Contributor IIIHi,
For onboarding a serous amount of new customers I would like to create a universal credential with the API.
I am not able to find some documentation what to use for the payload.
I have tried with the API browser in SL1 to post an update on an existing credential resulting in an error : "x-em7-status-message":"credential could not be updated".
Any suggestion how to overcome this issue?
Thanks in advance.
Alfred Heijkoop
ModeratorHello Alfred,
you raise an interesting point on how to automated the creation of universal credentials. In the short term, I have listed some sample GQL for you. We have also started working on adding a new section to the documentation for Universal Credentials titled 'How to' or 'Sample use cases', where we will provide more guidance on how to automate and integrate with universal credentials.
We see this as a four step process:
Step 1: From the UI, look for a universal crential like the one you want to create from GQL (there is no RestAPI option).
Step 2: Run this GQL query to list all universal credentials
query MyQuery {
credentialField(subType: "aws assume role", type: UNIVERSAL) {
subType
type
definition
}
}
Look for your target credential and pick out the field definitions that will look something like this..
"fields": [ { "propName": "AwsAccessKeyId", "displayName": "AWS Access Key ID", "helperText": "20 characters, upper case only.", "description": "Your AWS access key.", "type": "string", "defaultValue": "", "validationExpression": "(?<![A-Z0-9])[A-Z0-9]{20}(?![A-Z0-9])", "required": true },
Step 3: Create a list of key:value pairs for the filed and parameters you need to change for your new credential
Step 4: Run this GQL mutation to
mutation createCredential($name: String!, $type: CredentialType!, $subType: String, $definition: JSON, $allOrgs: Boolean, $alignedOrganizations: [ID], $timeout: Int) { createCredential( name: $name type: $type subType: $subType timeout: $timeout definition: $definition allOrganizations: $allOrgs alignedOrganizations: $alignedOrganizations ) { guid id } } { "alignedOrganizations": [ 1, 0 ], "allOrgs": false, "definition": "{\"AwsAccessKeyId\":\"ASDFASDFASDFASDFASDF\",\"AwsSecretAccessKey\":\"ASDFASDFASDFASDFASDFASDFASDFASDFASDFASDF\",\"AwsEndpoint\":\"https://organizations.us-east-1.amazonaws.com\",\"Config\":\"\",\"ProxyHost\":\"\",\"ProxyPort\":\"\",\"ProxyUser\":\"\",\"ProxyPasswd\":\"\",\"Regions\":\"ALL\",\"AssumeRole\":\"Sciencelogic-Monitor\",\"AssumeRoleSession\":\"SL1\",\"OrganizationCreation\":\"NAME:ID\",\"Tags\":\"\",\"ProxyProtocol\":\"https\",\"SL1APISSLVerify\":true}", "name": "example credential variables", "subType": "aws assume role", "timeout": 1500, "type": "UNIVERSAL" }
Sorry the formatting and alignment was lost, Paste the code into the GQL interface a click on 'prettify'
Contributor IIIAdditional: the credentials are needed for the Meraki API.
ExpertIf you're saying you want to create a lot of Credentials of the same type..
what I have done in the past.. easiest and quickest way i found..
1.create 1 dummy cred in SL of the type you want.
2. Create a csv file with your new cred details, Name, user, pass
3. Script this:
get your dummy cred from API
EG:
https://SLserver.com/api/credential/powershell/233
loop through the csv, and amend payload from the get request, and change the fields with that of the csv, and then do a post with the amended payload.
