This functionality was first introduced in the Hillary release series. The specific methods described on this page work with Hillary R2 and later releases.
Prior to Hillary R1, the locations/target configuration could be created and edited via the iQSonar user interface, or optionally by uploading a CSV file. The facility to modify (add and remove) target configurations via the RestAPI was initially introduced in Hillary R1 and further refined in Hillary R2. At the time of writing, the facility to modify credentials is still restricted to CSV import or manual editing via the User Interface
Instructions
Target configuration via the RestAPI relies on data stored in the JSON file format, rather than CSV files. The data stored in the file is the same, but the format of the file is quite different. To edit a JSON file and text editor can be used (for example Notepad) but an editor specifically designed for use by Programmers (for example Notepad++) would be preferred.
The file is uploaded to the server using the HTTP POST method (not a GET method) http://<youriqsonarinstance>/api/v1/targets where the body of the request contains the JSON data.
The response will contain a message containing the status of the request and a request_id to allow the user to monitor the request status - a large set of locations may take some time to be stored in the database.
This response will contain a message indicating the status of request. You can then query http://youriqsonarinstance/api/v1/targets/poststatus/{request_id}/ to see the result of your request.
Error rendering macro 'code': Invalid value specified for parameter 'firstline'{ "message": "Completed", "details": "", "request_id": "1" }
Status Message | Description |
---|---|
Queued | The RestAPI Request is queued |
Processing | The RestAPI Request is being processed |
Completed | The RestAPI Request has been successfully processed |
Error | There was a fatal error processing the RestAPI Request |
Invalid Request ID | The request_id is invalid. |
JSON Data file format
A tutorial on how to create JSON data files is beyond the scope of this article. For a full description of the JSON data format see the wikipedia page or the JSON.org website. Users are expected to be familiar with this format before using the RestAPI to configure iQSonar. In many cases it may be easier to configure the Locations using a CSV import or the manual method if the JSON data is not being generated programatically.
The JSON data file should contain the fields "Name" (the value MUST be "LOCATION TARGET"), "Version" (the value MUST BE "1.3")and "Locations", where the Locations field contains an array of locations.
{ "Name":"LOCATION TARGET", "Version":"1.3", "Locations": [ { "comment": "Array of locations belongs here" } ] }
Each Location should contain the following fields:
Field | Description | Can be empty? | Example or Possible Values |
---|---|---|---|
LocationPath | Name of the location. Sub-locations seperated by the pipe symbol "|" | NO | Sample|Node Sample|Node2|Leaf1 Sample|Node2|Leaf2 |
Target | What category of target is this (Either Application or Device) | NO | Device Application |
Type | What sub-type of target is this (What type of Device, or Which Application) | NO | See the list of valid target types |
Name | The name of the location (This is a freeform text field) | NO | Main Lab QA Lab My Test Location |
Instance Name | The name of the database instance | YES | For scanning database application targets |
Hostname | The host name for hostname targets | YES | vm-test.localdomain www.myserver.example.com vm-myserver |
StartIP | The Start IP Address - use this for Application targets, Single, Range and Subnet targets | YES | 10.0.0.1 |
EndIP | The End IP Address - use this for Range targets only | YES | 10.0.0.99 |
SubnetMask | The netmask - as a number not as a dotted quad - use for Subnet targets only | YES | Use "24" not "255.255.255.0" "0" can be used for an empty target |
Port | The port on which to scan, for Application Targets only | YES | E.g. an SQL Server is usually on port 1433 but can be set to an arbitrary number. |
Exclusion | Whether this is a target exclusion. Use to exclude IP addresses from a larger list | YES | Valid values are "True" or "False". Empty implies False |
The list of valid Device Target types is:
- "Hostname" (contains the hostname of a device),
- "Range" (contains an ip address range defined by a Start IP address and an End IP address)
- "Subnet" (contains an IP Address subnet, defined by a Start IP address and a netmask)
- "Single" (contains a single IP Address)
The list of valid Application Target types is:
- "vCenter" (a VMware vCenter application)
- "Informix" (an Informix database application target)
- "Oracle Database Server"
- "SQL Server" (A Microsoft SQL Server application target)
An application target is used when we need to scan an application on a non-standard port, or when we need to scan an application if we cannot scan the underlying OS on the target.
Sample JSON data file
How to invoke the command
For any non-trivial estate size, you will want to store the JSON as a file rather than trying to put the data on the command line. Save the JSON data file, either editing it manually or generating it from a data source. For these examples, we store the data in a file in the current directory called file.json
Call the RestAPI using cURL
Note: the encoded username and password pair in the CURL call corresponds to the login 'admin' and password 'password' which are the default iQSonar credentials you are forced to change on when you log in the first time.
curl --data "@file.json" \ -H 'Authorization: Basic YWRtaW46cGFzc3dvcmQ=' \ -H "Content-Type: application/json" \ -X 'POST' 'http://youriqsonarserver/api/v1/targets'
Call the RestAPI using Powershell
$cred = Get-Credential $body = Get-Content file.json $url = 'http://youriqsonarserver/api/v1/targets' Invoke-RestMethod -Method POST -ContentType 'application/json' -Credential $cred -Body $body -Uri $url
Related articles