Solved: add ad groups in bulk

jordan_rose · ‎01 Nov 2022

Hi All, looking for some help on how to add several groups for authentication.

I see the cluster v1 api endpoint that seems to allow to post groups in bulk, but I cannot find any documentation on this. Cluster API v1 > User Groups > /groups/bulk (post). This gives a sample payload but it is not very helpful. Is there doc on this so I can learn how to form the payload? Do I add the groups and assign permissions in the same call? Has any one else used this?

Thanks,

Jordan

dannemca · ‎01 Nov 2022

Hi @jordan_rose , good day.

did you check for this doc already? https://api.dynatrace.com/spec/#/Group%20management/GroupsController_createGroups

You can GET a current group that has the permissions you need to get its id, then use a new GET to the group permissions using this id, and use its response as model in your POST request.

example:

curl --location --request GET 'https://api.dynatrace.com/iam/v1/accounts/your-tenant-id/groups' \
--header 'Authorization: Bearer yourtoken' \
--header 'Content-Type: application/json'

result is:

{
    "count": 2290,
    "items": [
        {
            "uuid": "95ce21f2-ec05-4470-9c2e-23b5b446fda7",
            "name": "Account viewer",
            "owner": "SAML",
            "description": null,
            "federatedAttributeValues": [
                "cn=CIO_Dyna_AccView"
            ],
            "hidden": false,
            "createdAt": "2019-09-26T17:42:47Z",
            "updatedAt": "2021-09-21T11:36:00Z"
        },
        {
            "uuid": "81d47053-bcf9-48b4-a831-f9f188e7a62c",
            "name": "Monitoring admin",
            "owner": "SAML",
            "description": null,
            "federatedAttributeValues": [
                "cn=CIO_Dyna_MonAdmin"
            ],
            "hidden": false,
            "createdAt": "2019-09-26T17:42:47Z",
            "updatedAt": "2021-09-21T11:37:46Z"
        },
...
}

using the group id to get the permissions:

curl --location --request GET 'https://api.dynatrace.com/iam/v1/accounts/your-tenant-id/groups/95ce21f2-ec05-4470-9c2e-23b5b446fda7/permissions' \
--header 'Authorization: Bearer yourtoken' \
--header 'Content-Type: application/json'

result is:

{
    "uuid": "95ce21f2-ec05-4470-9c2e-23b5b446fda7",
    "name": "Account viewer",
    "owner": "SAML",
    "description": null,
    "federatedAttributeValues": [
        "cn=CIO_Dyna_AccView"
    ],
    "hidden": false,
    "createdAt": "2019-09-26T17:42:47Z",
    "updatedAt": "2021-09-21T11:36:00Z",
    "permissions": [
        {
            "permissionName": "account-viewer",
            "scope": "your-tenant-id",
            "scopeType": "account",
            "createdAt": "2022-04-04T18:48:26Z",
            "updatedAt": "2022-04-04T18:48:26Z"
        },
        {
            "permissionName": "tenant-viewer",
            "scope": "your-tenant",
            "scopeType": "tenant",
            "createdAt": "2022-04-04T18:48:26Z",
            "updatedAt": "2022-04-04T18:48:26Z"
        },
        {
            "permissionName": "tenant-replay-sessions-with-masking",
            "scope": "your-tenant",
            "scopeType": "tenant",
            "createdAt": "2022-04-04T18:48:26Z",
            "updatedAt": "2022-04-04T18:48:26Z"
        }
    ]
}

then you can use it as model to create a new group and set its permission

Let me know if that helps.

Site Reliability Engineer @ Kyndryl

jordan_rose · ‎02 Nov 2022

This helped me figure it out.

Thanks for the reply!