The machine-resolver REST API manages machine resolver definitions. A machine resolver fetches information about machines (host name, IP, identifier) from a backing store such as a local hosts file or an LDAP directory; the resolved machines are then targets for token attachments and machine applications (see Machine endpoints).

All endpoints require admin authentication. Read access is gated by the admin policy action mresolverwrite, mresolverread, mresolverdelete, write access by mresolverwrite, mresolverread, mresolverdelete, and deletion by mresolverwrite, mresolverread, mresolverdelete.

16.1.1.16. Machine Resolver endpoints

GET /machineresolver/

Return all machine resolvers known to this server. The result is a dictionary keyed by resolver name; each value contains the resolver type and its configuration.

Requires admin authentication and the policy action mresolverwrite, mresolverread, mresolverdelete.

Query Parameters:

  • type – optional filter — return only resolvers of the given type (hosts, ldap, …).

Status Codes:

  • 200 OK – dict of resolver definitions in result.value.

POST /machineresolver/(resolver)

Create or update a machine resolver. If a resolver with the given name already exists it is updated; otherwise it is created. On update, parameters that are not supplied are left unchanged, but the resolver type must not be changed (it is bound to the resolver class).

Requires admin authentication and the policy action mresolverwrite, mresolverread, mresolverdelete.

Parameters:

  • resolver – path component, the name of the resolver.

JSON Parameters:

  • type – resolver type (hosts, ldap, …). Required on creation.

Jsonparam:

any resolver-type-specific configuration fields. For example a hosts resolver expects filename (the path to a hosts-style file on the server).

Status Codes:

  • 200 OK – database id of the resolver in result.value.

DELETE /machineresolver/(resolver)

Delete the machine resolver with the given name.

Requires admin authentication and the policy action mresolverwrite, mresolverread, mresolverdelete.

Parameters:

  • resolver – path component, the name of the resolver.

Status Codes:

  • 200 OK – id of the deleted resolver in result.value.

GET /machineresolver/(resolver)

Return the configuration of a single machine resolver.

The result is a dictionary keyed by resolver name (single entry), with the resolver’s type and configuration.

Requires admin authentication and the policy action mresolverwrite, mresolverread, mresolverdelete.

Parameters:

  • resolver – path component, the name of the resolver.

Status Codes:

  • 200 OK – dict containing the resolver’s configuration in result.value.

POST /machineresolver/test

Test whether the supplied parameters yield a working machine resolver, including network connectivity to the underlying store. The resolver class itself performs the verification; nothing is persisted.

Requires admin authentication.

Note

Unlike the other write endpoints in this module, this endpoint is not gated by a specific policy action — admin auth is the only check.

JSON Parameters:

  • type – resolver type (required).

Jsonparam:

any type-specific configuration fields.

Status Codes:

  • 200 OKresult.value is True if the test succeeded, False otherwise; detail.description carries a human-readable message.