Developers 🌐 Veza APIsQuery APIs Tags Create, apply, and remove Veza tags
Tagging is a product capability allowing organizations to add additional metadata to the entities (such as users, roles, tables, or any other resource/identity) discovered by Veza.
Copy curl 'https://{{VezaUrl}}/api/v1/graph/nodes/veza_tags' \
--data-raw '{
"node_id":"arn:aws:s3:::aws-cloudtrail-logs-527398259632-c98becd0",
"tags":[
{"key":"custom_tag","value":"one"}
]
}'
You can filter search results for entities with a given tag, create access workflows based on tags, or use them to add context and notes that other users can view and search by.
To apply a tag, you will need the ID of the node to modify. Calling get query nodes will return IDs as part of the search result. You can also retrieve this value by clicking Show Details
for the entity in Authorization Graph, or checking the ID
column from Identity Data Entities or the Query Builder .
Quick Start
Generate a bearer token from Administration > API Keys .
For the examples below, BASEURL should be the address of your Veza instance, such as https://<org>.vezacloud.com
.
Copy export BASEURL = https:// < org > .vezacloud.com} \
export TOKEN = Sk9lcmEta2w2c2padklkaDhOcDVhTWdVU3FlTlpVajg =
Use Get Query Spec Nodes
to find Snowflake tables reachable by federated Okta users belonging to the Finance
department:
Copy curl $BASEURL /api/v1/assessments/query_spec:nodes \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{
"query_type": "SOURCE_TO_DESTINATION",
"include_nodes": true,
"source_node_types": {
"nodes": [
{
"node_type": "SnowflakeTable"
}
]
},
"destination_node_types": {
"nodes": [
{
"node_type": "OktaUser",
"condition_expression": {
"specs": [
{
"fn": "CONTAINS",
"property": "department",
"value": "Finance"
}
]
}
}
]
}
}'
The response will include the table id
:
Copy {
"values" : [
{
"id" : "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA" ,
"type" : "SnowflakeTable" ,
"properties" : {
"created_at" : "2021-05-14T21:18:55Z" ,
"name" : "USA"
} ,
"destination_node_count" : 1 ,
"permissions" : []
}
] ,
"next_page_token" : "MzA=" ,
"has_more" : false
}
Apply a tag by specifying a key and optional value:
Copy curl $BASEURL /api/v1/graph/nodes/veza_tags \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{
"node_id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
"tags": [
{
"key": "department",
"value": "finance"
}
]
}'
Remove a tag by providing the entity id and the tag key to delete:
Copy curl $BASEURL /api/v1/graph/veza_tags:remove \
-H 'authorization: Bearer ' $TOKEN \
--data-raw '{
"node_id": "dn44266.us-east-2.aws.snowflakecomputing.com/database/LOCATION/schema/COUNTRIES/table/USA",
"tag_key": "department"
}'