| API Description | API Path |
|---|---|
Read node authentication policy and password complexity configurationReturns information about the currently configured authentication policies and password complexity on the node. |
GET /api/v1/transport-nodes/{transport-node-id}/node/aaa/auth-policy
GET /api/v1/cluster/{cluster-node-id}/node/aaa/auth-policy GET /api/v1/node/aaa/auth-policy |
Resets node authentication policy and password complexity configurationResets to default, currently configured authentication policy and password complexity on the node. Administrators need to enforce password change for existing user accounts in order to match newly configured complexity requirements in system. reset-all: resets configured Authentication policy and Password complexity reset-auth-policies: resets only configured Authentication policy reset-pwd-complexity: resets only configured Password complexity |
POST /api/v1/transport-nodes/{transport-node-id}/node/aaa/auth-policy?action=reset-all
POST /api/v1/transport-nodes/{transport-node-id}/node/aaa/auth-policy?action=reset-auth-policies POST /api/v1/transport-nodes/{transport-node-id}/node/aaa/auth-policy?action=reset-pwd-complexity POST /api/v1/cluster/{cluster-node-id}/node/aaa/auth-policy?action=reset-all POST /api/v1/cluster/{cluster-node-id}/node/aaa/auth-policy?action=reset-auth-policies POST /api/v1/cluster/{cluster-node-id}/node/aaa/auth-policy?action=reset-pwd-complexity POST /api/v1/node/aaa/auth-policy?action=reset-all POST /api/v1/node/aaa/auth-policy?action=reset-auth-policies POST /api/v1/node/aaa/auth-policy?action=reset-pwd-complexity |
Update node authentication policy and password complexity configurationUpdate the currently configured authentication policy and password complexity on the node. If any of api_max_auth_failures, api_failed_auth_reset_period, or api_failed_auth_lockout_period are modified, the http service is automatically restarted. Whereas change in any password complexity will not be applicable on already configured user passwords. Administrators need to enforce password change for existing user accounts in order to match newly configured complexity requirements enforced in system. All values from AuthenticationPolicyProperties are in sync among the management cluster nodes. |
PUT /api/v1/transport-nodes/{transport-node-id}/node/aaa/auth-policy
PUT /api/v1/cluster/{cluster-node-id}/node/aaa/auth-policy PUT /api/v1/node/aaa/auth-policy |
List node usersReturns the list of users configured to log in to the NSX appliance. |
GET /api/v1/transport-nodes/{transport-node-id}/node/users
GET /api/v1/transport-nodes/{transport-node-id}/node/users?internal=true GET /api/v1/cluster/{cluster-node-id}/node/users GET /api/v1/cluster/{cluster-node-id}/node/users?internal=true GET /api/v1/node/users GET /api/v1/node/users?internal=true |
Create node usersCreate new user account to log in to the NSX web-based user interface or access API. username is required field in case of creating new user, further following
usernames - root, admin, audit are reserved and can not be used
to create new user account unless for local audit user. In case of local audit account when username not specified in request by default account will be created with audit username, although administrators
are allowed to use any other non-duplicate usernames during creation. |
POST /api/v1/cluster/{cluster-node-id}/node/users?action=create_user
POST /api/v1/cluster/{cluster-node-id}/node/users?action=create_audit_user POST /api/v1/node/users?action=create_user POST /api/v1/node/users?action=create_audit_user |
Reset a user's own password. Requires current passwordEnables a user to reset their own password. |
POST /api/v1/cluster/{cluster-node-id}/node/users?action=reset_own_password
POST /api/v1/node/users?action=reset_own_password |
Delete node userDelete specified user who is configured to log in to the NSX appliance. Whereas local users root and administrator are not allowed to be deleted, but local user audit is deletable on-demand. Caution, users deleted from following node types cannot be recovered,
|
DELETE /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}
DELETE /api/v1/cluster/{cluster-node-id}/node/users/{userid} DELETE /api/v1/node/users/{userid} |
Read node userReturns information about a specified user who is configured to log in to the NSX appliance. The valid user IDs are: 0, 10000, 10002 or other users managed by administrators. |
GET /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}
GET /api/v1/cluster/{cluster-node-id}/node/users/{userid} GET /api/v1/node/users/{userid} |
Activate a user account with a passwordActivates the account for this user. When an account is successfully activated, the "status" field in the response is "ACTIVE". This API is not supported for userid 0 and userid 10000. |
POST /api/v1/cluster/{cluster-node-id}/node/users/{userid}?action=activate
POST /api/v1/node/users/{userid}?action=activate |
Reset a user's password without requiring their current passwordUnlike the PUT version of this call (PUT /node/users/<userid>), this API does not require that the current password for the user be provided. The account of the target user must be "ACTIVE" for the call to succeed. This API is not supported for userid 0 and userid 10000. |
POST /api/v1/cluster/{cluster-node-id}/node/users/{userid}?action=reset_password
POST /api/v1/node/users/{userid}?action=reset_password |
Deactivate a user accountDeactivates the account for this user. Deactivating an account is permanent, unlike an account that is temporarily locked because of too many password failures. A deactivated account has to be explicitly activated. When an account is successfully deactivated, the "status" field in the response is "NOT_ACTIVATED". This API is not supported for userid 0 and userid 10000. |
POST /api/v1/cluster/{cluster-node-id}/node/users/{userid}?action=deactivate
POST /api/v1/node/users/{userid}?action=deactivate |
Update node userUpdates attributes of an existing NSX appliance user. This method
The specified password does not meet the following (default) complexity requirements:
the configured password complexity may vary as per defined Authentication and Password policies, which shall be available at: [GET]: /api/v1/node/aaa/auth-policy The valid user IDs are: 0, 10000, 10002 or other users managed by administrators.
|
PUT /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}
PUT /api/v1/cluster/{cluster-node-id}/node/users/{userid} PUT /api/v1/node/users/{userid} |
List SSH keys from authorized_keys file for node userReturns a list of all SSH keys from authorized_keys file for node user |
GET /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}/ssh-keys
GET /api/v1/cluster/{cluster-node-id}/node/users/{userid}/ssh-keys GET /api/v1/node/users/{userid}/ssh-keys |
Remove SSH public key from authorized_keys file for node user |
POST /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}/ssh-keys?action=remove_ssh_key
POST /api/v1/cluster/{cluster-node-id}/node/users/{userid}/ssh-keys?action=remove_ssh_key POST /api/v1/node/users/{userid}/ssh-keys?action=remove_ssh_key |
Add SSH public key to authorized_keys file for node user |
POST /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}/ssh-keys?action=add_ssh_key
POST /api/v1/cluster/{cluster-node-id}/node/users/{userid}/ssh-keys?action=add_ssh_key POST /api/v1/node/users/{userid}/ssh-keys?action=add_ssh_key |