controllers.active_directory_controller module¶
-
class
controllers.active_directory_controller.ActiveDirectoryController(config=None, client=None, call_back=None)[source]¶ Bases:
cohesity_management_sdk.controllers.base_controller.BaseControllerA Controller to access Endpoints in the cohesity_management_sdk API.
-
add_active_directory_principals(body=None)[source]¶ Does a POST request to /public/activeDirectory/principals.
After a group or user has been added to a Cohesity Cluster, the referenced Active Directory principal can be used by the Cohesity Cluster. In addition, this operation maps Cohesity roles with a group or user and this mapping defines the privileges allowed on the Cohesity Cluster for the group or user. For example if an ‘management’ group is created on the Cohesity Cluster for the Active Directory ‘management’ principal group and is associated with the Cohesity ‘View’ role, all users in the referenced Active Directory ‘management’ principal group can log in to the Cohesity Dashboard but will only have view-only privileges. These users cannot create new Protection Jobs, Policies, Views, etc. NOTE: Local Cohesity users and groups cannot be created by this operation. Local Cohesity users or groups do not have an associated Active Directory principals and are created directly in the default LOCAL domain.
- Args:
- body (list of ActiveDirectoryPrincipalsAddParameters, optional):
Request to add groups or users to the Cohesity Cluster.
- Returns:
- list of AddedActiveDirectoryPrincipal: Response from the API.
Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
create_active_directory_entry(body)[source]¶ Does a POST request to /public/activeDirectory.
After a Cohesity Cluster has been joined to an Active Directory domain, the users and groups in the domain can be authenticated on the Cohesity Cluster using their Active Directory credentials.
- Args:
- body (CreateActiveDirectoryEntryParams): Request to join an Active
Directory.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
create_enable_trusted_domain_discovery(body, name)[source]¶ Does a POST request to /public/activeDirectory/{name}/enableTrustedDomainState.
Updates the states of trusted domains discovery.
- Args:
- body (UpdateTrustedDomainEnableParams): Request to update enable
trusted domains state of an Active Directory.
name (string): Specifies the Active Directory Domain Name.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
delete_active_directory_entry(body)[source]¶ Does a DELETE request to /public/activeDirectory.
Deletes the join of the Cohesity Cluster to the specified Active Directory domain. After the deletion, the Cohesity Cluster no longer has access to the principals on the Active Directory. For example, you can no longer log in to the Cohesity Cluster with a user defined in a principal group of the Active Directory domain.
- Args:
- body (ActiveDirectoryEntry): Request to delete a join with an
Active Directory.
- Returns:
void: Response from the API. No Content
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
get_active_directory_domain_controllers(domain_name=None)[source]¶ Does a GET request to /public/activeDirectory/domainControllers.
List the domain controllers for a domain.
- Args:
domain_name (string, optional): Specifies the domain name
- Returns:
DomainControllers: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
get_active_directory_entry(domains=None, tenant_ids=None, all_under_hierarchy=None)[source]¶ Does a GET request to /public/activeDirectory.
After a Cohesity Cluster has been joined to an Active Directory domain, the users and groups in the domain can be authenticated on the Cohesity Cluster using their Active Directory credentials. NOTE: The userName and password fields are not populated by this operation.
- Args:
- domains (list of string, optional): Specifies the domains to fetch
active directory entries.
- tenant_ids (list of string, optional): TenantIds contains ids of
the tenants for which objects are to be returned.
- all_under_hierarchy (bool, optional): AllUnderHierarchy specifies
if objects of all the tenants under the hierarchy of the logged in user’s organization should be returned.
- Returns:
list of ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
list_centrify_zones(domain_name=None)[source]¶ Does a GET request to /public/activeDirectory/centrifyZones.
Fetches the list centrify zones of an active directory domain.
- Args:
- domain_name (string, optional): Specifies the fully qualified
domain name (FQDN) of an Active Directory.
- Returns:
list of ListCentrifyZone: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
search_active_directory_principals(domain=None, object_class=None, search=None, sids=None, include_computers=None)[source]¶ Does a GET request to /public/activeDirectory/principals.
Optionally limit the search results by specifying security identifiers (SIDs), an object class (user or group) or a substring. You can specify SIDs or a substring but not both.
- Args:
- domain (string, optional): Specifies the domain name of the
principals to search. If specified the principals in that domain are searched. Domain could be an Active Directory domain joined by the Cluster or any one of the trusted domains of the Active Directory domain or the LOCAL domain. If not specified, all the domains are searched.
- object_class (ObjectClassSearchActiveDirectoryPrincipalsEnum,
optional): Optionally filter by a principal object class such as ‘kGroup’ or ‘kUser’. If ‘kGroup’ is specified, only group principals are returned. If ‘kUser’ is specified, only user principals are returned. If not specified, both group and user principals are returned. ‘kUser’ specifies a user object class. ‘kGroup’ specifies a group object class. ‘kComputer’ specifies a computer object class. ‘kWellKnownPrincipal’ specifies a well known principal.
- search (string, optional): Optionally filter by matching a
substring. Only principals in the with a name or sAMAccountName that matches part or all of the specified substring are returned. If specified, a ‘sids’ parameter should not be specified.
- sids (list of string, optional): Optionally filter by a list of
security identifiers (SIDs) found in the specified domain. Only principals matching the specified SIDs are returned. If specified, a ‘search’ parameter should not be specified.
- include_computers (bool, optional): Specifies if Computer/GMSA
accounts need to be included in this search.
- Returns:
list of ActiveDirectoryPrincipal: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
update_active_directory_id_mapping(body, name)[source]¶ Does a PUT request to /public/activeDirectory/{name}/idMappingInfo.
Updates the user id mapping info of an Active Directory.
- Args:
- body (IdMappingInfo): Request to update user id mapping of an
Active Directory.
name (string): Specifies the Active Directory Domain Name.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
update_active_directory_ignored_trusted_domains(body, name)[source]¶ Does a PUT request to /public/activeDirectory/{name}/ignoredTrustedDomains.
Updates the list of trusted domains to be ignored during trusted domain discovery of an Active Directory.
- Args:
- body (UpdateIgnoredTrustedDomainsParams): Request to update the
list of ignored trusted domains of an AD.
name (string): Specifies the Active Directory Domain Name.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
update_active_directory_ldap_provider(body, name)[source]¶ Does a PUT request to /public/activeDirectory/{name}/ldapProvider.
Updates the LDAP provide Id for an Active Directory domain.
- Args:
- body (UpdateLdapProviderParams): Request to update the LDAP
provider info.
name (string): Specifies the Active Directory Domain Name.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
update_active_directory_machine_accounts(body, name)[source]¶ Does a POST request to /public/activeDirectory/{name}/machineAccounts.
Updates the machine accounts of an Active Directory.
- Args:
- body (UpdateMachineAccountsParams): Request to update machine
accounts of an Active Directory.
name (string): Specifies the Active Directory Domain Name.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-
update_preferred_domain_controllers(body, name)[source]¶ Does a PUT request to /public/activeDirectory/{name}/preferredDomainControllers.
Updates the preferred domain controllers of an Active Directory
- Args:
- body (list of PreferredDomainController): Request to update
preferred domain controllers of an Active Directory.
name (string): Specifies the Active Directory Domain Name.
- Returns:
ActiveDirectoryEntry: Response from the API. Success
- Raises:
- APIException: When an error occurs while fetching the data from
the remote API. This exception includes the HTTP Response code, an error message, and the HTTP body that was received in the request.
-