Automate API

[edit on GitHub]

Note

This documentation is meant to support existing Chef customers using Analytics.

If you are a new Chef customer, or are looking to gain better insight into your fleet, try Chef Automate. You’ll get a graphical interface and query language that gives you insight into operational, compliance, and workflow events. Download Chef Automate here.

The Automate API is a REST API that provides access to objects on the Chef Analytics server, including actions, messages, and rules.

Note

This feature is included as part of the Chef Automate license agreement and is available via subscription.

Encryption

All connections to Chef Analytics from any web browser, any API client, and any service uses HTTPS. HTTP access to the Chef Analytics platform is not allowed.

Authentication

Chef Analytics uses token-based authentication to the Automate API.

User Access

Users authenticate to the Automate API using an OAuth 2.0 token. Chef Analytics uses the Chef Identity service (oc-id) that is built into the Chef server as the identity source. When a user accesses Chef Analytics from a web browser, the web browser completes the OAuth negotiation with the oc-id service to ensure that the token is valid.

Service Access

Services authenticate to the Automate API as a privileged user using a keyed-hash message authentication code (HMAC) and is based on a similar mechanism used by Amazon Web Services (AWS) services.

A request is authenticated by concatenating elements of the request to form a string. Then a private key calculates the request signature using the HMAC, which is then added to the request as a header.

After a request is authenticated, it will fetch its copy of the private key, and then uses it to compute a signature, which is then compared against the signature in the header. If these signatures match, the service is authorized. If these signatures do not match, the system responds with an error message.

Endpoints

The following endpoints may be accessed globally.

/actions/ID

The /actions/ID endpoint has the following methods: GET.

GET

The GET method is used to get the details for the specified action.

This method has no parameters.

Request

GET /actions/ID

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/actions/ID/payload

The /actions/ID/payload endpoint has the following methods: GET.

GET

The GET method is used to get payload details for the specified action.

This method has no parameters.

Request

GET /actions/ID/payload

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/audits/ID

The /audits/ID endpoint has the following methods: GET.

GET

The GET method is used to get details for the specified audit.

Request

GET /organizations/NAME/audits/ID

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.

/authentication-configuration

The /authentication-configuration endpoint enables client-side JavaScript applications to connect to the oc-id service (an OAuth provider) by using OAuth 2.0 Implicit flow. This endpoint has the following methods: GET.

GET

The GET method is used to get OAuth 2.0 configuration details.

This method has no parameters.

Request

GET /authentication-configuration

Response

The response is similar to:

{
  "client_id": "abf783ad98b53496asdfe3d682f5c70b68fddsdff87c463b128d540587ab9f",
  "profile_uri": "https://api.opscode.piab/id/v1/me",
  "redirect_uri": "https://analytics.opscode.piab/auth/chef/callback",
  "scope": "",
  "site": "https://api.opscode.piab/id"
}

Response Codes

Response Code Description
200 OK. The request was successful.

/organization/NAME

The /organizations/NAME endpoint has the following methods: GET.

GET

The GET method is used to get the details for the named organization.

This method has no parameters.

Request

GET /organizations/NAME

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/searches

The /searches endpoint has the following methods: GET and POST.

GET

The GET method is used to get a list of searches, optionally by page number.

This method has the following parameters:

Parameter Description
page The page number to return.

Request

GET /searches

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

POST

The POST method is used to create a new rule for the named organization.

This method has no parameters.

Request

POST /searches

with a request body similar to:

{
  "type": "object",
  "properties": {
    "active": {
      "type": "boolean"
    },
    "name": {
      "description": "Rule name",
      "type": "string"
    },
    "modified_by": {
      "description": "user last modified",
      "type": "string"
    },
    "rule": {
      "description": "text of rule",
      "type": "string"
    },
    "with": {
      "type": "object",
      "properties": {
        "priority": {
          "type": "integer"
        }
      },
      "required": ["priority"]
    }
  },
  "required": [ "rule", "modified_by", "with", "active"]
}

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/searches/ID

The /searches/ID endpoint has the following methods: DELETE, GET, POST, and PUT.

DELETE

The DELETE method is used to delete a search item.

This method has no parameters.

Request

DELETE /searches/ID

This method has no request body.

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

GET

The GET method is used to get a search item.

This method has no parameters.

Request

GET /searches/ID

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

POST

The POST method is used to create a new search item.

This method has no parameters.

Request

POST /searches/ID

with a request body similar to:

{
  "type": "object",
  "properties": {
    "description": {
      "type": "string"
    },
    "id": {
      "type": "integer",
      "format": "uint"
    },
    "query": {
      "type": "string",
      "format": "search-query"
    }
  }
}

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

PUT

The PUT method is used to modify an existing search item.

This method has no parameters.

Request

PUT /searches/ID

with a request body similar to:

{
  "type": "object",
  "properties": {
    "description": {
      "type": "string"
    },
    "id": {
      "type": "integer",
      "format": "uint"
    },
    "query": {
      "type": "string",
      "format": "search-query"
    }
  }
}

Response

The response will return the JSON for the updated search item.

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/user

The /user endpoint has the following methods: GET.

GET

The GET method is used to get details for the current user.

This method has no parameters.

Request

GET /user

Response

The response is similar to:

{
  "name": "applejack",
  "properties": {
    "avatar_url": "https://gravatar.com/avatar/0a5549591ec94521799d8d44b17d3432.png?d=mm",
    "email": "applejack@mylittlepony.com",
    "gravatar_id": "0a5549591ec94543299d8d44b17d3432"
  },
  "endpoint": "/users/applejack",
  "organizations": [
    {
      "name": "ponyville",
      "endpoint": "/organizations/ponyville",
      "profile_url": "https://api.opscode.piab/organizations/ponyville/users/applejack"
    },
  ],
  "searches": []
}

Response Codes

Response Code Description
200 OK. The request was successful.
401 Unauthorized. The user or client who made the request could not be authenticated. Verify the user/client name, and that the correct key was used to sign the request.

Organization Endpoints

Each organization-specific authentication request must include /organizations/NAME as part of the name for the endpoint. For example, the full endpoint for editing a rule:

PUT /organizations/NAME/rules/ID

where NAME is the name of the organization and ID is the identifier for the rule to be edited.

/actions

The /actions endpoint has the following methods: GET.

GET

The GET method is used to get a list of actions for the named organization. Use query parameters to filter the list of audits.

This method has the following parameters:

Parameter Description
before The time before which audit data is returned. For example: 2014-11-14T18:50:09.155Z.
page The page number to be returned.
since The time after which audit data is returned. For example: 2014-11-14T18:40:09.155Z.

Request

GET /organizations/NAME/actions

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/actions/export

The /actions/export endpoint has the following methods: GET.

GET

This method has no parameters.

Request

GET /organizations/NAME/actions/export

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/aliases

The /aliases endpoint has the following methods: GET and POST.

GET

The GET method is used to get a list of aliases for the specified organization.

This method has no parameters.

Request

GET /organizations/NAME/aliases

Response

The response is similar to:

{
  "title": "array of aliases",
  "type": "array",
  "items": {
    "type": "object",
    "properties": {
      "id": {
        ...
      },
      "name": {
        ...
      },
      "org_name": {
        ...
      },
      "modified_by": {
        ...
      },
      "modified_at": {
        ...
      },
      "notification_type": {
        ...
      },
      "delivery_options": {
        ...
      }
    }
  },
  "definitions": {
    "hipchat": {
      ...
    },
    "http": {
      ...
    },
    "smtp": {
      ...
    }
  }
}

Response Codes

Response Code Description
200 OK. The request was successful.

POST

The POST method is used to create a new alias for the specified organization.

This method has no parameters.

Request

POST /organizations/NAME/aliases

with a request body similar to:

{
  "type": "object",
  "properties": {
    "name": {
      "description": "The name of the alias",
      "type": "string"
    },
    "modified_by": {
      "description": "user last modified",
      "type": "string"
    },
    "notification_type": {
      "description": "type of alias (e.g. hipchat, http)",
      "type": "string",
      "enum": [
        "http",
        "hipchat"
      ]
    },
    "delivery_options": {
      "description": "set of settings this notification_type needs",
      "type": "object",
      "oneOf": [
        {"$ref": "#/definitions/hipchat"},
        {"$ref": "#/definitions/http"}
      ]
    }
  },
  "required": [ "notification_type", "modified_by", "name" ],
  "definitions": {
    ...
  }
}

Response

The response is similar to:

{

}

Response Codes

Response Code Description
201 Success.
409 Duplicate alias exists in organization.

/aliases/ID

The /aliases/ID endpoint has the following methods: DELETE, GET, and PUT.

DELETE

The DELETE method is used to delete the specified alias.

This method has no parameters.

Request

DELETE /organizations/NAME/aliases/ID

This method has no request body.

Response

The response is similar to:

{

}

Response Codes

Response Code Description
204 Success.

GET

The GET method is used to get information about the specified alias.

This method has no parameters.

Request

GET /organizations/NAME/aliases/ID

Response

The response is similar to:

{
  "type": "object",
  "properties": {
    "id": {
      ...
    },
    "name": {
      ...
    },
    "org_name": {
      ...
    },
    "modified_by": {
      ...
    },
    "modified_at": {
      ...
    },
    "notification_type": {
      ...
    },
    "delivery_options": {
      ...
    }
  },
  "required": [ "notification_type", "modified_by", "name" ],
  "definitions": {
    "hipchat": {
      ...
    },
    "http": {
      ...
    },
    "smtp": {
      ...
    }
  }
}

Response Codes

Response Code Description
200 OK. The request was successful.

PUT

The PUT method is used to update the details for an existing alias.

This method has no parameters.

Request

PUT /organizations/NAME/aliases/ID

with a request body similar to:

{
  "type": "object",
  "properties": {
    "name": {
      "description": "The name of the alias",
      "type": "string"
    },
    "modified_by": {
      "description": "user last modified",
      "type": "string",
      "format": "username"
    },
    "notification_type": {
      "description": "type of alias (e.g. hipchat, http)",
      "type": "string",
      "enum": [
        "http",
        "hipchat"
      ]
    },
    "delivery_options": {
      "description": "set of settings this notification_type needs",
      "type": "object",
      "oneOf": [
        {"$ref": "#/definitions/hipchat"},
        {"$ref": "#/definitions/http"}
      ]
    }
  },
  "required": [ "notification_type", "modified_by", "name" ],
  "definitions": {
    "hipchat": {
      "description": "Notifier - Hipchat schema",
      "type": "object",
      "properties": {
        "room": {
          "description": "Room to send message to",
          "type": "string"
        },
        "from": {
          "description": "Message sender",
          "type": "string"
        },
        "api_token": {
          "description": "Token to use for authentication",
          "type": "string",
          "format": "hash"
        },
        "api_version": {
          "description": "Version of hipchat api to use",
          "type": "string",
          "enum": [
            "1",
            "2"
          ]
        },
        "color": {
          "description": "Displayed message color in hipchat window",
          "type": "string",
          "enum": [
            "yellow",
             "red",
            "green",
            "purple",
            "gray",
            "random"
          ]
        },
        "notify": {
          "description": "Used to notify the room of the message...",
            "type": "string",
            "enum": [
              "0",
              "1"
            ]
          }
        },
        "required": [
          "template",
          "room",
          "api_token"
        ]
     },
    "http": {
      "description": "Notifier - HTTP (with auth) schema",
      "type": "object",
      "properties": {
        "url": {
          "description": "Url to send message to",
            "type": "string",
            "format": "url"
        },
        "auth": {
          "description": "Auth details",
          "type": "object",
          "properties": {
            "type": {
              "description": "Authentication type",
              "type": "string",
              "enum": [
                "basic"
              ]
            },
            "username": {
              "description": "Username to authenticate with",
              "type": "string"
            },
            "password": {
              "description": "Password to authenticate with",
              "type": "string"
            }
          }
        }
      },
      "required": [ "url" ]
    }
  }
}

Response

The response will return the JSON for the updated alias.

Response Codes

Response Code Description
204 Success.

/audits

The /audits endpoint has the following methods: GET.

GET

The GET method is used to get a list of audits for the named organization. Use query parameters to filter the list of audits.

This method has the following parameters:

Parameter Description
before The time before which audit data is returned. For example: 2014-11-14T18:50:09.155Z.
level The audit level. Possible values: error, info, and warn. Use a comma to separate multiple audit levels. For example: error or warn, info.
page The page number to be returned.
since The time after which audit data is returned. For example: 2014-11-14T18:40:09.155Z.
type The types of events that trigger audits: action, run_control, run_control_group, run_converge, run_resource, or run_start. Use a comma to separate multiple types. For example: run_converge or action, run_start.

Request

GET /organizations/NAME/audits

Responses

A response for action is similar to:

{
  "id": "cb17e360-a729-4112-b5b6-713a8e213c55",
  "recorded_at": "2014-11-14T03:02:09.000Z",
  "description": "Oh oh, we didn't meet the audit criteria!",
  "level": "warn",
  "organization": "ponyville",
  "type": "audit",
  "auditable": {
    "id": "3e1fb0dd-eaeb-43cb-8df7-827376bc3f59",
    "tags": [
      "foo:create"
    ],
    "recorded_at": "2014-11-14T03:02:09.000Z",
    "remote_hostname": "33.33.33.10",
    "remote_request_id": null,
    "request_id": "g3IAA2QAEGVyY2hlZkAxMjcuMC4wLjEBAAPZYgAAAAUAAAAA",
    "service_hostname": "api.opscode.piab",
    "task": "create",
    "type": "action",
    "endpoint": "/actions/3e1fb0dd-eaeb-43cb-8df7-827376bc3f59",
    "user_agent": "Chef Manage/11.10.4 (ruby-1.9.3-p547; ohai-6.20.0; x86_64-linux; +http://opscode.com)",
    "requestable": {
      "name": "applejack",
      "properties": {
        "avatar_url": null,
        "email": null,
        "gravatar_id": null
      },
      "type": "user",
      "endpoint": "/users/applejack"
  },
  "entity": {
    "name": "b",
    "manage": "https://api.opscode.piab/organizations/ponyville/data_bags/b",
    "parent": null,
    "type": "bag",
    "endpoint": "/organizations/ponyville/bags/b"
    }
  }
}

A response for run_control is similar to:

{
  "id": "2121e899-9f84-43b9-8933-53fe864e163d",
  "recorded_at": "2014-11-22T22:43:37.000Z",
  "description": "Control error",
  "level": "error",
  "organization": "ponyville",
  "type": "audit",
  "auditable": {
    "id": "6035b05b-1514-4006-9edd-787212a30074",
    "name": "should be mode 600",
    "status": "success",
    "details": null,
    "resource_name": "/etc/ssh/ssh_host_dsa_key",
    "resource_type": "File",
    "context": null,
    "sequence_number": 10,
    "tags": [],
    "type": "run_control"
  }
}

A response for run_control_group is similar to:

{
  "id": "92850c77-d581-493a-afd1-e502cfa8eb4d",
  "recorded_at": "2014-11-22T22:43:37.000Z",
  "description": "Control group had too many failures",
  "level": "warn",
  "organization": "ponyville",
  "type": "audit",
  "auditable": {
    "id": "6a8803b3-7a98-46e8-87a7-a7a9d5d37d97",
    "name": "Database",
    "status": "success",
    "number_success": 2,
    "number_failed": 0,
    "tags": [],
    "error": null,
    "type": "run_control_group"
  }
}

A response for run_converge is similar to:

{
  "id": "98f9e4ac-1c97-4d9b-8175-4fca28a1d37d",
  "recorded_at": "2014-11-22T22:49:04.000Z",
  "description": "Run Converge",
  "level": "warn",
  "organization": "ponyville",
  "type": "audit",
  "auditable": {
    "error": null,
    "id": "21e4924d-d395-49b4-8f9d-6934f2fecf24",
    "end_time": "2014-11-22T22:49:04.000Z",
    "node_name": "client1.opscode.piab",
    "run_id": "4a2c115e-5d99-4201-916f-eac723ed9f1d",
    "run_list": [
      "recipe[apt]"
    ],
    "status": "success",
    "start_time": "2014-11-22T22:49:04.000Z",
    "total_resource_count": 8,
    "updated_resource_count": 2,
    "type": "run_converge"
  }
}

A response for run_resource is similar to:

{
  "id": "d833b937-1162-42af-b01c-2bcdc4891951",
  "recorded_at": "2014-11-22T21:12:25.000Z",
  "description": "Run Resource",
  "level": "warn",
  "organization": "ponyville",
  "type": "audit",
  "auditable": {
    "id": "9aa9fdc1-9524-45fb-81b4-123f91306b27",
    "sequence": 3,
    "resource_id": "update-notifier-common",
    "resource_name": "update-notifier-common",
    "resource_type": "apt_package",
    "resource_result": "install",
    "initial_state": {
      "version": null,
      "options": null
    },
    "final_state": {
      "version": "0.119ubuntu8.7",
      "options": null
    },
    "delta": "",
    "cookbook_name": "apt",
    "cookbook_version": "2.6.0",
    "tags": [],
    "type": "run_resource"
  }
}

A response for run_start is similar to:

{
  "id": "33ecf37d-dea0-4063-9607-60268f45bfab",
  "recorded_at": "2014-11-22T22:49:04.000Z",
  "description": "Run Start",
  "level": "warn",
  "organization": "ponyville",
  "type": "audit",
  "auditable": {
    "id": "4a2c115e-5d99-4201-916f-eac723ed9f1d",
    "node_name": "client1.opscode.piab",
    "organization": "ponyville",
    "start_time": "2014-11-22T22:49:04.000Z",
    "run_id": "4a2c115e-5d99-4201-916f-eac723ed9f1d",
    "tags": [],
    "type": "run_start"
  }
}

Response Codes

Response Code Description
200 OK. The request was successful.

/autocomplete

The /autocomplete endpoint has the following methods: GET.

GET

This method has no parameters.

Request

GET /organizations/NAME/autocomplete

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.
403 Unauthorized.
500 Internal error.

/rules

The /rules endpoint has the following methods: GET and POST.

GET

The GET method is used to get a list of rules for the named organization.

This method has no parameters.

Request

GET /organization/NAME/rules

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.

POST

The POST method is used to create a new rule for the named organization.

This method has no parameters.

Request

POST /organization/NAME/rules

with a request body similar to:

{
  "type": "object",
  "properties": {
    "active": {
      "type": "boolean"
    },
    "name": {
      "description": "Rule name",
      "type": "string"
    },
    "modified_by": {
      "description": "user last modified",
      "type": "string"
    },
    "rule": {
      "description": "text of rule",
      "type": "string"
    },
    "with": {
      "type": "object",
      "properties": {
        "priority": {
          "type": "integer"
        }
      },
      "required": ["priority"]
    }
  },
  "required": [ "rule", "modified_by", "with", "active"]
}

Response

The response is similar to:

{

}

Response Codes

Response Code Description
201 Created. The object was created. The location of the new rule is returned.
409 Duplicate rule name.

/rules/ID

The /rules/ID endpoint has the following methods: DELETE, GET, and PUT.

DELETE

The DELETE method is used to delete a rule.

This method has no parameters.

Request

DELETE /organizations/NAME/rules/ID

This method has no request body.

Response

The response is similar to:

{

}

Response Codes

Response Code Description
204 Success.

GET

The GET method is used to get the details for a rule.

This method has no parameters.

Request

GET /organizations/NAME/rules/ID

Response

The response is similar to:

{

}

Response Codes

Response Code Description
200 OK. The request was successful.

PUT

The PUT method is used to edit an existing rule.

This method has no parameters.

Request

PUT /organizations/NAME/rules/ID

with a request body similar to:

{
  "type": "object",
  "properties": {
    "active": {
      "type": "boolean"
    },
    "name": {
      "description": "Rule name",
      "type": "string"
    },
    "modified_by": {
      "description": "user last modified",
      "type": "string"
    },
    "rule": {
      "description": "text of rule",
      "type": "string"
    },
    "with": {
      "type": "object",
      "properties": {
        "priority": {
          "type": "integer"
        }
      },
      "required": ["priority"]
    }
  },
  "required": [ "rule", "modified_by", "with", "active"]
}

Response

The response will return the JSON for the updated rule.

Response Codes

Response Code Description
204 Success.