Google Search Appliance Policy ACL API Developer’s Guide Google Search Appliance software version 7.
Google, Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043 www.google.com GSA-ACLAPI_100.04 December 2013 © Copyright 2013 Google, Inc. All rights reserved. Google and the Google logo are, registered trademarks or service marks of Google, Inc. All other trademarks are the property of their respective owners. Use of any Google solution is governed by the license agreement included in your original contract.
Contents Policy ACL API Developer’s Guide ................................................................................. 4 Policy ACL API Developer’s Guide: Java Getting Started API Authentication Pattern ACL API Group and Member API Policy ACL API Developer’s Guide: .
Policy ACL API Developer’s Guide The Google Search Appliance Policy ACL API enables you to programmatically configure policy access control lists on a search appliance. You can use this API to add users or groups to a URL pattern to which you restrict access. The policy ACL software improves search appliance performance by substantially reducing HEAD requests for user authorization information from remote servers.
After you download the software and acquire search appliance credentials, get started as follows: 1. Browse to the Administrative API download site (http://code.google.com/p/google-enterprisegdata-api). 2. Download the ZIP file gsa-admin-api-java-1.0.0.zip (http://google-enterprise-gdataapi.googlecode.com/files/gsa-admin-api-java-1.0.0.zip) containing the client library and the sample application files. 3. Unzip the file and navigate to the gdata/java folder.
• gdata-client-meta-1.0.jar • gdata-gsa-meta-1.0.jar You can then use the JAR files in your application. API Authentication Before making API calls with the Java client library, you must construct a new GsaService object or a GsaClient object. The GsaClient object provides a simplified interface to the functionality in GsaService object. Please note that for the Group and Member API (see “Group and Member API” on page 9), the GsaClient object cannot be used.
Alternate method using protocol buffer encoding: GsaEntry entry = new GsaEntry(); entry.addGsaContent("urlPattern", "http://example.com"); entry.addGsaContent(“protoAcls”, “true”); entry.
Here are the relevant protocol buffer message definitions: // Information about the domain associated with the principal. message Domain { enum DomainType { // Domain type used by most windows / active directory deployments. this // is the only supported domain type. NETBIOS = 0; } required string name = 1; required DomainType type = 2 [default = NETBIOS]; } Currently // Information that fully specifies the user/group in the ACL.
Retrieving ACL Rules To retrieve all ACL rules: GsaFeed feed = myClient.getFeed("policyAcls"); for(GsaEntry entry : feed.getEntries()) { System.out.println("Url Pattern: " + entry.getGsaContent("urlPattern")); System.out.println("ACL rules: " + entry.getGsaContent("acl")); } To retrieve an ACL rule for a URL pattern: GsaEntry entry = myClient.getEntry("policyAcls", "http://example.com"); System.out.println("Url Pattern: " + entry.getGsaContent("urlPattern")); System.out.println("ACL rules: " + entry.
Retrieving Groups To retrieve all groups: GsaFeed groupFeed = service.getFeed(new URL("http://Search_Appliance:8000/a/ feeds/group/2.0/domain/"), GsaFeed.class); for(GsaEntry groupEntry : groupFeed.getEntries()) { System.out.println("Group Name: " + groupEntry.getProperty("groupName")); } If the number of groups in the search appliance is more than 500, the result is represented on multiple pages—you can access the next page as follows: if (groupFeed.getLink(Link.Rel.NEXT, Link.Type.
In release 7.0, to add users with the extra attributes of Domain, NameSpace, and Case Sensitivity: GsaEntry memberEntry = new GsaEntry(); memberEntry.addProperty("memberId", "john"); memberEntry.addProperty("memberType", "user"); memberEntry.addProperty(“memberNamespaceId”, “Default”); memberEntry.addProperty(“memberDomainId”, “My_domain”); memberEntry.addProperty(“memberCaseType”, “everything-case-sensitive”); // Adds member user "john" to group "testGroup" service.
To remove a fully-specified member from a fully-specified group: service.delete(new URL( "http://Search_Appliance:8000/a/feeds/group/2.0/domain/testGroup/namespace /Default/domain/My_domain/caseType/everthing-case-sensitive/member/" + "john" + "/memberNamespace/Default/memberDomain/Default/memberCaseType /everthing-case-sensitive)); Policy ACL API Developer’s Guide: .NET The sections that follow specify policy ACL rules using .NET. Getting Started The google-enterprise-gdata-api (http://code.google.
4. Open a command prompt and run the command to view its options: C:\GoogleDataAdministrativeAPI\cs\sample\bin\Release>GsaCommandLine.
In the constructor that follows, replace myUserId and myPassword with your Admin Console authentication information: GsaService service = new GsaService(gsaAddr, "myUserId", "myPassword"); Pattern ACL API The code in the sections that follow specifies the URL pattern for a rule. Creating an ACL Rule To create an ACL rule: GsaEntry entry = new GsaEntry(); entry.AddGsaContent("urlPattern", "http://example.com"); entry.AddGsaContent("acl", "group:testGroup user:john"); service.
Creating a Group To create a new group: GsaEntry insertEntry = new GsaEntry(); insertEntry.Properties.Add(new PropertyElement("groupId", "testGroup")); service.Insert(new Uri("http://Search_Appliance:8000/a/feeds/group/2.0/domain"), insertEntry); Retrieving Groups To retrieve all groups: GsaFeed resultFeed = service.Query(new FeedQuery("http://gsa.example.com:8000/a/ feeds/group/2.
Removing a Member From a Group To remove a member from a group: service.Delete("http://Search_Appliance:8000/a/feeds/group/2.0/domain/testGroup /member/john"); Policy ACL API Developer’s Guide: Protocol The sections that follow provide an introduction to the policy ACL protocol. See also the “API Operations” and “XML Element Definitions” sections in the Administrative API Developer’s Guide: Protocol. API Authentication You can send API requests over HTTPS or HTTP.
A set of ACL rules can be specified for a URL pattern. The following parameters are used in the name= attribute: Parameters Description urlPattern The URL pattern for which the ACL rules apply. acl The ACLs. The following example shows the format of the ACLs: group:engineer user:polly user:ji aclProto The ACLs in protocol buffer format.
To create a new ACL rule with a default setting, use the following entry: http://example.
Updating an ACL Rule To update an attribute in an ACL rule for a URL pattern, send an authenticated PUT request to the following URL: http://Search_Appliance:8000/feeds/policyAcls/Url_Pattern The following example entry updates the ACL rule: http://example.
Sample GroupEntry Request The following XML sample shows a sample request to create a group. The sample uses the groupName to specify the name of the group. For the search appliance, the groupName and groupId are the same. PAGE 21The XML code that follows shows a sample API response for a request to retrieve all groups for a domain. Because the emailPermission and description properties are not supported by the search appliance, the values are specified as an empty string (""). http://gsa.example.com:8000/a/feeds/group/2.
Retrieving Group Members To retrieve all members of a group, use the following GET request: GET http://Search_Appliance:8000/a/feeds/group/2.0/domain/groupId/ member[?[start-index=]] To retrieve a particular member of a group, use the following GET request: GET http://Search_Appliance:8000/a/feeds/group/2.0/domain/groupId/member/ memberId Removing Members From a Group To remove a group member, use the following DELETE request: DELETE http://Search_Appliance:8000/a/feeds/group/2.
The XML that follows shows a sample API response for a request that retrieves a specific member in a group. http://gsa.example.com:8000/a/feeds/group/2.0/example.com/us-sales/ member/suejones%40example.com PAGE 24The XML code that follows shows a sample API response for a request to retrieve all members of a group. http://gsa.example.com:8000/a/feeds/group/2.0/example.com/us-sales/ member ManualShelf © 2013-2025
