Show a Resource

The response to this method is a JSON document describing a single resource.

Permissions required

read privilege on the resource.

Kinds of resources

Kind

Description

User

one unique human

Host

a single logical machine (in the broad sense, not just physical)

Layer

a collection of hosts that have the same privileges

Group

a collection of users and groups that have the same privileges

Policy

privileges on policies enable a user to create and modify objects and permissions

Variable

a secret such as a password, API key, SSH key, etc

Webservice

an HTTP(S) web service which performs sensitive operations

 

Entity IDs must be URL-encoded

URI

 
GET /resources/{account}/{kind}/{identifier}

Any identifier included in the URL must be URL-encoded to be recognized by the Conjur API.

Examples:

Identifier

URL-Encoded

myapp-01

myapp-01(no change)

alice@devops

alice%40devops

prod/aws/db-password

prod%2Faws%2Fdb-password

research+development

research%2Bdevelopment

sales&marketing

sales%26marketing

Example with curl and jq

 
curl -H "$(conjur authn authenticate -H)" \
    https://eval.conjur.org/resources/myorg/policy/app-prod \
    | jq .

Headers

Field

Description

Example

Authorization

Conjur access token

Token token=“eyJkYX…Rhb=”

Response

Code

Description

200

Role memberships returned as a JSON list

401

The request lacks valid authentication credentials

403

The authenticated user lacks the necessary privilege

404

The requested resource does not exist

Example URI

For example, to show the variable “db/password”:

 
GET /resources/myorg/variable/db/password

URI Parameters

Parameter

Type

Mandatory

Description

account

String

Yes

Organization account name

Example: myorg

kind

String

Yes

kind of resource requested

Example: variable

identifier

String

Yes

the identifier of the resource

Example: db/password

Request

Headers

 
Authorization: Token token="eyJkYX...Rhb="

Response 200

Headers

 
Content-Type: application/json

Body

 
{
    "created_at": "2017-07-25T06:30:38.768+00:00",
    "id": "myorg:variable:db/password",
    "owner": "myorg:user:admin",
    "policy": "myorg:policy:root",
    "permissions": [],
    "annotations": [],
    "policy_versions": []
  }
]