No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00SPC200, 300, and 500 Self-Service Integration Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Management Interfaces

Security Management Interfaces

This topic describes the security management (SM) interfaces.

The security management (SM) interface is mainly used to:
  • Log in to and out of the eSight.
  • Synchronize roles and users.
  • Query audit logs.
Role and user synchronization is mainly used in the SSO scenario. The process is as follows:
  1. Synchronize roles.
  2. Synchronize users.
  3. Update the relationship between users and roles.

Log In to the eSight

Function

The interface is used to log in to the eSight based on the configured user name, password, and IP address. In addition, the openid indicating the session identifier is returned after a successful login.

In hierarchical NMS scenarios, all users for invoking the /rest/openapi/sm/session interface must be the upper-layer NMS users.

URI

/rest/openapi/sm/session

Access Method

PUT

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

userid

Mandatory

Parameter list

String

Indicates the user name for the login.

value

Mandatory

Parameter list

String

Indicates the user password.

ipaddr

Optional

Parameter list

String

Indicates the IP address.

NOTE:

The IP address is a standby one and is used only after the IP address in the request message fails to be obtained. In other words, IP addresses in request messages are used by preference.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

Object

Indicates the openid that is returned after a successful login.

description

String

Indicates the description of the returned result.

Precautions

  • By default, the openid becomes invalid if no operation is performed 30 minutes after a login.
  • The openid which is returned after a successful login, is binded with IP address of the client which called the interface. In a valid term, the openid cannot be used in client of other IP addresses. Otherwise, the authentication will be denied.

Example

package com.huawei.nms.openapi.demo.sm;
import java.util.ArrayList;
import java.util.List;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;

import net.sf.json.JSONObject;

/*
 * log in
 */
public class Login {
 public static void main(String[] args) throws Exception {
  login();
 }

 public static void login() throws Exception
 {
  //set the URL and method
  final String openidURL = "/rest/openapi/sm/session";
  final String method = "PUT";
  
  //set parameters
  List<BasicNameValuePair> parameters = new ArrayList<BasicNameValuePair>();
  parameters.add(new BasicNameValuePair("userid", GlobalVar.GLOBAL_USERNAME));
  parameters.add(new BasicNameValuePair("value", GlobalVar.GLOBAL_USERVALUE));
  parameters.add(new BasicNameValuePair("ipaddr", GlobalVar.GLOBAL_USERIP));
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, null, parameters);
  //get the result
  final String ret = NewHttpsAccess.getResult(response);
  System.out.println(ret);
  
  //resolve the result and get the openid
  final JSONObject jObject = JSONObject.fromObject(ret);
  if (null == jObject)
  {
     System.out.println("Login failed.");
     return;
  }
  if ("0".equals(String.valueOf(jObject.get("code"))))
  {
     final String openid = String.valueOf(jObject.get("data"));
     GlobalVar.globalOpenid = openid;
  }
 }   
}

The returned result is as follows:

{
  "code" : 0,
  "data" : "89965ad0cb924a932cda461d749288368b54b91bd4260b84",
  "description" : "Operation success."
} 

Log Out of the eSight

Function

This interface is used to exit the current login based on the openid.

URI

/rest/openapi/sm/session

Access Method

DELETE

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

openid

Optional

Parameter list

String

Indicates the session identifier of the user who needs to log out.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter. When a request message header and the parameter list contain open IDs, the open ID in the message header is used.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

Object

Here is null.

description

String

Indicates the description of the returned result.

Precautions

None

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * LogOut
 */
public class Logout {
 public static void main(String[] args) throws Exception {
  Logout test = new Logout();
  test.logoutTest();
 }
 public void logoutTest() throws Exception
 {
  Login.login();
  
  //set the URL and method
  String openidURL = "/rest/openapi/sm/session";
  String method = "DELETE";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters =
  {
     new BasicNameValuePair("openid", GlobalVar.globalOpenid)
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, headers, parameters);
  //get the result
  String ret = NewHttpsAccess.getResult(response);
  System.out.println(ret);
 }  
}

The returned result is as follows:

{ 
   "code":0,
   "data":null,
   "description":"Operation success."
}

Query the Role List

Function

This interface is used to query the role list in the eSight system.

To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/role/detail

Access Method

GET

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (sectionLog In to the eSight) for security management to obtain this parameter.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • Others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

List<Map<String, Object>>

Indicates the role information list.

description

String

Indicates the description of the returned result.

The object Map<String, Object> in field data contains the following information.

Field

Value Type

Description

roleName

String

Indicates the role name.

roleDescription

String

Indicates the role description.

roleAssociatedUsers

List<String>

Indicates the user name list associated with the role.

roleCreateTime

String

Indicates the time when the role is created, which must be in the same time zone as the eSight server.

isDefault

int

Indicates whether the role is the default role in the eSight system. The options are as follows:

  • 0: no
  • 1: yes

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * query role list
 */
public class QueryRoles
{
    /**
     * Open API URI
     */
    private static final String QUERY_ROLES_URI = "/rest/openapi/role/detail";
    
    /**
     * main entry
     * 
     * @param args console arguments
     * @throws Exception exception
     */
    public static void main(String[] args) throws Exception
    {
        Login.login();
        queryRoles();
    }
    
    /**
     * query example
     * 
     * @throws Exception exception
     */
    public static void queryRoles() throws Exception
    {
        //set the URL and method
        String openidURI = QUERY_ROLES_URI;
        String method = "GET";
        
        //set headers
        BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURI, method);
        //set parameters
        BasicNameValuePair[] parameters = null;

        //send the request
        HttpResponse response =
            NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURI, method, headers, parameters);
        
        //get the result
        String body = NewHttpsAccess.getResult(response);
        System.out.println(body);
    }
}

The returned result is as follows:

{
    "code": 0,
    "data": [{
        "roleDescription": "Administrator role",
        "isDefault": 1,
        "roleCreateTime": "2015-04-08 10:29:11",
        "roleAssociatedUsers": ["admin"],
        "roleName": "Administrators"
    },
    {
        "roleDescription": "",
        "isDefault": 0,
        "roleCreateTime": "2015-04-08 10:44:12",
        "roleAssociatedUsers": ["openapi"],
        "roleName": "eSDK"
    },
    {
        "roleDescription": "Permission to query all features except Security Manager",
        "isDefault": 0,
        "roleCreateTime": "2015-04-08 00:00:00",
        "roleAssociatedUsers": [],
        "roleName": "Monitor"
    },
    {
        "roleDescription": "Openapi user group has permission to invoke the open API interfaces",
        "isDefault": 1,
        "roleCreateTime": "2015-04-08 10:29:34",
        "roleAssociatedUsers": ["openapi"],
        "roleName": "Openapi user group"
    },
    {
        "roleDescription": "Permission to query and modify all features except Security Manager",
        "isDefault": 0,
        "roleCreateTime": "2015-04-08 00:00:00",
        "roleAssociatedUsers": [],
        "roleName": "Operator"
    },
    {
        "roleDescription": "Permission User/Role Manager, Log Manager, etc.",
        "isDefault": 0,
        "roleCreateTime": "2015-04-08 00:00:00",
        "roleAssociatedUsers": [],
        "roleName": "Security"
    }],
    "description": "Operation success."
}

Create a Role

Function

This interface is used to create a role based on a role name.

This interface is used when synchronizing users, it is used to synchronize roles. To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/role

Access Method

PUT

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

roleName

Mandatory

Parameter list

String

Indicates the role names to be created.

NOTE:

A role name must meet the following requirements:

  • A role name contains 1 to 64 characters.
  • A role name must not contain the following special characters: #%&'+;<=>?".
  • A role name can contain spaces, however, cannot comprise only spaces.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

list

Here is null.

description

String

Indicates the description of the returned result.

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * Create a Role
 */
public class AddRole {
 private static final String SM_Role  = "/rest/openapi/role";

 public static void main(String[] args) throws Exception {
  Login.login();
  addRole();
 }

 public static void addRole() throws Exception {
  //set the URL and method
  String openidURL = SM_Role;
  String method = "PUT";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters =
  {
      new BasicNameValuePair("roleName", "role01")
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, 
    headers, parameters);
  //get the result
  String body = NewHttpsAccess.getResult(response);
  System.out.println(body);
 }
}

The returned result is as follows:

{ 
   "data":null,
   "description":"Operation success.",
   "code":0
}

Delete a Role

Function

This interface is used to delete a role based on a role name.

To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/role

Access Method

DELETE

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

roleName

Mandatory

Parameter list

String

Indicates the role names to be deleted.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

list

Here is null.

description

String

Indicates the description of the returned result.

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity; 

/**
 * Delete a Role
 */
public class DeleteRole {
 private static final String SM_Role  = "/rest/openapi/role";

 public static void main(String[] args) throws Exception {
  Login.login();
  deleteRole();
 }

 public static void deleteRole() throws Exception {
  //set the URL and method
  String openidURL = SM_Role;
  String method = "DELETE";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters =
  {
      new BasicNameValuePair("roleName", "role01")
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, 
    headers, parameters);
  //get the result
  String body = NewHttpsAccess.getResult(response);
  System.out.println(body);
 }
}

The returned result is as follows:

{ 
   "data":null,
   "description":"Operation success.",
   "code":0
}

Query the User List

Function

This interface is used to query the user list in the eSight system.

To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/user

Access Method

GET

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • Others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

List<Map<String, Object>>

Indicates the user information list.

description

String

Indicates the description of the returned result.

The object Map<String, Object> in field data contains the following information.

Field

Value Type

Description

userID

String

Indicates the user name.

userDescription

String

Indicates the user description.

userStatus

int

Indicates the user status. The options are as follows:

  • 1: enabled
  • 2: enabled but locked
  • 3: disabled but not locked
  • 4: disabled and locked

userCreateTime

String

Indicates the time when the user is created, which must be in the same time zone as the eSight server.

userAssociatedRoles

List<String>

Indicates the role name list associated with the user.

isDefault

int

Indicates whether the user is the default user in the eSight system. The options are as follows:

  • 0: no
  • 1: yes

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * query user list
 */
public class QueryUsers
{
    /**
     * Open API URI
     */
    private static final String QUERY_USERS_URI = "/rest/openapi/user";
    
    /**
     * main entry
     * 
     * @param args console arguments
     * @throws Exception exception
     */
    public static void main(String[] args) throws Exception
    {
        Login.login();
        queryUsers();
    }
    
    /**
     * query example
     * 
     * @throws Exception exception
     */
    public static void queryUsers() throws Exception
    {
        //set the URL and method
        String openidURI = QUERY_USERS_URI;
        String method = "GET";
        
        //set headers
        BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURI, method);
        //set parameters
        BasicNameValuePair[] parameters = null;

        //send the request
        HttpResponse response =
            NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURI, method, headers, parameters);
        
        //get the result
        String body = NewHttpsAccess.getResult(response);
        System.out.println(body);
    }
}

The returned result is as follows:

{
    "code": 0,
    "data": [{
        "userID": "admin",
        "isDefault": 1,
        "userAssociatedRoles": ["Administrators"],
        "userStatus": 1,
        "userDescription": "Administrator",
        "userCreateTime": "2015-04-08 10:29:12"
    },
    {
        "userID": "openapi",
        "isDefault": 0,
        "userAssociatedRoles": ["eSDK","Openapi user group"],
        "userStatus": 1,
        "userDescription": "",
        "userCreateTime": "2015-04-08 10:39:25"
    }],
    "description": "Operation success."
}

Synchronizing Users

Function

In SSO scenarios, the eSight functions as an SSO client and provides the interface for third-party systems. Third-party systems invoke the interface to obtain user names and store the information on the SSO client.

  • The user name and password used for verification during logins are stored on the SSO server.
  • After a third-party system invokes the interface to create a user on the SSO client, the user is used only for role allocation on the SSO client. The password for the user is randomly generated on the SSO client, and does not need to or cannot be changed.
  • To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/user

Access Method

PUT

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

userid

Mandatory

Parameter list

String

Indicates the user names to be synchronized.

NOTE:

A user id must meet the following requirements:

  • A user id contains 6 to 32 characters
  • A user id must not contain the following special characters: #%&'+/ ;<=>?\©®".

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

list

Here is null.

description

String

Indicates the description of the returned result.

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * Create a User
 */
public class AddUser {
 private static final String SM_USER  = "/rest/openapi/user";

 public static void main(String[] args) throws Exception {
  Login.login();
  addUser();
 }

 public static void addUser() throws Exception {
  //set the URL and method
  String openidURL = SM_USER;
  String method = "PUT";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters = {
     new BasicNameValuePair("userid", "user01")
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, 
    headers, parameters);
  //get the result
  String body = NewHttpsAccess.getResult(response);
  System.out.println(body);
 }
}

The returned result is as follows:

{ 
   "data":null,
   "description":"Operation success.",
   "code":0
}

Delete a User

Function

This interface is used to delete a user based on a user name.

To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/user

Access Method

DELETE

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

userid

Mandatory

Parameter list

String

Indicates the user names to be deleted.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

list

Here is null.

description

String

Indicates the description of the returned result.

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * Delete a User
 */
public class DeleteUser {
 private static final String SM_USER  = "/rest/openapi/user";

 public static void main(String[] args) throws Exception {
  Login.login();
  deleteUser();
 }

 public static void deleteUser() throws Exception {
  //set the URL and method
  String openidURL = SM_USER;
  String method = "DELETE";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters = {
     new BasicNameValuePair("userid", "user01")
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, 
    headers, parameters);
  //get the result
  String body = NewHttpsAccess.getResult(response);
  System.out.println(body);
 }
}

The returned result is as follows:

{ 
   "data":null,
   "description":"Operation success.",
   "code":0
}

Update User Role Relationships

Function

This interface is used to update user role relationships based on user names.

To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/user

Access Method

POST

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

userid

Mandatory

Parameter list

String

Indicates the user names.

roleName

Mandatory

Parameter list

String

Indicates the role names.

NOTE:

Separate role names by semicolons (;).

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

list

Here is null.

description

String

Indicates the description of the returned result.

Precautions

  • The update operation is successful only when all roles exist.
  • This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;


/**
 * Update User Role Relationships
 */
public class UpdateUserRoleRelation {
 private static final String SM_USER  = "/rest/openapi/user";

 public static void main(String[] args) throws Exception {
  Login.login();
  update();
 }

 public static void update() throws Exception {
  //set the URL and method
  String openidURL = SM_USER;
  String method = "POST";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters = {
     new BasicNameValuePair("userid", "user01"), 
     new BasicNameValuePair("roleName", "role01")
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, 
    headers, parameters);
  //get the result
  String body = NewHttpsAccess.getResult(response);
  System.out.println(body);
 }
}

The returned result is as follows:

{ 
   "data":null,
   "description":"Operation success.",
   "code":0
}

Query Audit Logs by Page

Function

This interface is used to query audit logs, including security logs, system logs, and operation logs by page based on log types, start time, and end time.

URI

/rest/openapi/omslogs

Access Method

GET

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

type

Optional

Parameter list

String

Indicates the type of the logs to be queried.

The options are as follows:

  • "securityLog": Security logs are queried.
  • "systemLog": System logs are queried.
  • "operationLog": Operation logs are queried.
  • "operationDetail": Operation log details are queried.
  • empty or others: All security logs, system logs, and operation logs are queried, excluding operation log details.

startTime

Optional

Parameter list

String

Indicates the start time (UTC time) of the logs to be queried. The time is accurate to seconds. By default, the start time is the current time of the day before.

NOTE:
  • The time format is a timestamp, for example, 1388978674469.
  • If startTime and endTime are not set, all logs are queried.
  • If startTime is set to null or invalid time, this filter criterion is not added.
  • The startTime must be earlier than endTime.

endTime

Optional

Parameter list

String

Indicates the end time (UTC time) of the logs to be queried. The time is accurate to seconds. By default, the end time is the current time.

NOTE:
  • The time format is a timestamp, for example, 1388978674469.
  • If startTime and endTime are not set, all logs are queried.
  • If endTime is set to null or invalid time, this filter criterion is not added.
  • The startTime must be earlier than endTime.

pageSize

Optional

Parameter list

int

Indicates the number of records on each page. The number ranges from 1 to 100 and the default value is 20.

NOTE:

If pageSize is less than 1 or more than 100, the default value is used.

pageNo

Optional

Parameter list

int

Indicates the page number for the page-based query. The number starts from 1 and the default value is 1.

NOTE:
  • If pageNo is less than 1, the default value is used.
  • When pageNo is greater than the total number of pages for the displayed records, the last page is displayed by default.

optSN

Optional

Parameter list

String

Indicates the serial number of the logs.

NOTE:

When type is operationDetail, optSN cannot be empty; When type is other values, optSN does not have an effect.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

List<AuditLogdapter>

Indicates the log record list.

description

String

Indicates the description of the returned result.

pageSize

int

Indicates the number of records of the current page.

totalPage

int

Indicates the total pages of records that meet search criteria.

currentPage

int

Indicate the current page, which starts from 1.

The object AuditLogdapter contains the following information.

Field

Value Type

Description

auditType

String

Indicates the type of the logs. The options are as follows:

  • "securityLog": Security logs
  • "systemLog": System logs
  • "operationLog": Operation logs

sn

int

Indicates the serial number of the logs.

baseInfo

String

Indicates the operation name of logs.

source

String

Indicates the log source.

dateTime

long

Indicates the time (UTC time) when an operation is performed. The time is accurate to milliseconds.

level

String

Indicates the log level. The options are as follows:

  • "WARNING": Warning
  • "MINOR": Minor
  • "RISK": Risk

targetObj

String

Indicates the operation object.

userId

String

Indicates the name of the user who performs the operation.

detail

String

Indicates the log details.

terminal

String

Indicates the client IP address which performs the operation.

result

String

Indicates the log result. The options are as follows:

  • "SUCCESSFUL": Success
  • "FAILURE": Failure
  • "POK": Partial Success

Precautions

If all types of audit logs are queried, the results are displayed by time and log type in the sequence of security logs, system logs, and operation logs.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * Query all Audit logs
 */
public class QueryLogs {
 private static final String SM_LOG = "/rest/openapi/omslogs";

 public static void main(String[] args) throws Exception {
  Login.login();
  GetLogTest();
 }

 public static void GetLogTest() throws Exception {
  //set the URL and method
  String openidURL = SM_LOG;
  String method = "GET";
  
  //set headers
  BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURL, method);
  //set parameters
  BasicNameValuePair[] parameters = {
     new BasicNameValuePair("type", ""), 
     new BasicNameValuePair("pageSize", "20")
  };
  
  //send the request
  HttpResponse response = NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURL, method, headers, parameters);
  //get the result
  String body = NewHttpsAccess.getResult(response);
  System.out.println(body);
 }
}

The returned result is as follows:

{
    "code":0,
    "data":
    [
        {
            "auditType":"securityLog",
            "sn":23,
            "baseInfo":"User logout",
            "source":"Security Management",
            "dateTime":1386674982205,
            "level":"MINOR",
            "targetObj":"LocalNMS",
            "userId":"admin",
            "detail":"User logout",
            "terminal":"10.66.98.118",
            "result":"SUCCESSFUL"
         }
    ],
    "description":"Get security log success.",
    "pageSize":20,
    "totalPage":1,
    "currentPage":1
}

Query the eSight System Information

Function

This interface is used to query the eSight system information, which applies to displaying basic NMS information and adapting interfaces when the eSight interworks with upper-level management systems.

URI

/rest/openapi/systemInfo

Access Method

GET

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • Others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

List<Map<String, Object>>

Indicates the system information list.

description

String

Indicates the description of the returned result.

The object Map<String, Object> in field data contains the following information.

Field

Value type

Description

systemID

String

Indicates the system ID.

systemName

String

Indicates the system name.

systemVersion

String

Indicates the system version number. You can set the location of the version file through platform.version-file in the ros.web.notification.xml file.

systemVendor

String

Indicates the system vendor. The value is fixed at Huawei.

systemOS

String

Indicates the operating system installed on the system server.

systemDB

String

Indicates the system database type.

systemUptime

String

Indicates the system running duration.

  • Only basic names of the operating system and database are displayed, and no detailed configuration information is displayed.
  • You can set the system ID by setting the platform.id parameter in the eSight installation directory/AppBase/etc/oms.ros/ros.web.notification.xml file. If the file does not exist, the default value HuaweiPlatform is used.
  • You can set the system name by setting the platform.name parameter in the eSight installation directory/AppBase/etc/oms.ros/ros.web.notification.xml file. If the file does not exist, the default value HuaweiPlatform is used.
  • You can set the system version number by setting the platform.version-file parameter in the eSight installation directory/AppBase/etc/oms.ros/ros.web.notification.xml file. If the file does not exist, the default value iEMP V100R002C30 is used.

Precautions

None

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity; 

/**
 * query system information
 */
public class QuerySystemInfo
{
    /**
     * Open API URI
     */
    private static final String QUERY_SYSTEM_INFO_URI = "/rest/openapi/systemInfo";
    
    /**
     * main entry
     * 
     * @param args console arguments
     * @throws Exception exception
     */
    public static void main(String[] args) throws Exception
    {
        Login.login();
        querySystemInfo();
    }
    
    /**
     * query example
     * 
     * @throws Exception exception
     */
    public static void querySystemInfo() throws Exception
    {
        //set the URL and method
        String openidURI = QUERY_SYSTEM_INFO_URI;
        String method = "GET";
        
        //set headers
        BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURI, method);
        //set parameters
        BasicNameValuePair[] parameters = null;

        //send the request
        HttpResponse response =
            NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURI, method, headers, parameters);
        
        //get the result
        String body = NewHttpsAccess.getResult(response);
        System.out.println(body);
    }
}

The returned result is as follows:

{
    "code": 0,
    "data": [{
        "systemOS": "Windows Server 2008 R2",
        "systemVersion": "eSight V100R002C30B040",
        "systemName": "HuaweiPlatform",
        "systemVendor": "Huawei",
        "systemID": "HuaweiPlatform",
        "systemDB": "mysq",
        "systemUptime": "0 Day(s) 00 Hour(s) 05 Minute(s) 38 Second(s)"
    }],
    "description": "Operation success."
}

Query All Role Names of the eSight

Function

This interface is used to query the role name list in the eSight system.

To invoke this interface, the OpenAPI user must have the User Management permission.

URI

/rest/openapi/role

Access Method

GET

Parameter Description

Parameter

Mandatory/Optional

Location

Value Type

Value Range

openid

Mandatory

Request message header

String

Indicates the session identifier. It is used for open API authentication.

NOTE:

A third-party invokes the login interface (section Log In to the eSight) for security management to obtain this parameter.

Result

Field

Value Type

Description

code

int

Indicates the code of the returned result. The options are as follows:

  • 0: successful
  • Others: failed. Code 1001 indicates that the license is invalid; code 1002 indicates that the license does not support the open API function; code 1204 indicates that authentication fails.

data

List<String>

Indicates the role names list.

description

String

Indicates the description of the returned result.

Precautions

This interface cannot be called in digest-based authentication.

Example

package com.huawei.nms.openapi.demo.sm;

import org.apache.http.HttpResponse;
import org.apache.http.message.BasicNameValuePair;

import com.huawei.nms.openapi.demo.global.GlobalVar;
import com.huawei.nms.openapi.demo.global.NewHttpsAccess;
import com.huawei.nms.openapi.demo.global.NewRosSecurity;

/**
 * query role list
 */
public class QueryRoles
{
    /**
     * Open API URI
     */
    private static final String QUERY_ROLES_URI = "/rest/openapi/role";
    
    public static void main(String[] args) throws Exception
    {
        Login.login();
        queryRoles();
    }
    
    public static void queryRoles() throws Exception
    {
        //set the URL and method
        String openidURI = QUERY_ROLES_URI;
        String method = "GET";
        
        //set headers
        BasicNameValuePair[] headers = NewRosSecurity.getRosHttpHeader(openidURI, method);
        //set parameters
        BasicNameValuePair[] parameters = null;

        //send the request
        HttpResponse response =
            NewHttpsAccess.access(GlobalVar.GLOBAL_IP, GlobalVar.GLOBAL_PORT, openidURI, method, headers, parameters);
        
        //get the result
        String body = NewHttpsAccess.getResult(response);
        System.out.println(body);
    }
}

The returned result is as follows:

{
    "code" : 0,
    "data" : [{
        "roleCreateTime" : "2018-03-20 14:42:50",
        "isDefault" : 1,
        "roleName" : "Administrators",
        "roleAssociatedUsers" : ["admin", "OpenAPIUser"],
        "roleDescription" : "Administrator role a"
     }],
     "description" : "Operation success."
}
Translation
Download
Updated: 2019-10-30

Document ID: EDOC1100044386

Views: 15583

Downloads: 83

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next