The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "AAI guide for VO managers"
m |
m |
||
| Line 23: | Line 23: | ||
<pre> | <pre> | ||
curl -vX POST https://aai.egi | curl -vX POST https://aai.egi.eu/api/v1/VoMembers \ | ||
--user "example-client":"veryverysecret" \ | --user "example-client":"veryverysecret" \ | ||
--data @add.json \ | --data @add.json \ | ||
| Line 53: | Line 53: | ||
<pre> | <pre> | ||
curl -vX GET https://aai.egi | curl -vX GET https://aai.egi.eu/api/v1/VoMembers/01234567890123456789@egi.eu \ | ||
--user "example-client":"veryverysecret" | --user "example-client":"veryverysecret" | ||
| Line 64: | Line 64: | ||
<pre> | <pre> | ||
curl -vX PUT https://aai.egi | curl -vX PUT https://aai.egi.eu/api/v1/VoMembers \ | ||
--user "example-client":"veryverysecret" \ | --user "example-client":"veryverysecret" \ | ||
--data @update.json \ | --data @update.json \ | ||
Revision as of 16:39, 1 November 2018
Overview
This wiki page contains information about using the EGI AAI Check-in service to manage Virtual Organisations (VOs).
VO membership API
Check-in provide a REST API that allows clients to manage membership information only for the VOs they are authoritative for.
Features:
- Members of the VO are identified via their EGI Check-in ePUID
- Membership can be limited to a specified period
- Different membership status values are supported, namely
"Active,Expired,Deleted - Check-in automatically changes the membership status from
ActivetoExpiredbeyond the validity period
Authentication
The REST client is authenticated via username/password credentials transmitted over HTTPS using the Basic Authentication scheme. More sophisticated authentication mechanisms, such as OpenID Connect/OAuth 2.0 access tokens, may be supported in the future.
Methods
1. Adding a user to a VO requires specifying the user’s EGI Check-in ePUID, the name of the VO (e.g. vo.access.egi.eu in the case of LToS), the status (Active) and the valid from/through dates. All these parameters are mandatory. Here is an example using curl (see example add.json file below):
curl -vX POST https://aai.egi.eu/api/v1/VoMembers \ --user "example-client":"veryverysecret" \ --data @add.json \ --header "Content-Type: application/json"
File: add.json
{
"RequestType": "VoMembers",
"Version": "1.0",
"VoMembers": [
{
"Version": "1.0",
"VoId": "vo.access.egi.eu",
"Person": {
"Type": "CO",
"Id": “01234567890123456789@egi.eu"
},
"Status": "Active",
"ValidFrom": "2017-05-21",
"ValidThrough": "2017-06-21”
}
]
}
2. Retrieving the VO membership information for a given EGI Check-in ePUID:
curl -vX GET https://aai.egi.eu/api/v1/VoMembers/01234567890123456789@egi.eu \
--user "example-client":"veryverysecret"
{"id":85,"epuid":"01234567890123456789@egi.eu","vo_id":"vo.access.egi.eu","valid_from":"2017-05-20T22:00:00.000Z","valid_through":"2017-06-21T22:00:00.000Z","status":"Active"}
Beyond the valid_through date, the status will be automatically changed to Expired. So, when querying for VO membership information, it’s important to check that the status is actually set to Active for each of the identified VOs (see the vo_id attribute)
3. Updating existing VO membership record:
curl -vX PUT https://aai.egi.eu/api/v1/VoMembers \ --user "example-client":"veryverysecret" \ --data @update.json \ --header "Content-Type: application/json"
The request body is the same as the one used for adding new members but update requires using PUT instead of POST.
4. Removing VO member:
Same as the update but requires setting the membership status to Deleted