|
|
| (63 intermediate revisions by 4 users not shown) |
| Line 1: |
Line 1: |
| {{TOC_right}} | | {{TOC_right}} |
|
| |
|
| = Overview =
| | The documentation has moved to https://docs.egi.eu/users/aai/check-in/vos/. |
| | |
| This wiki page contains information about using the [[AAI|EGI AAI Check-in service]] to manage Virtual Organisations (VOs).
| |
| | |
| = VO membership API =
| |
| | |
| Check-in provide a REST API that allows clients to manage membership information only for the VOs they are authoritative for.
| |
| | |
| Features:
| |
| * Members of the VO are identified via their EGI Check-in ePUID
| |
| * Membership can be limited to a specified period
| |
| * Different membership status values are supported, namely <code>"Active</code>, <code>Expired</code>, <code>Deleted</code>
| |
| * Check-in automatically changes the membership status from <code>Active</code> to <code>Expired</code> beyond the validity period
| |
| | |
| == Authentication ==
| |
| The REST client is authenticated via username/password credentials transmitted over HTTPS using the Basic Authentication scheme. More sophisticated authentication mechanisms, such as OpenID Connect/OAuth 2.0 access tokens, may be supported in the future. | |
| | |
| == Methods ==
| |
| | |
| 1. Adding a user to a VO requires specifying the user’s EGI Check-in ePUID, the name of the VO (e.g. <code>vo.access.egi.eu</code> in the case of LToS), the status (<code>Active</code>) and the valid from/through dates. All these parameters are mandatory. Here is an example using curl (see example <code>add.json</code> file below):
| |
| | |
| <pre>
| |
| curl -vX POST https://aai.egi.eu/api/v1/VoMembers \
| |
| --user "example-client":"veryverysecret" \
| |
| --data @add.json \
| |
| --header "Content-Type: application/json"
| |
| </pre>
| |
| | |
| File: <code>add.json</code>
| |
| <pre>
| |
| {
| |
| "RequestType": "VoMembers",
| |
| "Version": "1.0",
| |
| "VoMembers": [
| |
| {
| |
| "Version": "1.0",
| |
| "VoId": "vo.access.egi.eu",
| |
| "Person": {
| |
| "Type": "CO",
| |
| "Id": “01234567890123456789@egi.eu"
| |
| },
| |
| "Status": "Active",
| |
| "ValidFrom": "2017-05-21",
| |
| "ValidThrough": "2017-06-21”
| |
| }
| |
| ]
| |
| }
| |
| </pre>
| |
| | |
| 2. Retrieving the VO membership information for a given EGI Check-in ePUID:
| |
| | |
| <pre>
| |
| curl -vX GET https://aai.egi.eu/api/v1/VoMembers/01234567890123456789@egi.eu \
| |
| --user "example-client":"veryverysecret"
| |
| | |
| {"id":85,"epuid":"01234567890123456789@egi.eu","vo_id":"vo.access.egi.eu","valid_from":"2017-05-20T22:00:00.000Z","valid_through":"2017-06-21T22:00:00.000Z","status":"Active"}
| |
| </pre>
| |
| | |
| Beyond the valid_through date, the status will be automatically changed to <code>Expired</code>. So, when querying for VO membership information, it’s important to check that the status is actually set to <code>Active</code> for each of the identified VOs (see the <code>vo_id</code> attribute)
| |
| | |
| 3. Updating existing VO membership record:
| |
| | |
| <pre>
| |
| curl -vX PUT https://aai.egi.eu/api/v1/VoMembers \
| |
| --user "example-client":"veryverysecret" \
| |
| --data @update.json \
| |
| --header "Content-Type: application/json"
| |
| </pre>
| |
| | |
| The request body is the same as the one used for adding new members but update requires using <code>PUT</code> instead of <code>POST</code>.
| |
| | |
| 4. Removing VO member:
| |
| | |
| Same as the update but requires setting the membership status to <code>Deleted</code>
| |
The wiki is deprecated and due to be decommissioned by the end of September 2022.