Versions Compared

Old Version 7

changes.mady.by.user Krisztian Papp

Saved on

compared with

New Version 8

changes.mady.by.user Krisztian Papp

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status
colourGreen
titleAVAILABLE IN 9.8.0 AND LATER

Table of Contents

In a VFC system numerous entities exist containing credential type data. The endpoints covered in this articles allow to change the credentials programmatically. With the following functionality custom integrator application can be implemented to rotate passwords of the different entities from a common password vault solution. With this approach the common technical account password leakage or sharing can be prevented. This article introduces how these credentials can be managed via the v1 REST API.

...

The server configurations are stored in two location in the system: in a central database that allows to manage and review them via the user interface; and in every server’s registry that allows the local services to read them. The current configuration values can be retrieved from both location. A server configuration change in both approach require the following steps:

...

The following sections different use case examples demonstrates the usage of the server configuration related endpoints.

Use case: Individual server configuration modification

Due to the server configurations are stored in two different location: central database and registry valuesStep 1: change the configuration

Firstly, the current configuration values can be retrieved from both location.value can be retrieved by the server hostname (“verbamr01") and URL encoded registry path (“%5CVerba%5CEmail%20Settings%5CTLSKeyPass") with the next request:

Code Block
GET https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configuration?settingPath=%5CVerba%5CEmail%20Settings%5CTLSKeyPass&source=REGISTRY

If the value should be encrypted, like in this case, the new value should be encrypt with the following request:

Request:

Code Block
POST /verba/restapi/v1/encodePassword

new plain password

Response:

Code Block
NEW ENCRYPTED PASSWORD

This new value can be used to update the the configuration in the local database.

Code Block
PUT https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configuration?settingPath=%5CVerba%5CEmail%20Settings%5CTLSKeyPass

NEW ENCRYPTED PASSWORD

Step 2: resolve the difference between central database and local registry

Retrieve the list of the differences in the certain server.

Request:

Code Block
GET https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configurationDifferences

Response:

Code Block
{
  "differences": [
    {
      "path": "\\Verba\\Email Settings\\TLSKeyPass",
      "valueRegistry": "old encrypted password",
      "valueDb": "NEW ENCRYPTED PASSWORD",
      "serverCustom": false
    },
    {
      "path": "\\Verba\\Email Settings\\TLSCert",
      "valueRegistry": "foo",
      "valueDb": "",
      "serverCustom": false
    }
  ]
}

Based on the retrieved information the differences must be resolved by items with a decision about which data source contains the correct values. For the resolution a list has to be sent with the correct data sources.

Request:

Code Block
POST https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configurationDifferences
Content-Type: application/json

{
  "resolutions": [
    {
      "path": "\\Verba\\Email Settings\\TLSKeyPass",
      "correctSource": "DATABASE"
    },
    {
      "path": "\\Verba\\Email Settings\\TLSCert",
      "correctSource": "REGISTRY"
    }
  ]
}

Response:

Code Block
"differences": []

If there is no more differences in the configuration an empty list should retrieved. Other case the resolution must continue. During this step configuration tasks have been created for the server.

Step 3: applying the configuration changes on the server

With the following request the created configuration tasks can be listed.

Code Block
GET https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configurationTasks

If there is any item in the retrieved list, then those tasks have to be applied on that server. The actual application is done by the following request:

Code Block
POST https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configurationTasks

Use case: Multiple server configuration modification with configuration profile

The steps and the basic strategy is the same as the previous use case example. The only main difference is that while in the last example on configuration was only associated with one server, then in this example multiple servers can be affected the by the change.

The current configuration profile values can be retrieved similar to the server configuration values by the registry path, but here the ID of the configuration profile is needed:

Code Block
GET https://VFC_MR_DOMAIN/verba/restapi/v1/configurationProfiles/2/configuration?settingPath=%5CVerba%5CEmail%20Settings%5CTLSKeyPass

If the value should be encrypted then the encrypted value must be prepared. The configuration change can be done with the next request:

Code Block
PUT https://VFC_MR_DOMAIN/verba/restapi/v1/configurationProfiles/1/configuration?settingPath=%5CVerba%5CEmail%20Settings%5CTLSKeyPass

NEW ENCRYPTED PASSWORD

After one change every server is affected that uses the changed configuration profile. Due to that the necessary configuration tasks have been created by the system for every related server. In the case of configuration profile there is no need to resolve differences. The following request retrieves the list of the created configuration tasks for every server.

Request:

Code Block
GET https://VFC_MR_DOMAIN/verba/restapi/v1/configurationTasks

Response:

Code Block
{
  "list": [
      {
        "action": "send_config",
        "service": "",
        "server": "verbamr01",
        "configurationChanges": [
          {
            "name": "\\Verba\\Email Settings\\TLSKeyPass",
            "value": "*********"
          }
        ]
      },
      {
        "action": "restart",
        "service": "VerbaWebApp",
        "server": "verbamr01",
        "configurationChanges": null
      },
      {
        "action": "send_config",
        "service": "",
        "server": "verbamr02",
        "configurationChanges": [
          {
            "name": "\\Verba\\Email Settings\\TLSKeyPass",
            "value": "*********"
          }
        ]
      },
      {
        "action": "restart",
        "service": "VerbaWebApp",
        "server": "verbamr02",
        "configurationChanges": null
      }
  ]
}

From the retrieved list of tasks a unique server host name set should be collected (multiple tasks can exists for one server). Based on that unique set the configuration task application must be executed with the following requests on every affected server:

Code Block
POST https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr01/configurationTasks
Code Block
POST https://VFC_MR_DOMAIN/verba/restapi/v1/servers/verbamr02/configurationTasks

Use case: