NOTE: Be careful in granting permissions to non-readonly identity group endpoints. If a user can modify group membership, they can add their entity to a group with higher privileges.
Create a group
This endpoint creates or updates a Group.
Parameters
name
(string: entity-<UUID>)
– Name of the group. If set (and ID is not set), updates the corresponding existing group.
id
(string: <optional>)
- ID of the group. If set, updates the corresponding existing group.
type
(string: "internal")
- Type of the group, internal
or external
. Defaults to internal
.
metadata
(key-value-map: {})
– Metadata to be associated with the group.
policies
(list of strings: [])
– Policies to be tied to the group.
member_group_ids
(list of strings: [])
- Group IDs to be assigned as group members.
member_entity_ids
(list of strings: [])
- Entity IDs to be assigned as group members.
Sample payload
Copy {
"metadata" : {
"hello" : "world"
} ,
"policies" : [ "grouppolicy1" , "grouppolicy2" ]
}
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/group
Sample response
Copy {
"data" : {
"id" : "363926d8-dd8b-c9f0-21f8-7b248be80ce1" ,
"name" : "group_ab813d63"
}
}
Read group by ID
This endpoint queries the group by its identifier.
Parameters
id
(string: <required>)
– Identifier of the group.
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
Sample response
Copy {
"data" : {
"alias" : {} ,
"creation_time" : "2017-11-13T19:36:47.102945Z" ,
"id" : "363926d8-dd8b-c9f0-21f8-7b248be80ce1" ,
"last_update_time" : "2017-11-13T19:36:47.102945Z" ,
"member_entity_ids" : [] ,
"member_group_ids" : null ,
"metadata" : {
"hello" : "world"
} ,
"modify_index" : 1 ,
"name" : "group_ab813d63" ,
"policies" : [ "grouppolicy1" , "grouppolicy2" ] ,
"type" : "internal"
}
}
Update group by ID
This endpoint is used to update an existing group.
Parameters
id
(string: <required>)
– Identifier of the entity.
name
(string: entity-<UUID>)
– Name of the group.
type
(string: "internal")
- Type of the group, internal
or external
. Defaults to internal
.
metadata
(key-value-map: {})
– Metadata to be associated with the group.
policies
(list of strings: [])
– Policies to be tied to the group.
member_group_ids
(list of strings: [])
- Group IDs to be assigned as group members.
member_entity_ids
(list of strings: [])
- Entity IDs to be assigned as group members.
Sample payload
Copy {
"name" : "testgroupname" ,
"metadata" : {
"hello" : "everyone"
} ,
"policies" : [ "grouppolicy2" , "grouppolicy3" ]
}
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
Sample response
Copy {
"data" : {
"id" : "363926d8-dd8b-c9f0-21f8-7b248be80ce1" ,
"name" : "testgroupname"
}
}
Delete group by ID
This endpoint deletes a group.
Parameters
id
(string: <required>)
– Identifier of the group.
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/group/id/363926d8-dd8b-c9f0-21f8-7b248be80ce1
List groups by ID
This endpoint returns a list of available groups by their identifiers.
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/group/id
Sample response
Copy {
"data" : {
"keys" : [
"052567cf-1580-6f20-50c8-d38bc46dae6e" ,
"26da8035-6691-b89e-67ac-ebf9ea7f9893" ,
"363926d8-dd8b-c9f0-21f8-7b248be80ce1" ,
"5c4a5720-7408-c113-1dcc-9ede725d0ac8" ,
"d55e0f34-5c16-38ae-87af-324c9b656c43" ,
"e4e56e04-0dec-9b68-9b20-a450975d898e"
]
}
}
Create/Update group by name
This endpoint is used to create or update a group by its name.
Parameters
name
(string: entity-<UUID>)
– Name of the group.
type
(string: "internal")
- Type of the group, internal
or external
. Defaults to internal
.
metadata
(key-value-map: {})
– Metadata to be associated with the group.
policies
(list of strings: [])
– Policies to be tied to the group.
member_group_ids
(list of strings: [])
- Group IDs to be assigned as group members.
member_entity_ids
(list of strings: [])
- Entity IDs to be assigned as group members.
Sample payload
Copy {
"metadata" : {
"hello" : "everyone"
} ,
"policies" : [ "grouppolicy2" , "grouppolicy3" ]
}
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request POST \
--data @payload.json \
http://127.0.0.1:8200/v1/identity/group/name/testgroupname
Sample response
Copy {
"request_id" : "b98b4a3d-a9f1-e151-11e1-ad91cfb08351" ,
"lease_id" : "" ,
"lease_duration" : 0 ,
"renewable" : false ,
"data" : {
"id" : "5a3a04a0-0c3a-a4c3-74e8-26b1adbeaece" ,
"name" : "testgroupname"
} ,
"warnings" : null
}
Read group by name
This endpoint queries the group by its name.
Parameters
name
(string: <required>)
– Name of the group.
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
http://127.0.0.1:8200/v1/identity/group/name/testgroupname
Sample response
Copy {
"data" : {
"alias" : {} ,
"creation_time" : "2018-09-19T22:02:04.395128091Z" ,
"id" : "5a3a04a0-0c3a-a4c3-74e8-26b1adbeaece" ,
"last_update_time" : "2018-09-19T22:02:04.395128091Z" ,
"member_entity_ids" : [] ,
"member_group_ids" : null ,
"metadata" : {
"foo" : "bar"
} ,
"modify_index" : 1 ,
"name" : "testgroupname" ,
"parent_group_ids" : null ,
"policies" : [ "grouppolicy1" , "grouppolicy2" ] ,
"type" : "internal"
}
}
Delete group by name
This endpoint deletes a group, given its name.
Parameters
name
(string: <required>)
– Name of the group.
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request DELETE \
http://127.0.0.1:8200/v1/identity/group/name/testgroupname
List groups by name
This endpoint returns a list of available groups by their names.
Sample request
Copy $ curl \
--header "X-Vault-Token: ..." \
--request LIST \
http://127.0.0.1:8200/v1/identity/group/name
Sample response
Copy {
"data" : {
"keys" : [ "testgroupname" ]
}
}