Download OpenAPI specification:Download
This is an OpenAPI specification of ceod, the CSC Electronic Office daemon. Visit the git repository for more details.
Many endpoints return a "streaming response", which consists of a series of JSON objects, one per line (the mimetype is text/plain). For example:
{"status": "in progress", "operation": "replace_login_shell"}
{"status": "in progress", "operation": "replace_forwarding_addresses"}
{"status": "completed", "result": "OK"}
Whenever an operation is completed, a corresponding JSON object will be streamed from the server to the client. This allows the client to track the server's progress in real time.
ceod uses SPNEGO-based authentication over HTTP, as specified in RFC 4559. It is basically a base64-encoded Kerberos ticket wrapped in a HTTP header. For endpoints which make modifications to LDAP, the Delegate flag must also be set.
For example, with cURL:
kinit
curl --negotiate -u : --service-name ceod --delegation always -X POST -d '{"terms":["w2022"]}' https://phosphoric-acid.csclub.uwaterloo.ca/api/members/ctdalek/renew
Security Scheme Type | HTTP |
---|---|
HTTP Authorization Scheme | negotiate |
Creates a new member or club rep. If terms
is specified, a member is created; if non_member_terms
is specified, a club rep is created.
uid | string (UID) Username |
cn | string (UserCN) Full name |
sn | string (UserSN) Last name |
given_name | string (UserGivenName) First name |
program | string (Program) Academic program |
terms | Array of strings (Terms) Terms for which this user was a member |
non_member_terms | Array of strings (NonMemberTerms) Terms for which this user was a club rep |
forwarding_addresses | Array of strings <email> (ForwardingAddresses) Forwarding addresses in ~/.forward |
{- "uid": "ctdalek",
- "cn": "Calum Dalek",
- "sn": "Dalek",
- "given_name": "Calum",
- "program": "MAT/Mathematics Computer Science",
- "terms": [
- "f2021"
], - "non_member_terms": [
- "f2021"
], - "forwarding_addresses": [
- "ctdalek@uwaterloo.ca"
]
}
{"status": "in progress", "operation": "add_user_to_ldap"} {"status": "in progress", "operation": "add_group_to_ldap"} {"status": "in progress", "operation": "add_user_to_kerberos"} {"status": "in progress", "operation": "create_home_dir"} {"status": "in progress", "operation": "send_welcome_message"} {"status": "in progress", "operation": "subscribe_to_mailing_list"} {"status": "in progress", "operation": "announce_new_user"} {"status": "completed", "result": {"cn": "Calum Dalek", "given_name": "Calum", "sn": "Dalek", "uid": "ctdalek", "uid_number": 20001, "gid_number": 20001, "login_shell": "/bin/bash", "home_directory": "/users/ctdalek", "is_club": false, "program": "MAT/Mathematics Computer Science", "terms": ["f2021"], "forwarding_addresses": ["ctdalek@uwaterloo.ca"], "password": "Wlw1wOTofERTEBlXWzR6/MZL"}}
Returns information about a member or club rep. The forwarding_addresses
field will only be present if the client is an authenticated syscom member.
username required | string username of the user to return |
{- "cn": "Calum Dalek",
- "sn": "Dalek",
- "given_name": "Calum",
- "uid": "ctdalek",
- "uid_number": 20001,
- "gid_number": 20001,
- "home_directory": "/users/ctdalek",
- "is_club": false,
- "login_shell": "/bin/bash",
- "program": "MAT/Mathematics Computer Science",
- "positions": [
- "president"
], - "terms": [
- "f2021"
], - "non_member_terms": [
- "f2021"
], - "forwarding_addresses": [
- "ctdalek@uwaterloo.ca"
]
}
Replace the login shell and/or forwarding addresses of a user
username required | string username of the user to modify |
login_shell | string (LoginShell) Login shell |
forwarding_addresses | Array of strings <email> (ForwardingAddresses) Forwarding addresses in ~/.forward |
{- "login_shell": "/bin/bash",
- "forwarding_addresses": [
- "ctdalek@uwaterloo.ca"
]
}
{"status": "in progress", "operation": "replace_login_shell"} {"status": "in progress", "operation": "replace_forwarding_addresses"} {"status": "completed", "result": "OK"}
Add member or non-member terms to a user
username required | string username of the user to renew |
terms | Array of strings (Term) Terms for which this user will be a member |
{- "terms": [
- "f2021"
]
}
{- "terms_added": [
- "f2021"
]
}
Sets a user's password to a randomly generated string, and returns it. The user will be prompted to set a new password on their next login.
username required | string username of the user whose password will be reset |
{- "password": "EPGbJwLl1pmiWz8Wvu/MSs+v"
}
Creates a new Unix group for a club. A new Unix user account with the same name will also be created. A sudo role will be created allowing members of the group to become this user.
cn | string (GroupCN) the name of the group |
description | string (GroupDescription) a description of the group |
{- "cn": "uwclub1",
- "description": "Club One"
}
{"status": "in progress", "operation": "add_user_to_ldap"} {"status": "in progress", "operation": "add_group_to_ldap"} {"status": "in progress", "operation": "add_sudo_role"} {"status": "in progress", "operation": "create_home_dir"} {"status": "completed", "result": {"cn": "uwclub1", "gid_number": 30001, "description": "Club One", "members": []}}
Adds a member to a group. The member will also be added to any auxiliary groups specified in ceod.conf. The member may also be added to auxiliary mailing lists.
group_name required | string name of the group to which the member will be added |
username required | string username of the member who will be added to the group |
subscribe_to_lists | boolean Default: true whether the member should be subscribed to auxiliary mailing lists |
{"status": "in progress", "operation": "add_user_to_group"} {"status": "in progress", "operation": "add_user_to_auxiliary_groups"} {"status": "in progress", "operation": "subscribe_user_to_auxiliary_mailing_lists"} {"status": "completed", "result": {"added_to_groups": ["group2","group3"], "subscribed_to_lists": ["list1","list2"]}}
Removes a member from a group. The member will also be removed from any auxiliary groups specified in ceod.conf. The member may also be removed from auxiliary mailing lists.
group_name required | string name of the group from which the member will be removed |
username required | string username of the member who will be removed from the group |
unsubscribe_from_lists | boolean Default: true whether the member should be unsubscribed from auxiliary mailing lists |
{"status": "in progress", "operation": "remove_user_from_group"} {"status": "in progress", "operation": "remove_user_from_auxiliary_groups"} {"status": "in progress", "operation": "unsubscribe_user_from_auxiliary_mailing_lists"} {"status": "completed", "result": {"removed_from_groups": ["group2","group3"], "unsubscribed_from_lists": ["list1","list2"]}}
Subscribes a user to a mailing list.
mailing_list required | string The name of the list to which the user will be subscribed. If there is no '@' symbol, then '@csclub.uwaterloo.ca' will be appended to the list name. |
username required | string The user who will be subscribed to the list. If there is no '@' symbol, then '@csclub.uwaterloo.ca' will be appended to he username; otherwise, the given email address will be subscribed. |
{- "result": "OK"
}
Unsubscribes a user from a mailing list.
mailing_list required | string The name of the list from which the user will be unsubscribed. If there is no '@' symbol, then '@csclub.uwaterloo.ca' will be appended to the list name. |
username required | string The user who will be unsubscribed from the list. If there is no '@' symbol, then '@csclub.uwaterloo.ca' will be appended to he username; otherwise, the given email address will be unsubscribed. |
{- "result": "OK"
}
Returns information about a user from the UW LDAP directory.
username required | string username of the user to return |
{- "uid": "ctdalek",
- "cn": "Calum Dalek",
- "given_name": "Calum",
- "sn": "Dalek",
- "mail_local_addresses": [
- "ctdalek@uwaterloo.ca"
]
}
Sync the 'program' attribute in the CSC LDAP with the UW LDAP. The JSON request body may be omitted.
dry_run | boolean Default: false Whether to perform a dry run or not. If true, a list of members who would have been changed is returned. |
members | Array of strings (UID) Default: [] If non-empty, only these members will be synced with UWLDAP |
{- "members": [ ]
}
[- [
- "ctdalek",
- "old_program",
- "new_program"
]
]
Reset the password for a user's PostgreSQL database
username required | string name of the user to reset the PostgreSQL database password for |
{- "password": "CdPHT49iYAWzzKuhKTt2dNeu"
}
Delete the cloud accounts of expired members.
There is a one-month grace period after the expiration. After one month, expired members will be sent an email warning them that their account will be deleted. One week after that, if an expired member has still not renewed their membership, their account will be deleted.
{- "accounts_to_be_deleted": [
- "string"
], - "accounts_deleted": [
- "string"
]
}
Add a new virtual host configuration.
domain required | string domain name of the virtual host |
ip_address | string IP address of the virtual host |
{- "ip_address": "172.19.134.11"
}
{- "status": "OK"
}
Create a Kubernetes namespace for the calling user. A new kubeconfig file will be returned. If the namespace already exists, the certificate inside the kubeconfig will be renewed.
{- "status": "OK",
- "kubeconfig": "string"
}
Update members for each positions. Members not specified in the parameters will be removed from the position and unsubscribed from the exec's mailing list. New position holders will be subscribed to the mailing list.
New position holders
property name* | string |
{- "president": "user0",
- "vice-president": "user1",
- "sysadmin": "user2",
- "treasurer": null
}
{"status": "in progress", "operation": "update_positions_ldap"} {"status": "in progress", "operation": "update_exec_group_ldap"} {"status": "in progress", "operation": "subscribe_to_mailing_list"} {"status": "completed", "result": "OK"}