Searching for SSH devices

Problem

You want to find a device.

Solution

You can use a search pattern to find SSH devices and then get the policy details.

Time Estimate

About 30 mins

• JSON
• PowerShell
• Python

To search for SSH devices

1. Reuse or create a bearer token that includes the scope ssh:manage. The bearer token grants your client access to Trust Protection Platform.

   To get a bearer token, see Getting a token. For each subsequent API call, be sure to include the token in the request header.

2. Call POST SSH/Devices and a search pattern of device_name. The response is one or more Device objects that describe a computer or other hardware. For example:

   Copy

   JSON

   POST https://tpp.venafi.example/vedauth/authorize/oauth
   {
       "client_id": "MyClient",
       "username": "local:admin",
       "password": "MyPassword!",
       "scope": "ssh;configuration"
   }
   
   And
   
   POST https://tpp.venafi.example/vedsdk/SSH/Devices
   Authorization:Bearer 4MyGeneratedBearerTknz==
   {
      "PageSize":20,
      "Offset":0,
      "SshDeviceFilter":{
         "DeviceName":[
            "device_name"
         ]
      }
   }            

   Copy

   Powershell

   $RestAPIServer = "https://tpp.venafi.example"
   $RestAPIURI = '/vedsdk/certificates/request'
   $RestRequest = $RestAPIServer + $RestAPIURI
   Write-Output $RestRequest
   
   #$creds = @{"Authorization" = "Basic "+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes("Administrator@venqa.venafi.com"+":"+"passw0rd"));}
   $body = @{client_id="TPP.Auto";username="admin";password="newPassw0rd!";scope="ssh;configuration"}
   $json = ConvertTo-Json $body
   
   $result=Invoke-RestMethod -UseDefaultCredentials -UseBasicParsing -Uri $RestRequest -Method POST -Body $json -ContentType 'application/json'
   Write-Output $result 
   
   [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy 
   $RestAPIServer = "https://192.168.4.131"
   
   #Get a token. Token scope applies to all API calls in this section 
   $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
   $headers.Add("Content-Type", "application/json")
   $RestAPIURI = '/vedauth/authorize/oauth'
   $RestRequest = $RestAPIServer + $RestAPIURI
   
   $payloadToken = @{
       client_id = "TPP.Auto";
       username =  "local:admin";
       password =  "newPassw0rd!";
       scope =  "ssh;configuration"
   }
   
   $json = ConvertTo-Json $payloadToken
   $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $json -ContentType 'application/json' 
   $result | ConvertTo-Json
   $headers.Add("Authorization", "Bearer " + $result.access_token)
   
   #SSH/Devices Search for a device name    
   $RestAPIURI = '/vedsdk/SSH/Devices'
   $RestRequest = $RestAPIServer + $RestAPIURI
   $payload = "{`n  `"PageSize`": 20,`n  `"Offset`": 0,`n  `"SshDeviceFilter`": {`n `"DeviceName`": [`n            `"Agentless Device`"`n        ]`n    }`n}"
   
   $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $payload -ContentType 'application/json' 
   $result | ConvertTo-Json
   Write-Output $result 
    

   Copy

   Python

   import requests
   requests.packages.urllib3.disable_warnings()
   
   # Globals
   uri = "https://tpp.venafi.example"
   
   headerswToken = {
       "Content-Type": "application/json",
       "Authorization": "empty"
   }
   # End of Globals
   def searchdevice():
       headers = {
         'Content-Type': 'application/json'
       }
   # End of Globals
   # Get a token. Token scope applies to all API calls in this section
       url = uri + "/vedauth/authorize/oauth"
       payloadToken = {
           "client_id": "TPP.Auto",
           "username": "local:admin",
           "password": "newPassw0rd!",
           "scope": "ssh;configuration"
       }
       r = requests.post(url, headers = headers, json = payloadToken, verify = False)
       jsonResponse = r.json()
       Token = (jsonResponse["access_token"])
       global headerswToken
       headerswToken.update({"Authorization": "Bearer " + Token})
   
       # Search for a device name
       url = uri + "/vedsdk/SSH/Devices"
   
       device_name = [{"DeviceName": 'device_name'}]
       payload = {
           "PageSize": 20,
           "Offset": 0,
               #tuple([1,2,3])
           "SshDeviceFilter": device_name
       }
   
       r = requests.post(url, headers = headerswToken, json = payload, verify = False)
       print(r.status_code, "was the response")
       data_dict = r.json()['Data']
   

3. (Optional) To show policy and other information, iterate through the response from the previous step. Use the DN response value as the ObjectDN for POST Config/ReadEffectivePolicy. For example:

   Copy

   JSON

                               
   POST https://tpp.venafi.example/vedsdk/Config/ReadEffectivePolicy
   {
      "ObjectDN":"\\VED\\Policy\\Certificates\\device_name",
      "AttributeName":"Host",
      "Class":"Device"
      }
   }

   Copy

   Powershell

   
   #Config ReadEffectivePolicy
   foreach ($key in $result.Data) { 
   
   $Device = $key
   $DeviceLocation = $Device.DN
   }
   
   $RestAPIURI = '/vedsdk/Config/ReadEffectivePolicy'
   $RestRequest = $RestAPIServer + $RestAPIURI
   
   $payloadToken = @{
       ObjectDN = $DeviceLocation;
       AttributeName =  "Host";
       Class =  "Device"}
   
   $json = ConvertTo-Json $payloadToken
   $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Post -Body $json -ContentType 'application/json' 
   $result | ConvertTo-Json
   
   # Revoke token 
   $RestAPIURI = '/vedauth/Revoke/Token'
   $RestRequest = $RestAPIServer + $RestAPIURI
   $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Get -ContentType 'application/json' 
   

   Copy

   Python

   #Config/ReadEffectivePolicy
       #use the response to get policy information
       for dn in data_dict:
           if dn['DN'] != "":
               print(dn['DN'], "policy was found")
               dn2 = dn['DN']
               payloadPolicy = {
                   "ObjectDN": dn2,
                   "AttributeName": "Host",
                   "Class": "Device"
               }
               url = uri + "/vedsdk/Config/ReadEffectivePolicy"
               r = requests.post(url, headers=headerswToken, json=payloadPolicy, verify=False)
               print(r.status_code, "was the response")
   searchdevice()
   

Clean up and go home

1. The token grants access until it expires. When your client application finishes, you can delete the token.
   Copy

   JSON

   POST https://tpp.venafi.example/vedauth/Revoke/Token
   Authorization:Bearer 4MyGeneratedBearerTknz==
   {
      "PageSize":20,
      "Offset":0,
      "SshDeviceFilter":{
         "DeviceName":[
            "device_name"
         ]
      }
   }

   Copy

   Powershell

   #Cleanup and go home
       $RestAPIURI = '/vedauth/Revoke/Token'
       $RestRequest = $RestAPIServer + $RestAPIURI
       $result = Invoke-RestMethod  -Headers $headers -Uri $RestRequest -Method Get
   

   Copy

   Python

   def revoketoken():
       # Clean up. Go home
       url = uri + "/vedauth/Revoke/token"
       r = requests.get(url, headers=headerswToken,  verify=False)
       print(r.status_code)
   
   revoketoken()