How to Generate API Call from Reports
Generate Guard API calls from a report either from a single row within a report or based on the whole report
Value-added: Through a GUI, by using existing data on the system that is displayed in reports as parameters for API calls, quickly and easily generate and populate API calls without having to perform system level commands or type lengthy API calls to quickly perform operations such as create datasources, define inspection engines, maintain user hierarchies, or maintain the Guardium features such as S-TAP.
Single Row API call
For this scenario, we will generate API function calls to populate the Data Security User Hierarchy.
- To begin, let's show the current Data Security User Hierarchy for the user scott
To invoke an API function we must find a report that currently has the desired API functions linked to it. Since creating a user hierarchy is related to users, selection of a user report should yield good results. For this scenario we've selected the User - Role report.
Double-clicking on a row for drill-down will display an option to Invoke...
Click on the Invoke... option to display a list of API functions that are mapped to this report
Click on the API you'd like to invoke; bringing up the API Call Form for the Report and Invoked API Function.
Fill in the Required Parameters and any non-Required Parameters for the selected API call. Many of the parameters are pre-filled from the report but may be changed to build a unique API call. For specific help in filling out required or non-required parameters please see the individual API function calls within the GuardAPI Reference guide.
Use the drop-down list to select the Log level, where Log level represents the following (0 - returns ID=identifier and ERR=error_code as defined in Return Codes, 1 - displays additional information to screen, 2 - puts information into the Guardium application debug logs, 3 - both 1 and 2).
- Use the drop-down list to select a Parameter to encrypt.Note: Parameter Encryption is enabled by setting the Shared Secret and is relevant only for invoking the API function through script generation.
Choose to Invoke Now or Generate Script.
If Invoke Now is selected the API call will run immediately and display an API Call Output screen showing the status of the API call.
- If Generate Script is selected: Open the generated script
with your favorite editor or optionally save to disk to edit and execute
at a later time -- replacing any of the empty parameter values (denoted
by '< >') if contained within the script.Note: Empty parameters may remain in the script as the API call will ignore them
Example Script
# A template script for invoking guardAPI function create_user_hierarchy :
# Usage: ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt
# replace any < > with the required value
#
grdapi create_user_hierarchy userName=jkoopmann parentUserName=scott
- Execute the CLI function call.
Example Call
$ ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt
Validate. For this scenario it is a redisplay of the Data Security User Hierarchy.
Multi Row API call
This scenario uses a custom report with mapped parameters to report fields. Please see additional scenarios further in this section for additional information.
To begin, let's show the current Data Security User Hierarchy for the user scott
Click on the Invoke... icon to display a list of APIs that are mapped to this report
Click on the API you'd like to invoke; bringing up the API Call Form for the Report and Invoked API Function. Invoking an API call from a report for multiple rows will produce an API Call Form that displays and enables the editing of all records displayed on the screen (dependent on the fetch size) to a maximum of 20 records.
Use the check boxes to select / de-select the rows that will be targeted for the API call.
Fill in the Required Parameters and any non-Required Parameters for the selected API call. Many of the parameters are pre-filled from the report but may be changed to build a unique API call. For specific help in filling out required or non-required parameters please see the individual API function calls within the GuardAPI Reference guide. Additionally, use the set of parameters for the API to enter a value for a parameter and then click the down arrow to populate that parameter for all records.
Use the drop-down list to select the Log level, where Log level represents the following (0 - returns ID=identifier and ERR=error_code as defined in Return Codes, 1 - displays additional information to screen, 2 - puts information into the Guardium application debug logs, 3 - both 1 and 2).
- Use the drop-down list to select a Parameter to encrypt.Note: Parameter Encryption is enabled by setting the Shared Secret and is relevant only for invoking the API function through script generation.
Choose to Invoke Now or Generate Script.
If Invoke Now is selected the API call runs immediately and displays an API Call Output screen showing the status of the API call. In this specific scenario the last two API calls would fail since we can not have a cyclical relationship in the hierarchy.
- If Generate Script is selected: Open the generated script with your favorite editor or
optionally save to disk to edit and execute at a later time You can replace any of the empty
parameter values (denoted by '< >') if contained within the script. With this scenario, we could
easily delete the last two lines of the script -- knowing they would create cyclical
errors.Note: Empty parameters are valid in the script since the API call ignores them.Example Script
# A template script for invoking guardAPI function create_user_hierarchy : # Usage: ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt # replace any < > with the required value # grdapi create_user_hierarchy userName=ADAMS parentUserName=SCOTT grdapi create_user_hierarchy userName=JOHNY parentUserName=SCOTT grdapi create_user_hierarchy userName=MARY parentUserName=SCOTT grdapi create_user_hierarchy userName=SCOTT parentUserName=SCOTT grdapi create_user_hierarchy userName=SCOTT parentUserName=SCOTT
Then Execute the CLI function call, for example:$ ssh cli@a1.corp.com<create_user_hierarchy_api_call.txt
Validate. For this scenario it is a re-display of the Data Security User Hierarchy.