API Connect

Everything in the following blog post pertains to API Connect version 10.0.5.6+. Some introductory information on using the Portal Admin CLI can be found at https://www.ibm.com/docs/en/api-connect/10.0.5.x_lts?topic=cli-getting-started-portal-commands if you aren’t familiar with the process.

Introduction

Drupal User management was previously a task confined to the Drupal Admin UI. Starting from API Connect 10.0.5.6, you can complete the Drupal User tasks using the Portal Admin CLI or via HTTP requests on these routes. The actions that can be taken against Drupal Portal Users are Add and Remove Role, Block and Unblock and retrieving information on a user as well as providing different filters to narrow your search.

Retrieving Developer Portal User Information

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Retrieving Developer Portal User information

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> user:information

The user information command contains pagination due to the sheer volume of users that may exist in your Developer Portal site. The default limit is 50 if your site contains more than that many users and the offset is defaulted to 0. The limit and offset can be changed by providing their respective flags in the Portal CLI command --limit and --offset. Please be aware if you are trying to retrieve a large number of users the command may time out due to the volume of data being collect so you will need to adjust these accordingly.

Information that is returned on a user

uid - The unique Drupal id that identifies the user entity

name - The username of the Developer Portal User

mail - The email address associated with the Developer Portal User

roles - The current active roles the Developer Portal User has assigned to them.

status - The current Drupal status of the user. The value can either be ‘active’ or ‘blocked’

apic_state - The current status Developer Portal stores against the Developer Portal User. The value can either be

• ‘enabled‘ - The account has been activated

• ‘pending‘ - The account has been created but hasn’t been activated.

• ‘pending_approval‘ - The account has been created but needs to be approved before it can be activated.

last_login - The last time the Developer Portal User logged into the UI. If they haven’t logged in since creating their account then the time will default to the start of the UNIX time 01/01/1970

user_registry - The user registry this account resides in. You will receive an entry containing the unique identifier and the human readable name so you can more easily identify what consumer orgs they are.

consumer_orgs - A list of all the consumer orgs the user is a member of. You will receive a list each containing the unique identifier and the human readable name so you can more easily identify what consumer orgs they are.

Filtering users based on certain criteria

You can filter the users on some of the fields listed above. There is no limit on how many of these filters you can use in one command call but one thing to keep in mind is that work in an ‘AND’ format. So all criteria have to match a user for someone to be returned.

--apic-state - You can provide a comma separated list of the values listed above for the fields. Although there is only two at the moment more could be add in the future, which is why it accepts a comma separated list

--consumer-org - You can provide a comma separated list of consumer-org urls to filter users by. The the users returned can be in either of the orgs listed it doesn’t match a user to being in them all. You can retrieve the consumer org url from the consumer-org Portal Admin CLI Command

--login-after - Filters the list to users who have logged in after the provided date. The date needs to be given in format of MM-DD-YYY or MM-DD-YY HH:MM:SS

--login-before - Filters the list to users who have logged in before the provided date. The date needs to be given in format of MM-DD-YYY or MM-DD-YY HH:MM:SS

--mail - You can provide a comma separated list of email addresses to filter users by. Useful if you know this particular piece of information and need to find out more about the users.

--name - You can provide a comma separated list of usernames to filter users by. Useful if you know this particular piece of information and need to find out more about the users.

--role - You can provide a comma separated list of Drupal User Roles to filter users by. This will help filter users if you want to find out who is using a particular role for auditing.

--status - Filter by Drupal user status. Choices are 'active' or 'blocked'.. This will help filter users if you want to find out who blocked or you just want all active users in your results.

--uid - You can provide a comma separated list of uids to list specific user information.

Adding roles to Developer Portal Users

Note: Role management commands can be found at - https://community.ibm.com/community/user/integration/blogs/reece-oliver/2023/11/24/drupal-role-management

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Add a role to a Developer Portal User

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> user:add-role --role <role(s)> --names <user(s)>

In the example above I am adding the administrator role to the account portal1. When adding roles to Developer Portal Users you can either provide a comma separated list of name, mail or uids as well as a comma separated list of roles.

Removing Roles from Developer Portal Users

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Remove a Role from a Developer Portal User

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> user:remove-role --role administrator --names <user(s)>

In the example above I am removing the administrator role from the account portal1. When removing roles to Developer Portal Users you can either provide a comma separated list of name, mail or uids as well as a comma separated list of roles.

Blocking Developer Portal Users

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Block a Developer Portal User

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> user:block --names <user(s)>

In the example above am blocking the Developer Portal User portal1. This command only allows blocking via usernames but you can provide multiple users to block in a comma separated list.

When a block user next tries to log in they will be greeted by this screen.

Unblocking Developer Portal Users

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Unblocking a Developer Portal User

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> user:unblock --names <user(s)

In the example above am unblocking the Developer Portal User portal1. This command only allows unblocking via usernames but you can provide multiple users to unblock in a comma separated list.

Conclusion

All these commands help facilitate the process adding managing users of your Developer Portal via the CLI. One example of how these commands could be integrated into a CI/CD process is its needed where you want to acquire information on inactive users who need to be notified of account deletion if that a process your company employs.

Related Portal Admin CLI Blogs

Developer Portal Role Management Command

#APIConnect#portal#developerportal#portalcli#drupal