DevOps Automation

IBM UrbanCode Deploy (now IBM DevOps Deploy) allows you to restrict which REST endpoints an authorization token can use. That’s a nice security feature. However, if you need to set up an Auth Token Restriction for an Integration or some external script or tool, finding out what endpoints are hit can be a time-consuming activity.  But there is an easier way…..

1. Create a new temporary user in UCD and make it a member of a suitable team(s) with the right role permissions to allow it to do whatever it does.
2. Run the tool / script or integration for one or more cycles to capture the things it has to do using the temporary user that you just created.
3. Navigate to the System > Diagnostics > REST Call Log
4. Sort the URL column
5. Enter you temporary user name into the filter of the User Column
6. Scroll down the page looking for distinct API endpoints.  Record the URL and the Method.
7. Now that you captured all the endpoints you can use those to create a new Auth Token Restriction.
8. Remove the temporary user you created

This is a lot easier than using the trial and error method of determining the endpoints used since when you create a token, it seems that the endpoints referenced by the Auth Token Restriction at that moment in time are the ones applied to the token.  So, if you change the Auth Token Restriction, you need to create a new token.

If you need to process a lot of data, you can get the JSON directly using a command like this:

In the URL above change admin:admin to the UCD user /password of a user with permissions to looks at the REST Call Log.
Change the filterValue_user.name=harry to reference the temporary user you created
Change rowsPerPage=250 to some number big enough to get all the data.

With a little bit of shell script you can easily extract a unique list of methods with their end points

sed ‘s/,/\n/g’ restcalls.json | grep -e “method” -e “shortUrl” | sed -rn ‘N;s/\n/ /;p’ | uniq