Compliance APIs
APIs for compliance service
Table of Contents
1. Get the Compliance Standards
This API is used to fetch all supported compliance standards.
1.1. Prerequisites
The following data is required
- The SDDC Manager should be up and running.
1.2. Steps
- Invoke the API
cURL Request
$ curl 'http://localhost:8080/v1/compliance-standards' -i -X GET
HTTP Request
GET /v1/compliance-standards HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 64
{"elements":[{"standardType":"PCI","standardVersions":["4.0"]}]}
2. Get the Compliance configurations
This API is used to fetch all the compliance configurations known to the system.
2.1. Prerequisites
The following data is required
The SDDC Manager should be up and running.
To filter configurations for a particular compliance standard and resource, standard type, standard version, resource type and resource version can be provided.
2.2. Steps
- Invoke the API
cURL Request
$ curl 'http://localhost:8080/v1/compliance-configurations?resourceType=SDDC_MANAGER&resourceVersion=5.2.0.0&standardType=PCI&standardVersion=4.0' -i -X GET
HTTP Request
GET /v1/compliance-configurations?resourceType=SDDC_MANAGER&resourceVersion=5.2.0.0&standardType=PCI&standardVersion=4.0 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 473
{"elements":[{"configurationId":"1600","configurationTitle":"Verify backup","complianceResourceStandardConfigurationDetails":[{"resourceType":"SDDC_MANAGER","resourceVersion":"5.2.0.0","standardConfigurationDetails":[{"standardType":"PCI","standardVersion":"4.0","isRecommendedByStandard":true,"isAuditAutomated":true,"citationReference":"12.5.2 Bullet 3","auditProcedure":"Verify backup configuration","recommendedValue":"TRUE","remediationProcedure":"Setup backup"}]}]}]}
3. Compliance audit of resources
This API is used to trigger the compliance audit of resources
3.1. Prerequisites
The following data is required
Id of the domain. Refer : [_usecase_getDomains]
Compliance standard type, compliance standard version and resource type.
To audit a particular resource, resource name can be provided.
To audit a particular configuration, configuration id can be provided. For allowable configuration id values, refer : Get the Compliance configurations.
3.2. Steps
- Trigger the task using the valid input specification.
cURL Request
$ curl 'http://localhost:8080/v1/domains/3d9b4eba-68d3-4fe3-b7d9-04b4a673bfcf/compliance-audits' -i -X POST \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{"standardType":"PCI","standardVersion":"4.0","complianceResourcesConfigurationSpec":[{"configurationId":"1600","resources":[{"resourceType":"SDDC_MANAGER"}]}]}'
HTTP Request
POST /v1/domains/3d9b4eba-68d3-4fe3-b7d9-04b4a673bfcf/compliance-audits HTTP/1.1
Content-Type: application/json
Accept: application/json
Content-Length: 160
Host: localhost:8080
{"standardType":"PCI","standardVersion":"4.0","complianceResourcesConfigurationSpec":[{"configurationId":"1600","resources":[{"resourceType":"SDDC_MANAGER"}]}]}
HTTP Response
HTTP/1.1 202 Accepted
Location: /v1/domains/3d9b4eba-68d3-4fe3-b7d9-04b4a673bfcf/compliance-audits/tasks/cb6624e2-5e6c-4662-a18a-26063b5320af
Content-Type: application/json
Content-Length: 67
{"id":"cb6624e2-5e6c-4662-a18a-26063b5320af","status":"INPROGRESS"}
Poll the status of the task using the compliance task API with the ID from the response of the previous API, until "status" is not "IN_PROGRESS".
If the "status" is "SUCCESSFUL", the task is completed successfully.
If the "status" is "FAILED" , the task can be re-executed using retry compliance audit API. Refer to: Retry Compliance audit of resources.
cURL Request
$ curl 'http://localhost:8080/v1/domains/2554907f-584e-4d38-b428-c19a9081dcc8/compliance-audits/tasks/2599d730-2b4b-4169-b631-761c540a290b' -i -X GET
HTTP Request
GET /v1/domains/2554907f-584e-4d38-b428-c19a9081dcc8/compliance-audits/tasks/2599d730-2b4b-4169-b631-761c540a290b HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 126
{"id":"2599d730-2b4b-4169-b631-761c540a290b","status":"SUCCESSFUL","complianceAuditId":"8ecbf7ac-4235-4854-a63c-f2d1bb453815"}
- After the status is "SUCCESSFUL", fetch the audit id from the response and invoke the API to get the audit result.
cURL Request
$ curl 'http://localhost:8080/v1/compliance-audits/54ff7ff2-5a12-4cb9-90ea-d2c6fcc523c9' -i -X GET
HTTP Request
GET /v1/compliance-audits/54ff7ff2-5a12-4cb9-90ea-d2c6fcc523c9 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 443
{"id":"54ff7ff2-5a12-4cb9-90ea-d2c6fcc523c9","creationTimestamp":"2024-01-22T19:35:25.331Z","completionTimestamp":"2024-01-22T19:35:25.331Z","standardType":"PCI","standardVersion":"4.0","domainId":"11fbe71b-5395-4dae-989f-e35fd72a5dd4","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}
- Invoke the API to get all the audit items in the result.
cURL Request
$ curl 'http://localhost:8080/v1/compliance-audits/62c2b740-dd16-476e-9aa2-5f700c56216b/compliance-audit-items' -i -X GET
HTTP Request
GET /v1/compliance-audits/62c2b740-dd16-476e-9aa2-5f700c56216b/compliance-audit-items HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 354
{"elements":[{"resourceType":"SDDC_MANAGER","resourceName":"sddc-manager.vrack.vsphere.local","configurationId":"1600","configurationTitle":"Verify backup","isConfigurationRecommendedByStandard":true,"citationReference":"12.5.2 Bullet 3","recommendedValue":"TRUE","actualValue":"TRUE","complianceStatus":"COMPLIANT","complianceAuditStatus":"SUCCEEDED"}]}
4. Retry Compliance audit of resources
This API is used to retry the failed compliance audit task
4.1. Prerequisites
The following data is required
Id of the domain. Refer : [_usecase_getDomains]
Id of the failed compliance audit task
4.2. Steps
- Invoke the API
cURL Request
$ curl 'http://localhost:8080/v1/domains/a248ad6b-474b-46d5-9189-6b727c9ab065/compliance-audits/tasks/67aecaa1-31fc-4d13-913c-18a217e0d534' -i -X PATCH
HTTP Request
PATCH /v1/domains/a248ad6b-474b-46d5-9189-6b727c9ab065/compliance-audits/tasks/67aecaa1-31fc-4d13-913c-18a217e0d534 HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 202 Accepted
Location: /v1/domains/a248ad6b-474b-46d5-9189-6b727c9ab065/compliance-audits/tasks/67aecaa1-31fc-4d13-913c-18a217e0d534
Content-Type: application/json
Content-Length: 67
{"id":"67aecaa1-31fc-4d13-913c-18a217e0d534","status":"INPROGRESS"}
Poll the status of the task using the compliance task API with the ID from the response of the previous API, until "status" is not "IN_PROGRESS".
If the "status" is "SUCCESSFUL", the task is completed successfully.
If the "status" is "FAILED", the task can be re-executed using the above step.
cURL Request
$ curl 'http://localhost:8080/v1/domains/2554907f-584e-4d38-b428-c19a9081dcc8/compliance-audits/tasks/2599d730-2b4b-4169-b631-761c540a290b' -i -X GET
HTTP Request
GET /v1/domains/2554907f-584e-4d38-b428-c19a9081dcc8/compliance-audits/tasks/2599d730-2b4b-4169-b631-761c540a290b HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 126
{"id":"2599d730-2b4b-4169-b631-761c540a290b","status":"SUCCESSFUL","complianceAuditId":"8ecbf7ac-4235-4854-a63c-f2d1bb453815"}
5. Get the Compliance audit history
This API is used to fetch all the compliance audit results.
5.1. Prerequisites
The following data is required
The SDDC Manager should be up and running.
Id of the domain if a particular domain audit history is to be fetched.
Get All compliance audit results
5.2. Steps
- Invoke the API to get all the audit results.
cURL Request
$ curl 'http://localhost:8080/v1/compliance-audits' -i -X GET
HTTP Request
GET /v1/compliance-audits HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458
{"elements":[{"id":"74ee10f4-0476-4991-823d-a84d7e7e3d17","creationTimestamp":"2024-01-22T19:35:25.156Z","completionTimestamp":"2024-01-22T19:35:25.156Z","standardType":"PCI","standardVersion":"4.0","domainId":"a01319de-b1b5-46d1-a39e-6a6ba54c5580","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}]}
Get All compliance audit results for a domain
5.3. Steps
- Invoke the API to get all the audit results of a particular domain.
cURL Request
$ curl 'http://localhost:8080/v1/domains/dea419d9-0a97-4b51-9ce4-b9f498525486/compliance-audits' -i -X GET
HTTP Request
GET /v1/domains/dea419d9-0a97-4b51-9ce4-b9f498525486/compliance-audits HTTP/1.1
Host: localhost:8080
HTTP Response
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 458
{"elements":[{"id":"cb18c913-10f7-4f8d-816f-dc9bc0437989","creationTimestamp":"2024-01-22T19:35:25.782Z","completionTimestamp":"2024-01-22T19:35:25.782Z","standardType":"PCI","standardVersion":"4.0","domainId":"dea419d9-0a97-4b51-9ce4-b9f498525486","configurationEvaluationStatus":"ALL_EVALUATED","compliantStatus":"COMPLIANT","totalConfigurationsEvaluated":1,"numberOfNonCompliantConfigurations":0,"numberOfSkippedConfigurations":0,"numberOfAuditItems":1}]}
Last updated 2024-02-29 05:35:20 -0800