Projects

An OPA Project is a collection of Resources that share settings.

See Projects.

List all Projects in a Resource Group

Lists all Projects in the specified Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects
Request samples
Response samples
application/json
{
  • "list": [
    • {
      }
    ]
}

Create a Project in a Resource Group

Creates a Project in the specified Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

Request Body schema: application/json
active_resource_count
integer <int32>

The number of active resources within this project

create_server_users
boolean or null

Whether to create Server Users for Users in this Project. Defaults to false. If false, you must ensure that accounts exist on the Server for each User.

force_shared_ssh_users
boolean

Whether to force the project to use a shared SSH account

gateway_selector
string

A comma separated list of labels used to match to enrolled Gateways. Labels should use the following format: key=value

name
required
string <regex> [ 1 .. 255 ] characters ^[\w\-_.]+$

The name of the Project

next_unix_gid
integer or null <int32> [ 100 .. 65535 ]

The GID used when creating a Server User

next_unix_uid
integer or null <int32> [ 100 .. 65535 ]

The UID used when creating a Server User

persistent_server_user_accounts
boolean or null
Default: null

If true, creates persistent user accounts and home folders on Servers in this Project for every user on your Team. By default, on-demand accounts are only created when a user accesses a Server.

require_preauth_for_creds
boolean or null

If true, the Project requires preauthorization before a User can access a Server. Default is false.

resource_group_id
string

The UUID of the Resource Group where the Project is located

server_account_management
boolean

Whether to manage existing local accounts on the server

shared_admin_user_name
string

The shared username to use for root accounts

shared_standard_user_name
string

The shared username to use for non-root accounts

ssh_certificate_type
string or null (SSHCertificateType)

(Optional) The type of signature algorithm used for authentication keys. Default is CERT_TYPE_ED25519_01.

Enum: "CERT_TYPE_ECDSA_256_01" "CERT_TYPE_ECDSA_384_01" "CERT_TYPE_ECDSA_521_01" "CERT_TYPE_ED25519_01" "CERT_TYPE_RSA_01" "CERT_TYPE_RSA_SHA2_256_01" "CERT_TYPE_RSA_SHA2_512_01"
stale_resource_count
integer <int32>

The number of stale resources within this project

Responses
201

Created

post/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects
Request samples
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0
}
Response samples
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "id": "/regex/",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0,
  • "team": "Your_OPA_Team",
  • "user_on_demand_period": 4294967295
}

Retrieve a Project from a Resource Group

Retrieves a Project from a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}
Request samples
Response samples
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "id": "/regex/",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0,
  • "team": "Your_OPA_Team",
  • "user_on_demand_period": 4294967295
}

Update a Project in a Resource Group

Updates a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Request Body schema: application/json
active_resource_count
integer <int32>

The number of active resources within this project

create_server_users
boolean or null

Whether to create Server Users for Users in this Project. Defaults to false. If false, you must ensure that accounts exist on the Server for each User.

force_shared_ssh_users
boolean

Whether to force the project to use a shared SSH account

gateway_selector
string

A comma separated list of labels used to match to enrolled Gateways. Labels should use the following format: key=value

name
required
string <regex> [ 1 .. 255 ] characters ^[\w\-_.]+$

The name of the Project

next_unix_gid
integer or null <int32> [ 100 .. 65535 ]

The GID used when creating a Server User

next_unix_uid
integer or null <int32> [ 100 .. 65535 ]

The UID used when creating a Server User

persistent_server_user_accounts
boolean or null
Default: null

If true, creates persistent user accounts and home folders on Servers in this Project for every user on your Team. By default, on-demand accounts are only created when a user accesses a Server.

require_preauth_for_creds
boolean or null

If true, the Project requires preauthorization before a User can access a Server. Default is false.

resource_group_id
string

The UUID of the Resource Group where the Project is located

server_account_management
boolean

Whether to manage existing local accounts on the server

shared_admin_user_name
string

The shared username to use for root accounts

shared_standard_user_name
string

The shared username to use for non-root accounts

ssh_certificate_type
string or null (SSHCertificateType)

(Optional) The type of signature algorithm used for authentication keys. Default is CERT_TYPE_ED25519_01.

Enum: "CERT_TYPE_ECDSA_256_01" "CERT_TYPE_ECDSA_384_01" "CERT_TYPE_ECDSA_521_01" "CERT_TYPE_ED25519_01" "CERT_TYPE_RSA_01" "CERT_TYPE_RSA_SHA2_256_01" "CERT_TYPE_RSA_SHA2_512_01"
stale_resource_count
integer <int32>

The number of stale resources within this project

Responses
200

OK

put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}
Request samples
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0
}
Response samples
application/json
{
  • "active_resource_count": 50,
  • "create_server_users": true,
  • "deleted_at": "2019-08-24T14:15:22Z",
  • "force_shared_ssh_users": true,
  • "gateway_selector": "REGION=WEST-EU,TEAM=MARKETING",
  • "id": "/regex/",
  • "name": "/regex/",
  • "next_unix_gid": 100,
  • "next_unix_uid": 100,
  • "persistent_server_user_accounts": null,
  • "require_preauth_for_creds": true,
  • "resource_group_id": "5f3159e9-e7ab-428e-8a87-c2ebffe407f6",
  • "server_account_management": true,
  • "shared_admin_user_name": "Server.Admin",
  • "shared_standard_user_name": "Server.User",
  • "ssh_certificate_type": "CERT_TYPE_ECDSA_256_01",
  • "stale_resource_count": 0,
  • "team": "Your_OPA_Team",
  • "user_on_demand_period": 4294967295
}

Delete a Project from a Resource Group

Deletes a Project from a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Responses
204

No Content

delete/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}
Request samples

List all Server Accounts in a Project

Lists all Server Accounts in a Resource Group Project

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_accounts
Request samples
Response samples
application/json
{
  • "list": [
    • {
      }
    ]
}

Retrieve a Server Account

Retrieves a Server Account from a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

server_account_id
required
string

The UUID of a Server Account

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_accounts/{server_account_id}
Request samples
Response samples
application/json
{
  • "items": {
    • "created_at": "2019-08-24T14:15:22Z",
    • "deleted_at": "2019-08-24T14:15:22Z",
    • "hostname": "string",
    • "id": "string",
    • "last_password_change_error_metadata": "string",
    • "last_password_change_error_report_timestamp": "2019-08-24T14:15:22Z",
    • "last_password_change_error_system_timestamp": "2019-08-24T14:15:22Z",
    • "last_password_change_error_type": "string",
    • "last_password_change_success_report_timestamp": "2019-08-24T14:15:22Z",
    • "last_password_change_system_timestamp": "2019-08-24T14:15:22Z",
    • "login": "string",
    • "managed": true,
    • "project_id": "string",
    • "server_id": "string",
    • "team_id": "string"
    }
}

List all Server Enrollment Tokens in a Project

Lists all Server Enrollment Tokens in a Resource Group Project

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens
Request samples
Response samples
application/json
{
  • "list": [
    • {
      }
    ]
}

Create a Server Enrollment Token

Creates a Server Enrollment Token for a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Request Body schema: application/json
description
required
string [ 1 .. 512 ] characters

A human-readable description of the purpose of this Server Enrollment Token

Responses
201

Created

post/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens
Request samples
application/json
{
  • "description": "string"
}
Response samples
application/json
{
  • "created_by_user": "string",
  • "description": "string",
  • "id": "/regex/",
  • "issued_at": "2019-08-24T14:15:22Z",
  • "token": {
    • "property1": "string",
    • "property2": "string"
    }
}

Retrieve a Server Enrollment Token

Retrieves a Server Enrollment Token from a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

server_enrollment_token_id
required
string

The UUID of a Server Enrollment Token

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens/{server_enrollment_token_id}
Request samples
Response samples
application/json
{
  • "created_by_user": "string",
  • "description": "string",
  • "id": "/regex/",
  • "issued_at": "2019-08-24T14:15:22Z",
  • "token": {
    • "property1": "string",
    • "property2": "string"
    }
}

Delete a Server Enrollment Token

Deletes a Server Enrollment Token from a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

server_enrollment_token_id
required
string

The UUID of a Server Enrollment Token

Responses
204

No Content

delete/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_enrollment_tokens/{server_enrollment_token_id}
Request samples

Retrieve Project Password Policy for Server Accounts

Retrieves a Password Policy for a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_password_settings
Request samples
Response samples
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "managed_privileged_accounts_config": [
    • "string"
    ],
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "modified_at": "2019-08-24T14:15:22Z",
  • "periodic_rotation_duration_in_seconds": 0
}

Update Project Password Policy for Server Accounts

Updates a Password Policy for a Project in a Resource Group

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

Request Body schema: application/json
required
object

The specific characters rules required by the Password Policy

upper_case
boolean

If true, passwords can include one or more uppercase characters

lower_case
boolean

If true, passwords can include one or more lowercase characters

digits
boolean

If true, passwords can include one or more numbers

punctuation
boolean

If true, passwords can include one or more symbols.

require_from_each_set
boolean

If true, passwords must contain at least one character from each set selected above.

enable_periodic_rotation
required
boolean

If true, rotates account passwords after a period of time has passed. You must also set the periodic_rotation_duration_in_seconds param.

managed_privileged_accounts_config
Array of strings

An array of managed accounts for password rotation

max_length_in_bytes
required
integer

The maximum length allowed for the password

min_length_in_bytes
required
integer

The minimum length allowed for the password

periodic_rotation_duration_in_seconds
integer

If enable_periodic_rotation is enabled, specifies how often the OPA platform rotates account passwords.

Responses
200

OK

put/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/server_password_settings
Request samples
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "managed_privileged_accounts_config": [
    • "string"
    ],
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "periodic_rotation_duration_in_seconds": 0
}
Response samples
application/json
{
  • "character_options": {
    • "upper_case": true,
    • "lower_case": true,
    • "digits": true,
    • "punctuation": true,
    • "require_from_each_set": true
    },
  • "enable_periodic_rotation": true,
  • "managed_privileged_accounts_config": [
    • "string"
    ],
  • "max_length_in_bytes": 0,
  • "min_length_in_bytes": 0,
  • "modified_at": "2019-08-24T14:15:22Z",
  • "periodic_rotation_duration_in_seconds": 0
}

List all Server Accounts for a Server

Lists all Server Accounts for a Server in a Project

This endpoint requires one of the following roles: resource_admin, delegated_resource_admin.

SecuritybearerAuth
Request
path Parameters
team_name
required
string

The name of your Team

resource_group_id
required
string

The UUID of a Resource Group

project_id
required
string

The UUID of a Project

server_id
required
string

The UUID of an enrolled Server

Responses
200

OK

get/v1/teams/{team_name}/resource_groups/{resource_group_id}/projects/{project_id}/servers/{server_id}/server_accounts
Request samples
Response samples
application/json
{
  • "list": [
    • {
      }
    ]
}