Searching for SSH devices
Problem
You want to find a device.
Solution
You can use a search pattern to find SSH devices and then get the policy details.
Time Estimate
About 30 mins
To search for SSH devices
-
Reuse or create a bearer token that includes the scope ssh:manage. The bearer token grants your client access to Trust Protection Platform.
To get a bearer token, see Getting a token. For each subsequent API call, be sure to include the token in the request header. -
Call POST SSH/Devices and a search pattern of device_name. The response is one or more Device objects that describe a computer or other hardware. For example:
CopyJSONPOST https://tpp.venafi.example/vedauth/authorize/oauth
{
"client_id": "MyClient",
"username": "local:admin",
"password": "MyPassword!",
"scope": "ssh;configuration"
}
And
POST https://tpp.venafi.example/vedsdk/SSH/Devices
Authorization:Bearer 4MyGeneratedBearerTknz==
{
"PageSize":20,
"Offset":0,
"SshDeviceFilter":{
"DeviceName":[
"device_name"
]
}
}CopyPowershell$RestAPIServer = "https://tpp.venafi.example"
$RestAPIURI = '/vedsdk/certificates/request'
$RestRequest = $RestAPIServer + $RestAPIURI
Write-Output $RestRequest
#$creds = @{"Authorization" = "Basic "+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("Administrator@venqa.venafi.com"+":"+"passw0rd"));}
$body = @{client_id="TPP.Auto";username="admin";password="newPassw0rd!";scope="ssh;configuration"}
$json = ConvertTo-Json $body
$result=Invoke-RestMethod -UseDefaultCredentials -UseBasicParsing -Uri $RestRequest -Method POST -Body $json -ContentType 'application/json'
Write-Output $result
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
$RestAPIServer = "https://192.168.4.131"
#Get a token. Token scope applies to all API calls in this section
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$RestAPIURI = '/vedauth/authorize/oauth'
$RestRequest = $RestAPIServer + $RestAPIURI
$payloadToken = @{
client_id = "TPP.Auto";
username = "local:admin";
password = "newPassw0rd!";
scope = "ssh;configuration"
}
$json = ConvertTo-Json $payloadToken
$result = Invoke-RestMethod -Headers $headers -Uri $RestRequest -Method Post -Body $json -ContentType 'application/json'
$result | ConvertTo-Json
$headers.Add("Authorization", "Bearer " + $result.access_token)
#SSH/Devices Search for a device name
$RestAPIURI = '/vedsdk/SSH/Devices'
$RestRequest = $RestAPIServer + $RestAPIURI
$payload = "{`n `"PageSize`": 20,`n `"Offset`": 0,`n `"SshDeviceFilter`": {`n `"DeviceName`": [`n `"Agentless Device`"`n ]`n }`n}"
$result = Invoke-RestMethod -Headers $headers -Uri $RestRequest -Method Post -Body $payload -ContentType 'application/json'
$result | ConvertTo-Json
Write-Output $result
CopyPythonimport requests
requests.packages.urllib3.disable_warnings()
# Globals
uri = "https://tpp.venafi.example"
headerswToken = {
"Content-Type": "application/json",
"Authorization": "empty"
}
# End of Globals
def searchdevice():
headers = {
'Content-Type': 'application/json'
}
# End of Globals
# Get a token. Token scope applies to all API calls in this section
url = uri + "/vedauth/authorize/oauth"
payloadToken = {
"client_id": "TPP.Auto",
"username": "local:admin",
"password": "newPassw0rd!",
"scope": "ssh;configuration"
}
r = requests.post(url, headers = headers, json = payloadToken, verify = False)
jsonResponse = r.json()
Token = (jsonResponse["access_token"])
global headerswToken
headerswToken.update({"Authorization": "Bearer " + Token})
# Search for a device name
url = uri + "/vedsdk/SSH/Devices"
device_name = [{"DeviceName": 'device_name'}]
payload = {
"PageSize": 20,
"Offset": 0,
#tuple([1,2,3])
"SshDeviceFilter": device_name
}
r = requests.post(url, headers = headerswToken, json = payload, verify = False)
print(r.status_code, "was the response")
data_dict = r.json()['Data'] -
(Optional) To show policy and other information, iterate through the response from the previous step. Use the DN response value as the ObjectDN for POST Config/ReadEffectivePolicy. For example:
CopyJSON
POST https://tpp.venafi.example/vedsdk/Config/ReadEffectivePolicy
{
"ObjectDN":"\\VED\\Policy\\Certificates\\device_name",
"AttributeName":"Host",
"Class":"Device"
}
}CopyPowershell
#Config ReadEffectivePolicy
foreach ($key in $result.Data) {
$Device = $key
$DeviceLocation = $Device.DN
}
$RestAPIURI = '/vedsdk/Config/ReadEffectivePolicy'
$RestRequest = $RestAPIServer + $RestAPIURI
$payloadToken = @{
ObjectDN = $DeviceLocation;
AttributeName = "Host";
Class = "Device"}
$json = ConvertTo-Json $payloadToken
$result = Invoke-RestMethod -Headers $headers -Uri $RestRequest -Method Post -Body $json -ContentType 'application/json'
$result | ConvertTo-Json
# Revoke token
$RestAPIURI = '/vedauth/Revoke/Token'
$RestRequest = $RestAPIServer + $RestAPIURI
$result = Invoke-RestMethod -Headers $headers -Uri $RestRequest -Method Get -ContentType 'application/json'CopyPython#Config/ReadEffectivePolicy
#use the response to get policy information
for dn in data_dict:
if dn['DN'] != "":
print(dn['DN'], "policy was found")
dn2 = dn['DN']
payloadPolicy = {
"ObjectDN": dn2,
"AttributeName": "Host",
"Class": "Device"
}
url = uri + "/vedsdk/Config/ReadEffectivePolicy"
r = requests.post(url, headers=headerswToken, json=payloadPolicy, verify=False)
print(r.status_code, "was the response")
searchdevice()
Clean up and go home
- The token grants access until it expires. When your client application finishes, you can delete the token.
CopyJSON
POST https://tpp.venafi.example/vedauth/Revoke/Token
Authorization:Bearer 4MyGeneratedBearerTknz==
{
"PageSize":20,
"Offset":0,
"SshDeviceFilter":{
"DeviceName":[
"device_name"
]
}
}CopyPowershell#Cleanup and go home
$RestAPIURI = '/vedauth/Revoke/Token'
$RestRequest = $RestAPIServer + $RestAPIURI
$result = Invoke-RestMethod -Headers $headers -Uri $RestRequest -Method GetCopyPythondef revoketoken():
# Clean up. Go home
url = uri + "/vedauth/Revoke/token"
r = requests.get(url, headers=headerswToken, verify=False)
print(r.status_code)
revoketoken()