group account name
Example: joe.smith
var opts
var owner
-
The owner field of the account.
var password
-
Password for the account. The password can contain a mix of lower and upper case alphabetic characters, digits, and special characters.
var role
-
The role field of the account.
var scope
-
Scope of the entity. set to "cluster" for cluster owned objects and to "svm" for SVM owned objects.
Valid choices:
- cluster
- svm