Team management APIs

APIs to manage teams.

Base path: https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams

The <Cluster Master Host> and <Cluster Master API Port> parameters are defined in Master endpoints.

Create a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams

Command

POST

Command output format

application/json

The sample curl command resembles the following code:

 curl -k -X POST --header 'Content-Type: application/json' --header "Authorization: bearer $ACCESS_TOKEN" -d '{"teamId":"test-team","name":"Test Team"}' https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams

The output resembles the following code:

{"teamId":"test-team","name":"Test Team","users":[],"usergroups":[]}

Assign users and user groups to a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams/{team-ID}

Command

PUT

Command output format

application/json

The sample curl command resembles the following code:

curl -k -X PUT --header "Authorization: Bearer $ACCESS_TOKEN" --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{"teamId":"test-team","name":"Test Team","users":[{"userId":"testuser","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}],"usergroups":[{"name":"security","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}]}' "https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/test-team"

The response resembles the following code:

{"teamId":"test-team","name":"Test Team","users":[{"userId":"testuser","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}],"usergroups":[{"name":"security","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}]}

Assign resources to a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams

Command

POST

Command output format

application/json

The sample curl command resembles the following code:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header "Authorization: bearer $ACCESS_TOKEN" -d '{"crn": "crn:v1:icp:private:k8:mycluster.icp:n/default:::"}' 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/<team-ID>/resources' --insecure

The format of the resource that you are assigning to the team is "crn:v1:icp:private:k8:mycluster.icp:n/default:::", where mycluster.icp is the cluster_ca_domain value that is used in the config.yaml file during IBM® Cloud Private installation. In the sample command, the default namespace is assigned to the team.

Note: You should not use the default namespace in the production environment.

The response resembles the following code:

{"crn":"crn:v1:icp:private:k8:mycluster.icp:n/default:::","serviceName":"k8","region":"mycluster.icp","namespaceId":"default"}

Add Helm chart resources to a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

cluster_lb_address

Path

/helm-api/api/v2/releasesCRNs

/helm-api/api/v2/charts

/helm-api/api/v2/repos

Command

POST

Command output format

application/json

The sample curl command resembles the following code:

curl -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header "Authorization: bearer $ACCESS_TOKEN" -d '{"crn":"crn:v1:icp:private:helm-catalog:mycluster:r/local-charts::helm-repos:"}' "https://mycluster.icp:8443/idmgmt/identity/api/v1/teams/team-$i/resources" --insecure

The format of the resource that you are assigning to the team is "crn:v1:icp:private:helm-catalog:mycluster:r/local-charts::helm-repos:". In the sample command, the local-charts repository is assigned to the team.

The response resembles the following code:

{"crn":"crn:v1:icp:private:helm-catalog:mycluster.icp:r/local-charts:::","serviceName":"k8","region":"mycluster.icp","repository":"local-charts","scope":"helm-repos"}

Get information about a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams/{id}

Command

GET

Command output format

application/json

The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/test-team'

The output resembles the following code:

{"teamId":"test-team","name":"Test Team","users":[{"userId":"testuser","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}],"usergroups":[{"name":"security","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}]}

Get information about all teams

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams

Command

GET

Command output format

application/json

The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams'

The output resembles the following code:

[{"teamId":"test-team","name":"Test Team","users":[{"userId":"testuser","userBaseDN":"uid=testuser,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]},{"userId":"aaa","firstName":"AAA","lastName":"","email":"aaa@ibm.com","userBaseDN":"uid=aaa,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Administrator"}]}],"usergroups":[{"name":"security","directoryId":"fb01b1d0-1fa4-11e8-80d6-15882dd657a0","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Viewer"}]},{"name":"cloudSecurity","directoryId":"fb01b1d0-1fa4-11e8-80d6-15882dd657a0","userGroupDN":"cn=cloudSecurity,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Operator"}]}]},{"teamId":"f-122","name":"F122","users":[{"userId":"aaa","roles":[{"id":"crn:v1:icp:private:iam::::role:Administrator"}]},{"userId":"bbb","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]},{"userId":"ccc","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]},{"userId":"ddd","roles":[{"id":"crn:v1:icp:private:iam::::role:Viewer"}]}],"usergroups":[]},{"teamId":"team-1","name":"Team1","users":[{"userId":"aaa","firstName":"AAA","lastName":"","email":"aaa@ibm.com","userBaseDN":"uid=aaa,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:ClusterAdministrator"}]}],"usergroups":[{"name":"security","directoryId":"fb01b1d0-1fa4-11e8-80d6-15882dd657a0","userGroupDN":"cn=security,cn=platform,ou=cloud,ou=isl,ou=groups,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]}]},{"teamId":"team3","name":"Team3","users":[],"usergroups":[]},{"teamId":"team2","name":"Team2","users":[{"userId":"ppp","userBaseDN":"uid=ppp,ou=people,dc=ibm,dc=com","roles":[{"id":"crn:v1:icp:private:iam::::role:Viewer"}]}],"usergroups":[]}]

Get resources that are assigned to a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams/{id}/resources

Command

GET

Command output format

application/json

The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/{id}/resources'

The output resembles the following code:

[{"crn":"crn:v1:icp:private:k8:mycluster:n/default:::","serviceName":"k8","region":"mycluster","namespaceId":"default","scope":"namespace"}]

Update a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams

Command

PUT

Command output format

application/json

The sample curl command resembles the following code:

curl -k -X PUT --header 'Content-Type: application/json' --header "Authorization: bearer $ACCESS_TOKEN" -d '{"teamId":"test-team","name":"Test Team","users":[{"userId":"aaa","roles":[{"id":"crn:v1:icp:private:iam::::role:Administrator"}]},{"userId":"bbb","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]},{"userId":"ccc","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]},{"userId":"ddd","roles":[{"id":"crn:v1:icp:private:iam::::role:Viewer"}]}]}' 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/test-team'

The output resembles the following code:

{"teamId":"test-team","name":"Test Team","users":[{"userId":"aaa","roles":[{"id":"crn:v1:icp:private:iam::::role:Administrator"}]},{"userId":"bbb","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]},{"userId":"ccc","roles":[{"id":"crn:v1:icp:private:iam::::role:Editor"}]},{"userId":"ddd","roles":[{"id":"crn:v1:icp:private:iam::::role:Viewer"}]}],"usergroups":[],"_rev":"2-9238053d5bc6a27237a444e0a2e2cc5b","_id":"f-122","loopback__model__name":"Team"}

Delete a resource from a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams/{id}

Command

DELETE

Command output format

application/json

To delete a resource from a team, you must first get all the resources for the team (platform) so that you can retrieve the CRN. The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/platform/resources'

The output resembles the following code:

[
{"crn":"crn:v1:icp:private:k8:mycluster:n/kube-system:::","serviceName":"k8","region":"mycluster","namespaceId":"kube-system"},
{"crn":"crn:v1:icp:private:k8:mycluster:n/default:::","serviceName":"k8","region":"mycluster","namespaceId":"default"}
]

Next, you must encode the CRN. You can use the urlencode command (on Ubuntu), as shown in the following sample code, or you can use a Python script.

urlencode 'crn:v1:icp:private:k8:mycluster:n/default:::'

The output resembles the following code:

crn%3Av1%3Aicp%3Aprivate%3Ak8%3Amycluster%3An%2Fdefault%3A%3A%3A

Finally, you can delete the resource from the team (platform) by using the encoded CRN. The sample curl command resembles the following code:

curl -k -X DELETE --header "Authorization: Bearer $ACCESS_TOKEN" --header "Content-Type: application/json" --header "Accept: application/json" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/platform/resources/rel/crn%3Av1%3Aicp%3Aprivate%3Ak8%3Amycluster%3An%2Fdefault%3A%3A%3A'

If needed, you can get the list of resources to confirm that the resource is removed. The sample curl command resembles the following code:

curl -k -X GET --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/platform/resources'

The output resembles the following code:

[
{"crn":"crn:v1:icp:private:k8:mycluster:n/kube-system:::","serviceName":"k8","region":"mycluster","namespaceId":"kube-system"}
]

Delete a team

API version

1.0.0

API URI components

Scheme

HTTPS

Host IP

Cluster Master Host

Port number

Cluster Master API Port

Path

idmgmt/identity/api/v1/teams/{id}

Command

DELETE

Command output format

application/json

The sample curl command resembles the following code:

curl -k -X DELETE --header "Authorization: Bearer $ACCESS_TOKEN" 'https://<Cluster Master Host>:<Cluster Master API Port>/idmgmt/identity/api/v1/teams/a-1'

The output resembles the following code:

{"count":1}