Cloud Management API 1.5

MediaTypes:

AccountGroup | Account | AlertSpec | Alert | AuditEntry | Backup | CloudAccount | Cloud | CookbookAttachment | Cookbook | Credential | Datacenter | Deployment | IdentityProvider | Image | Input | InstanceType | Instance | IpAddressBinding | IpAddress | MonitoringMetric | MonitoringMetricData | MultiCloudImageMatcher | MultiCloudImageSetting | MultiCloudImage | NetworkGateway | NetworkOptionGroupAttachment | NetworkOptionGroup | Network | Permission | PlacementGroup | Preference | PublicationLineage | Publication | RecurringVolumeAttachment | Repository | RepositoryAsset | ResourceGroup | RightScriptAttachment | RightScript | RouteTable | Route | RunnableBinding | SecurityGroupRule | SecurityGroup | ServerArray | ServerTemplateMultiCloudImage | ServerTemplate | Server | Session | SshKey | Subnet | ResourceTag | Task | User | VolumeAttachment | VolumeSnapshot | VolumeType | Volume |

Resources:

AccountGroups | Accounts | AlertSpecs | Alerts | AuditEntries | Backups | ChildAccounts | CloudAccounts | Clouds | CookbookAttachments | Cookbooks | Credentials | Datacenters | Deployments | HealthCheck | IdentityProviders | Images | Inputs | InstanceTypes | Instances | IpAddressBindings | IpAddresses | MonitoringMetrics | MultiCloudImageMatchers | MultiCloudImageSettings | MultiCloudImages | NetworkGateways | NetworkOptionGroupAttachments | NetworkOptionGroups | Networks | Oauth2 | Permissions | PlacementGroups | Preferences | PublicationLineages | Publications | RecurringVolumeAttachments | Repositories | RepositoryAssets | ResourceGroups | RightScriptAttachments | RightScripts | RouteTables | Routes | RunnableBindings | SecurityGroupRules | SecurityGroups | ServerArrays | ServerTemplateMultiCloudImages | ServerTemplates | Servers | Sessions | SshKeys | Subnets | Tags | Tasks | UserDatas | Users | VolumeAttachments | VolumeSnapshots | VolumeTypes | Volumes |

Users

Actions

index

List the users available to the account the user is logged in to. Therefore, to list the users of a child account, the user has to login to the child account first.

URLs
GET /api/users
HTTP response code
200 OK
Content-type
application/vnd.rightscale.user;type=collection

Required roles

Parameters

name required type values regexp blank? description
filter no Array * * no See below for valid filter parameters.

Filters

name partial_match? description
email no Email of the user to filter on.
first_name yes First name of the user to filter on.
last_name yes Last name of the user to filter on.

Example Responses

Click on a format below to see an example response:

JSON XML 
[{
  "email": "owner_user@rightscale.com",
  "first_name": "Fred",
  "last_name": "Accountholder",
  "login_name": "rightscale888",
  "company": "Account That Likes to Publish Things",
  "phone": "805-867-5309",
  "timezone_name": "America/Los_Angeles",
  "created_at": "2009/07/13 21:50:24 +0000",
  "updated_at": "2008/11/06 19:56:51 +0000",
  "links": [
    {"rel":"self","href":"/api/users/888"}
  ],
  "actions": [

  ]
},{
  "email": "owner_user@rightscale.com",
  "first_name": "Fred",
  "last_name": "Accountholder",
  "login_name": "rightscale888",
  "company": "Account That Likes to Publish Things",
  "phone": "805-867-5309",
  "timezone_name": "America/Los_Angeles",
  "created_at": "2009/07/13 21:50:24 +0000",
  "updated_at": "2008/11/06 19:56:51 +0000",
  "links": [
    {"rel":"self","href":"/api/users/888"}
  ],
  "actions": [

  ]
}]
<?xml version="1.0" encoding="UTF-8"?>
<users>
  <user>
    <email>owner_user@rightscale.com</email>
    <first_name>Fred</first_name>
    <last_name>Accountholder</last_name>
    <login_name>rightscale888</login_name>
    <company>Account That Likes to Publish Things</company>
    <phone>805-867-5309</phone>
    <timezone_name>America/Los_Angeles</timezone_name>
    <created_at>2009/07/13 21:50:24 +0000</created_at>
    <updated_at>2008/11/06 19:56:51 +0000</updated_at>
    <links>
      <link rel="self" href="/api/users/888"/>
    </links>
    <actions/>
  </user>
  <user>
    <email>owner_user@rightscale.com</email>
    <first_name>Fred</first_name>
    <last_name>Accountholder</last_name>
    <login_name>rightscale888</login_name>
    <company>Account That Likes to Publish Things</company>
    <phone>805-867-5309</phone>
    <timezone_name>America/Los_Angeles</timezone_name>
    <created_at>2009/07/13 21:50:24 +0000</created_at>
    <updated_at>2008/11/06 19:56:51 +0000</updated_at>
    <links>
      <link rel="self" href="/api/users/888"/>
    </links>
    <actions/>
  </user>
</users>

show

Show information about a single user.

URLs
GET /api/users/:id
HTTP response code
200 OK
Content-type
application/vnd.rightscale.user

Required roles

Example Responses

Click on a format below to see an example response:

JSON XML 
{
  "email": "owner_user@rightscale.com",
  "first_name": "Fred",
  "last_name": "Accountholder",
  "login_name": "rightscale888",
  "company": "Account That Likes to Publish Things",
  "phone": "805-867-5309",
  "timezone_name": "America/Los_Angeles",
  "created_at": "2009/07/13 21:50:24 +0000",
  "updated_at": "2008/11/06 19:56:51 +0000",
  "links": [
    {"rel":"self","href":"/api/users/888"}
  ],
  "actions": [

  ]
}
<?xml version="1.0" encoding="UTF-8"?>
<user>
  <email>owner_user@rightscale.com</email>
  <first_name>Fred</first_name>
  <last_name>Accountholder</last_name>
  <login_name>rightscale888</login_name>
  <company>Account That Likes to Publish Things</company>
  <phone>805-867-5309</phone>
  <timezone_name>America/Los_Angeles</timezone_name>
  <created_at>2009/07/13 21:50:24 +0000</created_at>
  <updated_at>2008/11/06 19:56:51 +0000</updated_at>
  <links>
    <link rel="self" href="/api/users/888"/>
  </links>
  <actions/>
</user>

create

Create a user. If a user already exists with the same email, that user will be returned.

Creating a user alone will not enable the user to access this account. You have to create 'permissions' for that user before it can be used. Performing a 'show' on a new user will fail unless you immediately create an 'observer' permission on the current account.

Note that information about users and their permissions must be propagated globally across all RightScale clusters, and this can take some time (less than 60 seconds under normal circumstances) so the users you create may not be able to login for a minute or two after you create them. However, you may create or destroy permissions for newly-created users with no delay.

To create a user that will login using password authentication, include the 'password' parameter with your request.

To create an SSO-enabled user, you must specify the identity_provider that will be vouching for this user's identity, as well as the principal_uid (SAML NameID or OpenID identity URL) that the identity provider will assert for this user. Identity providers should be specified by their API href; you can obtain a list of the identity providers available to your account by invoking the 'index' action of the identity_providers API resource.

URLs
POST /api/users
HTTP response code
201 Created
Location
Href of created User.

Required roles

Parameters

name required type values regexp blank? description
user yes Hash * * no
user[company] yes String * * no
user[email] yes String * * no
user[first_name] yes String * * no
user[identity_provider_href] no String * * no The RightScale API href of the Identity Provider through which this user will login to RightScale. Required to create an SSO-authenticated user.
user[last_name] yes String * * no
user[password] no String * * no The password of this user. Required to create a password-authenticated user.
user[phone] yes String * ^[\.()\s\d+-]+$ no
user[principal_uid] no String * * no The principal identifier (SAML NameID or OpenID identity URL) of this user. Required to create an SSO-authenticated user.
user[timezone_name] no String * * no This can be in the form of country/region or timezone name. For example 'America/Los_Angeles' or 'GB' or 'UTC'. A complete list of acceptable values is available in the Settings > User Settings > Preferences page.

update

Update a user's contact information, change their password, or update their SSO settings.

In order to update a user record, one of the following criteria must be met: 1. You've authenticated and are the user being modified, and you provide a valid current_password. 2. You're an admin and the user is linked to your organization SSO provider. 3. You're an admin and the user's email matches the email_domain of your organization SSO provider.

In other words: you can update yourself if you know your own password, you can update yourself or others if you're an admin and they're linked to your SSO provider, and you can update any user if you're an admin and their email address is known to belong to your organization.

For information about enabling canonical email domain ownership for your organization, please talk to your RightScale account manager or contact our support team.

To update a user's contact information, simply pass the desired values for email, first_name, and so forth.

To update a user's password, provide the desired new_password.

To set or update a user's SSO information, you may provide a just a principal_uid (to maintain the user's existing identity provider) or you may provide an identity_provider_href and a principal_uid (to switch identity providers as well as specify a new user identity).

In the context of SAML, principal_uid is equivalent to the SAML NameID or Subject claim. RightScale cannot predict or influence the NameID value that your SAML IdP will send to us for

URLs
PUT /api/users/:id
HTTP response code
204 No Content

Required roles

Parameters

name required type values regexp blank? description
user yes Hash * * no
user[company] no String * * no
user[current_email] yes String * * no The existing email of this user.
user[current_password] no String * * no The current password for the user.
user[first_name] no String * * no
user[identity_provider_href] no String * * no The updated RightScale API href of the associated Identity Provider.
user[last_name] no String * * no
user[login_name] no String * * yes
user[new_email] no String * * no The updated email of this user.
user[new_password] no String * * no The new password for this user.
user[phone] no String * ^[\.()\s\d+-]+$ no
user[principal_uid] no String * * no The updated principal identifier (SAML NameID or OpenID identity URL) of this user.
user[timezone_name] no String * * no This can be in the form of country/region or timezone name. For example 'America/Los_Angeles' or 'GB' or 'UTC'. A complete list of acceptable values is available in the Settings > User Settings > Preferences page.

For more information on API 1.5, including examples, please see the API 1.5 topic on our support site.

Generated: 2023-10-09 11:06:15 UTC