Scopes endpoints

Use the scopes endpoints to retrieve information about task-targets.

A task-target is a set of tasks and nodes/node groups you can use to provide specific privilege escalation for users who would otherwise not be able to run certain tasks or run tasks on certain nodes or node groups. When you grant a user permission to use a task-target, the user can run the task(s) in the task-target on the set of nodes defined in the task-target. Use the POST /command/task_target endpoint to create task-targets.

GET /scopes/task_targets

Retrieve information about all orchestrator task-targets.

Request format

When Forming orchestrator API requests to this endpoint, the request is a basic call, such as:

GET https://orchestrator.example.com:8143/orchestrator/v1/scopes/task_targets

The GET /scopes/task_targets endpoint does not support any parameters; however, as with other orchestrator API endpoints, you must provide authentication.

Tip: The GET /scopes/task_targets endpoint returns information about all known task-targets. When there are many task-targets, the response body contains lots of data. For shorter responses, you can use the GET /scopes/task_targets/<task-target-id> endpoint to query a specific task-target, if you know the task-target's ID.

Response format

A successful response is a JSON object containing an array of task-targets. The following keys are used to provide information about each task-target:


Key	Definition
`id`	The task-target's absolute URL, which includes the task-target's numerical ID.
`name`	A stringified number identifying the task-target.
`display_name`	The task-target's human-readable name. Multiple task-targets can have the same display name.
`tasks`	An array of tasks that the task-target can run. Omitted if `all_tasks` is `true`.
`all_tasks`	A Boolean indicating whether the task-target can run any tasks on designated node targets. If `tasks` is specified, then `all_tasks` is `false`. If `tasks` is omitted, then `all_tasks` is `true`.
`nodes`	An array of certnames identifying nodes the task-target can run tasks on. It can be empty. Combines with `node_groups` and `pql_query` to form a total node pool.
`node_groups`	An array of node group IDs identifying node groups the task-target can run tasks on. It can be empty. Combines with `nodes` and `pql_query` to form a total node pool.
`pql_query`	A string specifying a single PQL query identifying nodes the task-target can run tasks on. Omitted if empty. Combines with `nodes` and `node_groups` to form a total node pool.

Tip: For information about how these keys are set and possible values for each key, refer to the POST /command/task_target endpoint.

For example, this response describes three task-targets:

{
 "items": [
    {
      "id": "https://orchestrator.example.com:8143/orchestrator/v1/scopes/task_targets/1",
      "name": "1",
      "tasks": [
        "package::install",
        "exec"
      ],
      "all_tasks": "false",
      "nodes": [
        "wss6c3w9wngpycg",
        "jjj2h5w8gpycgwn"
      ],
      "node_groups":[
        "3c4df64f-7609-4d31-9c2d-acfa52ed66ec",
        "4932bfe7-69c4-412f-b15c-ac0a7c2883f1"
      ],
      "pql_query": "nodes[certname] { catalog_environment = \"production\" }"
    },
    {
      "id": "https://orchestrator.example.com:8143/orchestrator/v1/scopes/task_targets/2",
      "name": "2",
      "tasks": [
        "imaginary::task"
      ],
      "all_tasks": "false",
      "nodes": [
        "mynode"
      ],
      "node_groups":[
      ]
    },
    {
      "id": "https://orchestrator.example.com:8143/orchestrator/v1/scopes/task_targets/3",
      "name": "3",
      "all_tasks": true,
      "nodes": [
        "xxx6c3w9wngpycg",
        "bbb2h5w8gpycgwn"
      ],
      "node_groups":[
        "3c4df64f-7609-4d31-9c2d-acfa52ed66ec",
        "4932bfe7-69c4-412f-b15c-ac0a7c2883f1"
      ]
    }
  ]
}

Error responses

This endpoint's error responses follow the usual format for Orchestrator API error responses.

GET /scopes/task_targets/<task-target-id>

Get information about a specific task-target.

Request format

When Forming orchestrator API requests to this endpoint, the URI path must include an integer identifying a specific task-target For example, this request queries a task-target with ID 375:

https://orchestrator.example.com:8143/orchestrator/v1/scopes/task_targets/375

Task-target IDs are returned in responses from the POST /command/task_target and GET /scopes/task_targets endpoints.

Response format

The response is a JSON object that uses the following keys to provide details about the task-target:


Key	Definition
`id`	The task-target's absolute URL, which includes the task-target's numerical ID.
`name`	A stringified number identifying the task-target.
`display_name`	The task-target's human-readable name. Multiple task-targets can have the same display name.
`tasks`	An array of tasks that the task-target can run. Omitted if `all_tasks` is `true`.
`all_tasks`	A Boolean indicating whether the task-target can run any tasks on designated node targets. If `tasks` is specified, then `all_tasks` is `false`. If `tasks` is omitted, then `all_tasks` is `true`.
`nodes`	An array of certnames identifying nodes the task-target can run tasks on. It can be empty. Combines with `node_groups` and `pql_query` to form a total node pool.
`node_groups`	An array of node group IDs identifying node groups the task-target can run tasks on. It can be empty. Combines with `nodes` and `pql_query` to form a total node pool.
`pql_query`	A string specifying a single PQL query identifying nodes the task-target can run tasks on. Omitted if empty. Combines with `nodes` and `node_groups` to form a total node pool.

Tip: For information about how these keys are set and possible values for each key, refer to the POST /command/task_target endpoint.

For example:

{
  "id": "https://orchestrator.example.com:8143/orchestrator/v1/scopes/task_targets/1",
  "name": "1",
  "tasks": [
    "package::install",
    "exec"
  ],
  "all_tasks": "false",
  "nodes": [
    "wss6c3w9wngpycg",
    "jjj2h5w8gpycgwn"
  ],
  "node_groups":[
    "3c4df64f-7609-4d31-9c2d-acfa52ed66ec",
    "4932bfe7-69c4-412f-b15c-ac0a7c2883f1"
  ],
  "pql_query": "nodes[certname] { catalog_environment = \"production\" }"
}

Error responses

This endpoint's error responses follow the usual format for Orchestrator API error responses. The endpoint returns a 404 puppetlabs.orchestrator/unknown-task-target response if the specified task-target ID doesn't match any existing task-target IDs.

Was this page helpful?

We’re sorry to hear that!
Please tell us why so we can help. Enter your feedback and email. This form is sent to the Puppet docs team. We ask for your email as we might contact you regarding your feedback. If you need help with the product itself, visit Puppet Support or ask in Puppet Community on Slack. Feedback:

Email Address:

To learn about how Puppet uses your personal information, visit our privacy policy.

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.