Close
logodocs

Filters

When programmatically interacting with strongDM (such as using the CLI or API) you can use filters to assist with bulk actions, such as:

  • Grant all Resources to a role with a specific Tag
  • List all Websites for a given hostname
  • Delete a group of Resources

This article will primarily focus on how to use Filters with the sdm admin commands. Filters are also available with any of our API offerings. However, the syntax can vary from tool to tool; please consult the documentation for the specific tool you wish to use.

Single Filters

Filters can be added to any of the sdm admin management commands. Here is how you can filter for Servers with a name that includes the word "admin".

sdm admin servers list --filter 'name:*admin*'
Server ID Name Type
rs-03ad1e1b240c85c1 azure-gateway - CA (admin) sshCert
rs-7bb96dd41d9ac70b azure-gateway-admin ssh

The filter flag accepts wildcard (*) values for certain fields, like name. Make sure to use quotes to properly escape any special characters.

Next, try the type filter to show Servers using for type:sshCert.

$ sdm admin servers list --filter 'type:sshCert'
Server ID Name Type
rs-1b08901ed124e296 azure-gateway sshCert
rs-2b73c2267a7e1379 azure-gateway - CA (root) sshCert
rs-03ad1e1b240c85c1 azure-gateway - CA (admin) sshCert

Filters are case-insensitive, either type:sshCert or type:sshcert would return the same results.

Multiple Filters

When multiple filters are provided, ALL filters must match for results to be returned. The next example uses two filters, one for type and one for name:

sdm admin servers list --filter 'type:sshCert,name:*admin*'
Server ID Name Type
rs-03ad1e1b240c85c1 azure-gateway - CA (admin) sshCert

Filters can also be provided as separate flags to achieve the same results.

sdm admin servers list --filter 'type:sshCert' --filter 'name:*admin*'
Server ID Name Type
rs-03ad1e1b240c85c1 azure-gateway - CA (admin) sshCert

A special case is when you are using id as a filter, results will now return ANY matching results.

$ sdm admin servers list --filter 'id:rs-1b08901ed124e296' --filter 'id:rs-2b73c2267a7e1379' --filter 'id:rs-03ad1e1b240c85c1'
Server ID Name Type
rs-1b08901ed124e296 azure-gateway - CA sshCert
rs-2b73c2267a7e1379 azure-gateway - CA (Copy) sshCert
rs-03ad1e1b240c85c1 azure-gateway - CA (admin) sshCert

Updating multiple resources

Filters can also be used to do batch updates, such as applying tags. In this example we will apply the Tag env=public to all Websites with the type httpnoauth:

sdm admin websites update --filter 'type:httpnoauth' --tags 'env=public'
changed 4 out of 4 matching datasources

Results:

sdm admin websites list --filter 'type:httpnoauth'
Website ID Name Type Tags
rs-3b34c199bef73d19 google httpNoAuth env=public
rs-000000000004682d ksql control center httpNoAuth env=public
rs-4d1c88780405f0ad potato httpNoAuth env=public
rs-000000000004d17f support kibana httpNoAuth env=public

Granting access to multiple Resources

Here we will grant access to the Role named NOC for Resources with the tag env=public. Any users with this Role will inherit access to these Resources. This filter will apply to all Resources, not just Websites as in the previous section. This means that any Servers or Datasources that have this Tag will also be granted to the Role.

sdm admin roles grant --filter 'tags:env=public' NOC

If the Tags you are querying for contains special characters such as equals (=), or commas (,) you must properly escape them by using quotes.

Deleting multiple resources

You can use this same format to delete a group of Resources with a common filter. When deleting the additional flag --apply is needed to specify you wish to delete ALL the matching Resources.

sdm admin websites delete --filter 'tags:env=public' --apply
deleted 4 datasources

JSON filters

For larger or more complex search queries, you can use a JSON file to define your list of filters. In this case, use the --filter-json [path to file] flag instead of --filter. Below is an example JSON filter file.

[
{
"ids": [
"rs-0835300a78ea36a0"
]
},
{
"type": "postgres",
"tags": {
"region": "EU"
}
}
]

The JSON-based filter is the union of filters, whose attributes are additive. The results of the filter above are the union of one datasource (id = rs-0835300a78ea36a0) and all datasources whose type is postgress and contains a tag region=EU.

Filter parameters by entity

Fields available to filter on vary by entity type. Please consult the section below for the entity to which you want to apply filters.

Boolean Accepted values: true, false, t, f, 1, 0

Users and Services (API: Accounts)

  • id
  • type
  • firstname
  • lastname
  • name ( used for Service accounts, but an alias to lastname for Users )
  • email
  • suspended (bool)
  • tags

Roles

  • id
  • name
  • composite (bool)
  • tags

Datasources, Websites, Servers and Clusters (API: Resources)

  • id
  • type
  • name
  • hostname (alias for URL for Websites)
  • port
  • username
  • healthy (bool)
  • tags

Gateways and Relays (API: Nodes)

  • id
  • type
  • name
  • listenaddr
  • bindaddr
  • tags

API Only Filters

AccountAttachments

  • id
  • accountid
  • roleid

AccountGrants

  • id
  • accountid
  • resourceid

RoleAttachment

  • id
  • compositeroleid
  • attachedroleid

RoleGrant

  • id
  • roleid
  • resourceid
Automation — Previous
Getting Started
Next — Automation
Tags