Grant remote access permission

Published Feb 12, 2020

This API call grants remote access permission to a specific user. You can specify the user role, duration, and reason for remote access request. The request consumes and produces an application/json payload.

Authentication

To execute this request, you need one of the following API-Token scopes:

Cluster token management (ClusterTokenManagement)
Service Provider API (ServiceProviderAPI )
Nodekeeper access for node management (Nodekeeper)
To learn how to obtain and use it, see Cluster API - Authentication.

Endpoint

/api/cluster/v2/remoteaccess/requests

Parameters

Parameter	Type	Description	In	Required
body	CreateAccessRequestDto	The JSON body of the request, containing parameters of access request.	body	optional

Request body objects

The `CreateAccessRequestDto` object

Access request data - format used to create a request

Element	Type	Description	Required
userId	string	User id	optional
reason	string	Request reason description	optional
requestedDays	integer	For how many days access is requested	optional
role	string	Requested role `devops-admin` `devops-user` `devops-viewer`	optional

Request body JSON model

This is a model of the request body, showing the possible elements. It has to be adjusted for usage in an actual request.

{
  "userId": "string",
  "reason": "string",
  "requestedDays": 1,
  "role": "devops-admin"
}

Response

Response codes

Code	Type	Description
201	AccessRequestData	Successfully created
400	-	Invalid parameters
403	-	Approving remote access request is disabled
500	-	Operation failed
513	-	Mission Control is unavailable

Response body objects

The `AccessRequestData` object

Access Request data

Element	Type	Description
requestId	string	Request id
userId	string	User id
reason	string	Request reason description
requestedDays	integer	For how many days access is requested
role	string	Requested role `devops-admin` `devops-user` `devops-viewer`
createdTimestamp	integer	Access request created at (timestamp)
expirationTimestamp	integer	Access expires at (timestamp)
state	string	Access request state `ACCEPTED` `EXPIRED` `PENDING` `REJECTED`
stateModifiedByUser	string	Access request state was modified by user

Response body JSON model

{
  "requestId": "string",
  "userId": "string",
  "reason": "string",
  "requestedDays": 1,
  "role": "devops-admin",
  "createdTimestamp": 1,
  "expirationTimestamp": 1,
  "state": "ACCEPTED",
  "stateModifiedByUser": "string"
}

Example

In this example, you grant the user john.smith@dynatrace.com a remote cluster permission with an admin role for 7 days.

Curl

curl -X POST "https://myManaged.cluster.com/api/cluster/v2/remoteaccess/requests"
          -H  "accept: application/json"
      -H  "Content-Type: */*"
      -d "{\"userId\":\"john.smith@dynatrace.com\",\"reason\":\"SUP-123456 Verifying cluster state after upgrade\",\"requestedDays\":7,\"role\":\"devops-admin\"}"

Request URL

https://myManaged.cluster.com/api/cluster/v2/remoteaccess/requests

Request body

{
  "userId": "john.smith@dynatrace.com",
  "reason": "SUP-123456 Verifying cluster state after upgrade",
  "requestedDays": 7,
  "role": "devops-admin"
}

Response body

{
  "requestId":"7a397770-86b7-473b-b23e-4a07d79f2eff",
  "userId":"john.smith@dynatrace.com",
  "reason":"SUP-123456 Verifying cluster state after upgrade",
  "requestedDays":7,
  "role":"devops-admin",
  "createdTimestamp":1586452866661,
  "expirationTimestamp":null,
  "state":"PENDING",
  "stateModifiedByUser":null
}

Response code

201