Module netapp_ontap.resources.name_mapping
Copyright © 2019 NetApp Inc. All rights reserved.
Overview
Name mapping is used to map CIFS identities to UNIX identities, Kerberos identities to UNIX identities, and UNIX identities to CIFS identities. It needs this information to obtain user credentials and provide proper file access regardless of whether they are connecting from an NFS client or a CIFS client. The system keeps a set of conversion rules for each Storage Virtual Machine (SVM). Each rule consists of two pieces: a pattern and a replacement. Conversions start at the beginning of the appropriate list and perform a substitution based on the first matching rule. The pattern is a UNIX-style regular expression. The replacement is a string containing escape sequences representing subexpressions from the pattern, as in the UNIX sed program. Name mappings are applied in the order in which they occur in the priority list; for example, a name mapping that occurs at position 2 in the priority list is applied before a name mapping that occurs at position 3. Each mapping direction (Kerberos-to-UNIX, Windows-to-UNIX, and UNIX-to-Windows) has its own priority list. You are prevented from creating two name mappings with the same pattern.
Examples
Creating a name-mapping with client_match as the ip-address
Use the following API to create a name-mapping. Note the return_records=true query parameter is used to obtain the newly created entry in the response.
# The API:
POST /api//name-services/name-mappings
# The call:
curl -X POST "https://<mgmt-ip>/api/name-services/name-mappings?return_records=true" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"client_match\": \"10.254.101.111/28\", \"direction\": \"win_unix\", \"index\": 1, \"pattern\": \"ENGCIFS_AD_USER\", \"replacement\": \"unix_user1\", \"svm\": { \"name\": \"vs1\", \"uuid\": \"f71d3640-0226-11e9-8526-000c290a8c4b\" }}"
# The response:
{
"num_records": 1,
"records": [
{
"svm": {
"uuid": "f71d3640-0226-11e9-8526-000c290a8c4b",
"name": "vs1"
},
"direction": "win_unix",
"index": 1,
"pattern": "ENGCIFS_AD_USER",
"replacement": "unix_user1",
"client_match": "10.254.101.111/28"
}
]
}
Creating a name-mapping with client_match as the hostname
Use the following API to create a name-mapping. Note the return_records=true query parameter is used to obtain the newly created entry in the response.
# The API:
POST /api//name-services/name-mappings
# The call:
curl -X POST "https://<mgmt-ip>/api/name-services/name-mappings?return_records=true" -H "accept: application/json" -H "Content-Type: applicatio/json" -d "{ \"client_match\": \"google.com\", \"direction\": \"win_unix\", \"index\": 2, \"pattern\": \"ENGCIFS_AD_USER\", \"replacement\": \"unix_user1\", \"svm\": { \"name\": \"vs1\", \"uuid\": \"f71d3640-0226-11e9-8526-000c290a8c4b\" }}"
# The response:
{
"num_records": 1,
"records": [
{
"svm": {
"uuid": "f71d3640-0226-11e9-8526-000c290a8c4b",
"name": "vs1"
},
"direction": "win_unix",
"index": 2,
"pattern": "ENGCIFS_AD_USER",
"replacement": "unix_user1",
"client_match": "google.com"
}
]
}
Retrieving all name-mapping configurations for all SVMs in the cluster
# The API:
GET /api/name-services/name-mappings
# The call:
curl -X GET "https://<mgmt-ip>/api/name-services/name-mappings?fields=*&return_records=true&return_timeout=15" -H "accept: application/json"
# The response:
{
"records": [
{
"svm": {
"uuid": "f71d3640-0226-11e9-8526-000c290a8c4b",
"name": "vs1"
},
"direction": "win_unix",
"index": 1,
"pattern": "ENGCIFS_AD_USER",
"replacement": "unix_user1",
"client_match": "10.254.101.111/28"
},
{
"svm": {
"uuid": "f71d3640-0226-11e9-8526-000c290a8c4b",
"name": "vs1"
},
"direction": "win_unix",
"index": 2,
"pattern": "ENGCIFS_AD_USER",
"replacement": "unix_user1",
"client_match": "google.com"
}
],
"num_records": 2
}
Retrieving a name-mapping configuration for a specific SVM, and for the specified direction and index
# The API:
GET /api/name-services/name-mappings/{svm.uuid}/{direction}/{index}
# The call:
curl -X GET "https://<mgmt-ip>/api/name-services/name-mappings/f71d3640-0226-11e9-8526-000c290a8c4b/win_unix/1" -H "accept: application/json"
# The response:
{
"svm": {
"uuid": "f71d3640-0226-11e9-8526-000c290a8c4b",
"name": "vs1"
},
"direction": "win_unix",
"index": 1,
"pattern": "ENGCIFS_AD_USER",
"replacement": "unix_user1",
"client_match": "10.254.101.111/28"
}
Updating a specific name-mapping configuration
# The API:
PATCH /api//name-services/name-mappings/{svm.uuid}/{direction}/{index}
# The call:
curl -X PATCH "https://<mgmt-ip>/api/name-services/name-mappings/f71d3640-0226-11e9-8526-000c290a8c4b/win_unix/1" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"client_match\": \"10.254.101.222/28\", \"pattern\": \"ENGCIFS_LOCAL_USER\", \"replacement\": \"pcuser\"}"
Removing a specific name-mapping configuration
# The API:
DELETE /api/name-services/name-mappings/{svm.uuid}/{direction}/{index}
# The call:
curl -X DELETE "https://<mgmt-ip>/api/name-services/name-mappings/f71d3640-0226-11e9-8526-000c290a8c4b/win_unix/1" -H "accept: application/json"
Classes
class NameMapping (*args, **kwargs)
-
Name mapping is used to map CIFS identities to UNIX identities, Kerberos identities to UNIX identities, and UNIX identities to CIFS identities. It needs this information to obtain user credentials and provide proper file access regardless of whether they are connecting from an NFS client or a CIFS client.
Initialize the instance of the resource.
Any keyword arguments are set on the instance as properties. For example, if the class was named 'MyResource', then this statement would be true:
MyResource(name='foo').name == 'foo'
Args
*args
- Each positional argument represents a parent key as used in the URL of the object. That is, each value will be used to fill in a segment of the URL which refers to some parent object. The order of these arguments must match the order they are specified in the URL, from left to right.
**kwargs
- each entry will have its key set as an attribute name on the instance and its value will be the value of that attribute.
Ancestors
Static methods
def delete_collection(*args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Deletes the name mapping configuration.
Related ONTAP commands
vserver name-mapping delete
Learn more
Delete all objects in a collection which match the given query.
All records on the host which match the query will be deleted.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to delete the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def find(*args, connection: HostConnection = None, **kwargs) -> Resource
-
Retrieves the name mapping configuration for all SVMs.
Related ONTAP commands
vserver name-mapping show
Learn more
Find an instance of an object on the host given a query.
The host will be queried with the provided key/value pairs to find a matching resource. If 0 are found or if more than 1 is found, an error will be raised or returned. If there is exactly 1 matching record, then it will be returned.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to find a bar for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
Resource
object containing the details of the object.Raises
NetAppRestError
: If the API call did not return exactly 1 matching resource. def get_collection(*args, connection: HostConnection = None, max_records: int = None, **kwargs) -> typing.Iterable
-
Retrieves the name mapping configuration for all SVMs.
Related ONTAP commands
vserver name-mapping show
Learn more
Fetch a list of all objects of this type from the host.
Args
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to get the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. max_records
- The maximum number of records to return per call
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A list of
Resource
objectsRaises
NetAppRestError
: If there is no connection available to use either passed in or on the library. def patch_collection(body: dict, *args, connection: HostConnection = None, **kwargs) -> NetAppResponse
-
Updates the name mapping configuration of an SVM.
Related ONTAP commands
vserver name-mapping insert
vserver name-mapping modify
Learn more
Patch all objects in a collection which match the given query.
All records on the host which match the query will be patched with the provided body.
Args
body
- A dictionary of name/value pairs to set on all matching members of the collection.
*args
- Each entry represents a parent key which is used to build the path to the child object. If the URL definition were /api/foos/{foo.name}/bars, then to patch the collection of bars for a particular foo, the foo.name value should be passed.
connection
- The
HostConnection
object to use for this API call. If unset, tries to use the connection which is set globally for the library or from the current context. **kwargs
- Any key/value pairs passed will be sent as query parameters to the host. Only resources matching this query will be patched.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Methods
def delete(self, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Deletes the name mapping configuration.
Related ONTAP commands
vserver name-mapping delete
Learn more
Send a deletion request to the host for this object.
Args
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def get(self, **kwargs) -> NetAppResponse
-
Retrieves the name mapping configuration of an SVM.
Related ONTAP commands
vserver name-mapping show
Learn more
Fetch the details of the object from the host.
Requires the keys to be set (if any). After returning, new or changed properties from the host will be set on the instance.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def patch(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Updates the name mapping configuration of an SVM.
Related ONTAP commands
vserver name-mapping insert
vserver name-mapping modify
Learn more
Send the difference in the object's state to the host as a modification request.
Calculates the difference in the object's state since the last time we interacted with the host and sends this in the request body.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400 def post(self, hydrate: bool = False, poll: bool = True, poll_interval: typing.Union = None, poll_timeout: typing.Union = None, **kwargs) -> NetAppResponse
-
Creates name mappings for an SVM.
Required properties
svm.uuid
orsvm.name
- Existing SVM in which to create the name mapping.index
- Name mapping's position in the priority list.direction
- Direction of the name mapping.pattern
- Pattern to match to. Maximum length is 256 characters.replacement
- Replacement pattern to match to. Maximum length is 256 characters.
Recommended optional properties
client_match
- Hostname or IP address added to match the pattern to the client's workstation IP address.
Related ONTAP commands
vserver name-mapping create
vserver name-mapping insert
Learn more
Send this object to the host as a creation request.
Args
hydrate
- If set to True, after the response is received from the call, a a GET call will be made to refresh all fields of the object.
poll
- If set to True, the call will not return until the asynchronous job on the host has completed. Has no effect if the host did not return a job response.
poll_interval
- If the operation returns a job, this specifies how often to query the job for updates.
poll_timeout
- If the operation returns a job, this specifies how long to continue monitoring the job's status for completion.
**kwargs
- Any key/value pairs passed will be sent as query parameters to the host.
Returns
A
NetAppResponse
object containing the details of the HTTP response.Raises
NetAppRestError
: If the API call returned a status code >= 400
Inherited members
class NameMappingSchema (only=None, exclude=(), many=False, context=None, load_only=(), dump_only=(), partial=False, unknown=None)
-
The fields of the NameMapping object
Ancestors
- netapp_ontap.resource.ResourceSchema
- marshmallow.schema.Schema
- marshmallow.schema.BaseSchema
- marshmallow.base.SchemaABC
Class variables
var client_match
-
Client workstation IP Address which is matched when searching for the pattern. You can specify the value in any of the following formats:
- As an IPv4 address with a subnet mask expressed as a number of bits; for instance, 10.1.12.0/24
- As an IPv6 address with a subnet mask expressed as a number of bits; for instance, fd20:8b1e:b255:4071::/64
- As an IPv4 address with a network mask; for instance, 10.1.16.0/255.255.255.0
- As a hostname
Example: 10.254.101.111/28
var direction
-
Direction in which the name mapping is applied. The possible values are:
- krb_unix - Kerberos principal name to UNIX user name
- win_unix - Windows user name to UNIX user name
- unix_win - UNIX user name to Windows user name mapping
Valid choices:
- win_unix
- unix_win
- krb_unix
var index
-
Position in the list of name mappings.
Example: 1
var links
-
The links field of the name_mapping.
var opts
var pattern
-
Pattern used to match the name while searching for a name that can be used as a replacement. The pattern is a UNIX-style regular expression. Regular expressions are case-insensitive when mapping from Windows to UNIX, and they are case-sensitive for mappings from Kerberos to UNIX and UNIX to Windows.
Example: ENGCIFS_AD_USER
var replacement
-
The name that is used as a replacement, if the pattern associated with this entry matches.
Example: unix_user1
var svm
-
The svm field of the name_mapping.