Pronghorn Core

Updated on 15 Oct 2023

Dark

Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

Deprecations in Pronghorn Core

Scheduled removals are listed in the table below.

Item	Description	Deprecation Release	Scheduled Removal Release	Replacement
POST /getActiveSessions	Get a list of the active session tokens on the system.	2021.1	2022.1	None
POST /user-management/accounts	Create a new account for Local AAA instance in IAP.	2021.2	2023.1	None
POST /user-management/groups	Create a new group for Local AAA instance in IAP.	2021.2	2023.1	None
DELETE /user-management/accounts/:accountId	Delete an account from Local AAA instance in IAP.	2021.2	2023.1	None
DELETE /user-management/groups/:groupId	Delete a group from Local AAA instance in IAP.	2021.2	2023.1	None
GET /user-management/accounts/:accountId	Get an account from Local AAA instance in IAP.	2021.2	2023.1	None
GET /user-management/accounts	Get all accounts from a Local AAA instance in IAP.	2021.2	2023.1	None
GET /user-management/roles	Get all assignable roles based on permissions in IAP.	2021.2	2023.1	None
GET /user-management/groups/:groupId	Get a group from a Local AAA instance in IAP.	2021.2	2023.1	None
GET /user-management/groups	Get all groups from a Local AAA instance in IAP.	2021.2	2023.1	None
PUT /user-management/accounts/:accountId/groups	Set the groups for an account in a Local AAA instance.	2021.2	2023.1	None
PUT /user-management/accounts/:accountId/password	Change the password for an account in the Local AAA instance.	2021.2	2023.1	None
PUT /user-management/groups/:groupId/roles	Set the roles for a group in a Local AAA instance.	2021.2	2023.1	None
GET /config/routes	Get groups associated with each route.	2021.2	2023.1	None
GET /config/roles	Get roles configured in IAP.	2021.2	2023.1	GET /authorization/roles
GET /methods	Get a list of methods in IAP.	2021.2	2023.1	GET /authorization/methods
GET /views	Get a list of views in IAP.	2021.2	2023.1	GET /authorization/views
GET /config/hosts	Get a mapping of brokers and adapters.	2021.2	2023.1	GET /adapters/brokers/mapping
GET /config/brokers	Get the config for all brokers.	2021.2	2023.1	None
GET /broker/host/:name	Get adapters for a specific broker.	2021.2	2023.1	GET /adapters/brokers/mapping
GET /methods/registry	Get a list of all method information in IAP.	2021.2	2023.1	None
GET /methods/:serviceBaseUri/:methodName	Get information about a specific method.	2021.2	2023.1	None
GET /schemas/:serviceBaseUri/:schemaName	Get a schema from a service in IAP.	2021.2	2023.1	None
GET /accounts	Get all accounts from IAP.	2021.2	2023.1	GET /authorization/accounts
POST /accounts	Ensures an AAA account is created in IAP.	2021.2	2023.1	None
POST /accounts/search	Search for accounts stored in IAP.	2021.2	2023.1	GET /authorization/accounts
GET /accounts/:accountId	Get an account in IAP based on the account id.	2021.2	2023.1	GET /authorization/accounts/:accountId
PUT /accounts/:accountId/groups	Set the groups defined for an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
PUT /accounts/:accountId/groups/:groupId	Adds a group to an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
DELETE /accounts/:accountId/groups/:groupId	Removes a group from an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
PUT /accounts/:accountId/roles	Sets the roles defined for an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
PUT /accounts/:accountId/roles/:roleId	Adds a role to an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
DELETE /accounts/:accountId/roles/:roleId	Removes a role from an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
PUT /accounts/:accountId/inactive	Sets the inactive status of an account.	2021.2	2023.1	PATCH /authorization/accounts/:accountId
GET /accounts/:accountId/inherited	Get the inherited permissions of an accunt.	2021.2	2023.1	GET /authorization/accounts/:accountId
GET /groups	Get all groups in IAP.	2021.2	2023.1	GET /authorization/groups
POST /groups	Create an IAP group.	2021.2	2023.1	POST /authorization/groups
POST /groups/search	Search for groups in IAP.	2021.2	2023.1	GET /authorization/groups
GET /groups/list	Get a short list of all groups in IAP.	2021.2	2023.1	GET /authorization/groups/list
GET /groups/:groupId	Get an individual group in IAP.	2021.2	2023.1	GET /authorization/groups/:groupId
DELETE /groups/:groupId	Deletes a group in IAP.	2021.2	2023.1	DELETE /authorization/groups/:groupId
GET /groups/:groupId/inherited	Get a group with all inherited groups.	2021.2	2023.1	GET /authorization/groups/:groupId
GET /groups/:groupId/members	Get members of a group in IAP.	2021.2	2023.1	GET /authorization/accounts
GET /groups/:groupId/memberOf	Get the groups of an IAP group.	2021.2	2023.1	GET /authorization/groups/:groupId
PUT /groups/:groupId/memberOf	Set the groups for an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
PUT /groups/:groupId/memberOf/:objectGroupId	Adds a group to an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
DELETE /groups/:groupId/memberOf/:objectGroupId	Removes a group from an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
GET /groups/:groupId/roles	Get the roles for an IAP group.	2021.2	2023.1	GET /authorization/groups/:groupId
PUT /groups/:groupId/roles	Sets the roles for an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
PUT /groups/:groupId/roles/:roleId	Add a role to an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
DELETE /groups/:groupId/roles/:roleId	Remove a role from an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
GET /groups/:groupId/description	Get the description of an IAP group.	2021.2	2023.1	GET /authorization/groups/:groupId
PUT /groups/:groupId/description	Set the description of an IAP group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
PUT /groups/:groupId/inactive	Sets the inactive status of a group.	2021.2	2023.1	PATCH /authorization/groups/:groupId
GET /roles	Get all roles.	2021.2	2023.1	GET /authorization/roles
POST /roles	Create a custom role.	2021.2	2023.1	POST /authorization/roles
POST /roles/search	Search for roles in IAP.	2021.2	2023.1	GET /authorization/roles
GET /roles/:roleId	Get an individual role.	2021.2	2023.1	GET /authorization/roles/:roleId
PUT /roles/:roleId	Save changes to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId
DELETE /roles/:roleId	Delete a custom role.	2021.2	2023.1	DELETE /authorization/roles/:roleId
PUT /roles/:roleId/allowedMethods/:methodProvenance/:methodName	Adds permission for a method to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId
DELETE /roles/:roleId/allowedMethods/:methodProvenance/:methodName	Deletes permission for a method to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId
PUT /roles/:roleId/allowedMethods	Sets the allowed methods to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId
PUT /roles/:roleId/allowedViews/:viewProvenance/:viewPath	Adds permission for a view to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId
DELETE /roles/:roleId/allowedViews/:viewProvenance/:viewPath	Deletes permission for a view to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId
PUT /roles/:roleId/allowedViews	Sets the allowed views to a custom role.	2021.2	2023.1	PATCH /authorization/roles/:roleId

Deprecation of Pronghorn.admin role

The Pronghorn.admin role no longer contains any non-deprecated methods. For this reason, it will be deprecated and removed in the 2023.1 release. Although this role traditionally held the place of a single Admin role, the following permissions have now been separated over time into the following roles:

Adapters.admin
AdapterModels.admin
AdminEssentials.admin
Applications.admin
Authorization.admin
Health.admin
Integrations.admin
IntegrationModels.admin
PrebuiltsRepository.admin
Prebuilts.admin
Profiles.admin
Schema.admin
UserManagement.admin

Of all the roles, the most important replacements are Authorization.admin and AdminEssentials.admin. Theses two roles give a user the ability to add additional roles to users and groups via the UI.

What Should I Do?

Although users and groups with the Pronghorn.admin role should be automatically migrated to use the updated roles that replace it, it will still be possible to assign the Pronghorn.admin role for two releases. It is strongly recommended to avoid assigning this permission to users or groups, since it is now obsolete in the UI. If a user or group is assigned to the Pronghorn.admin role, but does not have the expected roles listed above, these roles should be added to that user or group.

Removal of alarmProps as an Object

Setting the Profile property alarmProps as an Object for single alarm locations has been deprecated in the 2021.1 release and will be removed in the 2022.1 release. As of 2021.1, the preferred configuration for the alarmProps property is an array with either a single Object (single alarm location) or multiple Objects (multi-alarm locations).

Single location:

{
  "alarmProps": [ { ... } ]
}

Multiple locations:

{
  "alarmProps": [ { ... }, { ... } ]
}

What Should I Do?

At startup, all instances of alarmProps will be migrated to an array of objects instead of the singular object. In the rare circumstance this can occur, please update any scripts that continue to use the object notation to now enclose that object in an array.

$SECRET Encryption Replaces $ENC Encryption

The $ENC encryption used within service configs, profiles, and the properties.json is deprecated in 2020.2. The replacement is $SECRET_ followed by the path used in Hashicorp Vault for encryption and decryption. Support for $ENC will be removed in a future release, and any remaining $ENC values will no longer function after its removal.

Was this article helpful?

What's Next

Service Manager

Table of contents

Deprecations in Pronghorn Core
Deprecation of Pronghorn.admin role
Removal of alarmProps as an Object
$SECRET Encryption Replaces $ENC Encryption