×
![]()
Back to Opsview FAQ
Internal documentation only
This page has been marked as draft.
Rest API Read Only
Related to Copied
Manage what users would be able to access from the command line with ./opsview_rest
Problem Copied
Some Opsview users might still be unaware that roles can be applied for Opsview Rest API.
Possible cause(s) Copied
- Several users have access to execute Opsview Rest API commands
- View-only monitoring configuration - GET
- Avoid unauthorized configuration changes - POST, PUT, and DELETE
Possible solution(s) Copied
Opsview UI Copied
The Opsview article for Roles is also applied to Rest API since opsview_rest can be used to manage Web-related contents.
- Create a role with READ-ONLY permissions for Rest API users
- Configuration tab: ensure corresponding Configuration Access including objects from Host Groups and Monitoring Clusters objects are ticked
- Look for keywords like ‘view’ and ‘access’
Command Line Interface (CLI) Copied
After setting the above READ-ONLY role from the Opsview UI, the following examples below can be used to test API requests and responses.
- GET - obtain configuration info
~]# /opt/opsview/coreutils/bin/opsview_rest --token-file /var/tmp/api-user-token.txt --pretty GET config/host/2
{
object => {
.......................................................................................
name => "omcloud-cs-testbed-ew2-collector-1",
notification_options => "u,d,r,f",
notification_period => { name => "24x7", ref => "/rest/config/timeperiod/1" },
other_addresses => "",
parents => [{ name => "opsview", ref => "/rest/config/host/1" }],
rancid_autoenable => 0,
rancid_connection_type => "ssh",
rancid_username => undef,
rancid_vendor => undef,
retry_check_interval => 60,
servicechecks => [
{
event_handler => undef,
exception => "-H \$HOSTADDRESS\$ -c check_load -a '-r -w 5,5,5 -c 9,9,9' -C '%NRPE_CERTIFICATES:1%' -k '%NRPE_CERTIFICATES:2%' -r '%NRPE_CERTIFICATES:3%' -y '%NRPE_CIPHERS:1%'",
name => "Unix Load Average",
ref => "/rest/config/servicecheck/1235",
remove_servicecheck => 0,
timed_exception => undef,
},
],
................... other sensitive information removed .................................
},
}
## Reload info
bin]# ./opsview_rest --token-file /var/tmp/api-user-token.txt --pretty GET /rest/reload
{
auditlog_entries => 0,
average_duration => 10,
configuration_status => "uptodate",
lastupdated => 1760356786,
messages => [],
server_status => 0,
}
- POST - apply configuration changes via reload denied
bin]# ./opsview_rest --token-file /var/tmp/api-user-token.txt --pretty POST /rest/reload
{ message => "Access denied" }
- PUT - test updating notes to a host
## Tried to GET and add notes with READ-ONLY role
~]# /opt/opsview/coreutils/bin/opsview_rest --token-file /var/tmp/api-user-token.txt --pretty --data-format=json GET /rest/notes/host?hostname=opsview
{
"id" : "1",
"note" : "",
"writeable" : "0"
}
~]# /opt/opsview/coreutils/bin/opsview_rest --token-file /var/tmp/api-user-token.txt --pretty --data-format=json PUT /rest/notes/host?hostname=opsview --data='{ "note" : "" }'
{
"message" : "You do not have permission to do this"
}
Error PUTing https://localhost/rest/notes/host?hostname=opsview: Forbidden at /opt/opsview/perl/lib/perl5/WWW/Mechanize.pm line 1992.
## Added host notes below using a user with ADMIN role
~]# /opt/opsview/coreutils/bin/opsview_rest --token-file /var/tmp/admintoken.txt --pretty PUT /rest/notes/host/2 --data='{ "note" : "New host note 0838PST" }'
{
"id" : "2",
"note" : "New host note 0838PST",
"writeable" : "1"
}
| Note: the writeable value for notes created by user with ADMIN role above is set to 1 while 0 for READ-ONLY user |
- DELETE - removing downtime configuration
### Tested via Downtime: /rest/downtime
## Using READ-ONLY role user token
~]# /opt/opsview/coreutils/bin/opsview_rest --token-file /var/tmp/api0511.txt --pretty \
> DELETE downtime"?only_objects_set=1&hostname=opsview"
{ message => "Access denied" }
Error DELETEing https://localhost/rest/downtime?only_objects_set=1&hostname=opsview: Forbidden at /opt/opsview/perl/lib/perl5/WWW/Mechanize.pm line 1992.
## The same command using ADMIN user token
~]# /opt/opsview/coreutils/bin/opsview_rest --token-file /var/tmp/admin0511.txt --pretty DELET
E downtime"?only_objects_set=1&hostname=opsview"
{
list => {
hostgroups => [],
hosts => [{ hostname => "opsview", id => 4 }],
services => [
{
........................... other sensitive information removed .......................................
summary => { num_hostgroups => 0, num_hosts => 1, num_services => 169 },
}
~]#
| Note: errors shall contain ‘access denied’ and/or ‘permission’ related messages |
Related article(s) Copied
- REST API Introduction
- How can I get support from ITRS and what level of service can I expect? – Support - ITRS Group
- Opsview 6.x Release Notes, Supported operating systems, Support policy, Upgrade Notes
["Geneos"]
["FAQ"]