cancel
Showing results for 
Search instead for 
Did you mean: 

icontrol - list remote roles from f5 device

T5C
Altostratus
Altostratus

Hello 

I would like to create several remote role groups on few devices using script so i decided to take a look on icontrol rest api.  I got authentication token and then tried to list "remote role groups" using:

curl -sk https://ip_mgmt_f5/mgmt/tm/auth/remote-role -H "X-F5-Auth-Token: Generated_Token"

In the output there's  no created earlier "remote role groups" from GUI (System/Users/remote role groups"

(version 14.1.4.4)

Maybe icontrol api is not fully implemented regarding remote roles ?

Best Regards

T.

 

1 REPLY 1

JRahm
Community Manager
Community Manager

Great question! The interface you are looking for is: /mtmt/tm/auth/remote-role/role-info. Here's an example:

curl -X POST \
  'https://ltm3.test.local/mgmt/tm/auth/remote-role/role-info' \
  --header 'Accept: */*' \
  --header 'User-Agent: Thunder Client (https://www.thunderclient.io)' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Basic YWRtaW46YWRtaW4=' \
  -d '{"name": "ops", "attribute": "F5-LTM-User-Info-1=ops", "console": "%F5-LTM-User-Console", "lineOrder": 3, "role": "%F5-LTM-User-Role", "userPartition": "%F5-LTM-User-Partition"}'

And a get returns my other 2 roles in addition to this newly created one:

curl -X GET \
  'https://ltm3.test.local/mgmt/tm/auth/remote-role/role-info' \
  --header 'Accept: */*' \
  --header 'User-Agent: Thunder Client (https://www.thunderclient.io)' \
  --header 'Content-Type: application/json' \
  --header 'Authorization: Basic YWRtaW46YWRtaW4='

Response:

{
  "kind": "tm:auth:remote-role:role-info:role-infocollectionstate",
  "selfLink": "https://localhost/mgmt/tm/auth/remote-role/role-info?ver=15.1.2.1",
  "items": [
    {
      "kind": "tm:auth:remote-role:role-info:role-infostate",
      "name": "/Common/adm",
      "fullPath": "/Common/adm",
      "generation": 0,
      "selfLink": "https://localhost/mgmt/tm/auth/remote-role/role-info/~Common~adm?ver=15.1.2.1",
      "attribute": "F5-LTM-User-Info-1=adm",
      "console": "%F5-LTM-User-Console",
      "deny": "disabled",
      "lineOrder": 1,
      "role": "%F5-LTM-User-Role",
      "userPartition": "%F5-LTM-User-Partition",
      "userPartitionReference": {
        "link": "https://localhost/mgmt/tm/auth/partition/%25F5-LTM-User-Partition?ver=15.1.2.1"
      }
    },
    {
      "kind": "tm:auth:remote-role:role-info:role-infostate",
      "name": "/Common/appEd",
      "fullPath": "/Common/appEd",
      "generation": 0,
      "selfLink": "https://localhost/mgmt/tm/auth/remote-role/role-info/~Common~appEd?ver=15.1.2.1",
      "attribute": "F5-LTM-User-Info-1=appEd",
      "console": "%F5-LTM-User-Console",
      "deny": "disabled",
      "lineOrder": 2,
      "role": "%F5-LTM-User-Role",
      "userPartition": "%F5-LTM-User-Partition",
      "userPartitionReference": {
        "link": "https://localhost/mgmt/tm/auth/partition/%25F5-LTM-User-Partition?ver=15.1.2.1"
      }
    },
    {
      "kind": "tm:auth:remote-role:role-info:role-infostate",
      "name": "/Common/ops",
      "fullPath": "/Common/ops",
      "generation": 0,
      "selfLink": "https://localhost/mgmt/tm/auth/remote-role/role-info/~Common~ops?ver=15.1.2.1",
      "attribute": "F5-LTM-User-Info-1=ops",
      "console": "%F5-LTM-User-Console",
      "deny": "disabled",
      "lineOrder": 3,
      "role": "%F5-LTM-User-Role",
      "userPartition": "%F5-LTM-User-Partition",
      "userPartitionReference": {
        "link": "https://localhost/mgmt/tm/auth/partition/%25F5-LTM-User-Partition?ver=15.1.2.1"
      }
    }
  ]
}