Add stacks to File Storage Security using the API

Recommendation

Before using the API, we recommend you run through the stack deployment using the web interfaces of File Storage Security and GCP. The web interface provides a user-friendly introduction to the deployment parameters, concepts, and processes.

For instructions on deploying through the web interfaces, see Get started

Prerequisites

Procedure

Create Stacks.
Create an API Key.
Each request that you make requires an authorization and API version in the header.
- Authorization Header
  - For Trend Micro Cloud One API Key:
    - Key: Authorization
    - Value: ApiKey <your api key value>
  - For Legacy API Key (DEPRECATED):
    - Key: api-secret-key
    - Value: <your api key value>
- API version header:
  - Key: api-version
  - Value: v1

Next steps

Example for Trend Micro Cloud One API Key:

GET /api/external-id HTTP/1.1
Authorization: ApiKey YOUR-API-KEY
Api-Version: v1

Example for Legacy API Key:

GET /api/filestorage/external-id HTTP/1.1
api-secret-key: YOUR-API-KEY
Api-Version: v1

YOUR-API-KEY above is replaced with the API key you generated previously.

If the API key is valid, the API call is allowed. If not, a 403 code is returned.

Deploy an all-in-one stack using the API

Procedure

Get the output of the Terraform deployment from terraform.tfstate by accessing the JSON elements outputs.all_in_one_outputs.value. Each object in the array of all_in_one_outputs represents a storage stack associated with each scanner stack.

all_in_one_outputs Example:

     [
         {
             "projectID":"your-gcp-project-id",
             "deploymentName":"your-aio-scanner",
             "storageStacks":[
                 {
                     "deploymentName":"your-aio-storage",
                     "projectID":"your-gcp-project-id"
                 }
             ]
         }
     ]

Add the scanner and storage stacks to File Storage Security:
1. Add the scanner stack:
  - Note the projectID and deploymentName from each object of the array.
  - Call Create Stack and include the projectID and the deploymentName value in the request body, where the projectID is the ID of the GCP project you deployed for the stack, and the deploymentName is the scanner stack's deployment name.
```
     curl --location --request POST 'https://filestorage.{region}.cloudone.trendmicro.com/api/stacks' \
             --header 'Api-Version: v1' \
             --header 'Authorization: ApiKey YOUR-API-KEY' \
             --header 'Content-Type: application/json' \
             --data-raw '{
                 "type": "scanner",
                 "provider": "gcp",
                 "details": {
                     "deploymentName": "your-aio-scanner",
                     "projectID": "your-gcp-project"
                 }
             }'
 
```
  - Note the stackID value in the API response, which is the scanner stack’s ID.
  - Call Describe Stack using the scanner stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok. You have added the scanner stack.
2. Add the storage stack:
  - Note the projectID and deploymentName from each object of the storageStacks.
  - Call Create Stack, and include the previously-noted scanner stack stackID, the projectID and the deploymentName in the request body, where the projectID is the ID of the GCP project where you deployed the stack, and the deploymentName is the storage stack's deployment name. The creation of the storage stack will begin.
```
         curl --location --request POST 'https://filestorage.{region}.cloudone.trendmicro.com/api/stacks' \
                 --header 'Api-Version: v1' \
                 --header 'Authorization: ApiKey YOUR-API-KEY' \
                 --header 'Content-Type: application/json' \
                 --data-raw '{
                     "type": "storage",
                     "provider": "gcp",
                     "scannerStack": "your-scanner-stackID",
                     "details": {
                         "deploymentName": "your-aio-storage",
                         "projectID": "your-gcp-project-id"
                     }
                 }'
 
```
  - Note the stackID value in the API response. This is the storage stack’s ID.
  - Call Describe Stack using the storage stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok.

Next steps

Note

The stacks must be added separately, and the scanner stack must be added prior to the storage stack, as described above.

Deploy a scanner stack using the API

Procedure

Get the output of the Terraform deployment from terraform.tfstate by accessing the JSON elements outputs.scanner_stacks_outputs.value. Each object in the array of scannerStacks represents a scanner stack.
scanner_stacks_outputs Example:
```
     [
         {
             "deploymentName":"your-fss-scanner",
             "projectID":"your-gcp-project-id",
             "scannerServiceAccountID":"your-fss-scanner-service-account-id",
             "scannerTopic":"your-fss-scanner-topic"
         }
     ]
 
```
Add the scanner stack to File Storage Security:
- Note the projectID and deploymentName from each object of the scannerStacks.
- Call Create Stack and include the projectID and the deploymentName value in the request body, where the projectID is the ID of the GCP project you deployed the stack, and the deploymentName is the scanner stack's deployment name.
```
      curl --location --request POST 'https://filestorage.{region}.cloudone.trendmicro.com/api/stacks' \
              --header 'Api-Version: v1' \
              --header 'Authorization: ApiKey YOUR-API-KEY' \
              --header 'Content-Type: application/json' \
              --data-raw '{
                  "type": "scanner",
                  "provider": "gcp",
                  "details": {
                      "deploymentName": "your-fss-scanner",
                      "projectID": "your-gcp-project"
                  }
              }'
  
```
- Note the stackID value in the API response. This is the scanner stack’s ID.
- Call Describe Stack using the scanner stack's stackID noted in the previous step, and continue calling until the status in the response body becomes ok.
You have added the scanner stack.

Deploy a storage stack using the API

Procedure

Get the output of the Terraform deployment from terraform.tfstate by accessing the JSON elements outputs.storage_stacks_outputs.value. Each object in the array of storage_stacks_outputs represents a storage stack.
storage_stacks_outputs Example:
```
     {
         "storageStacks":[
             {
                 "deploymentName":"your-fss-storage",
                 "projectID":"your-gcp-project-id"
             }
         ]
     }
 
```
Add the storage stack to File Storage Security:
- Call List Stacks to retrieve the scanner stack’s stackID.
  - Note the projectID and deploymentName from each object of the storageStacks.
  - Call Create Stack, and include the previously-noted scanner stack stackID, the projectID and the deploymentName in the request body, where the projectID is the ID of the GCP project you deployed the stack, and the deploymentName is the storage stack's deployment name.
```
      curl --location --request POST 'https://filestorage.{region}.cloudone.trendmicro.com/api/stacks' \
              --header 'Api-Version: v1' \
              --header 'Authorization: ApiKey YOUR-API-KEY' \
              --header 'Content-Type: application/json' \
              --data-raw '{
                  "type": "storage",
                  "provider": "gcp",
                  "scannerStack": "your-scanner-stackID",
                  "details": {
                      "deploymentName": "your-fss-storage",
                      "projectID": "your-gcp-project-id"
                  }
              }'
  
```
- Note the stackID value in the API response. This is the storage stack’s ID.
- Call Describe Stack using the storage stack's stackID noted in the previous step and continue calling until the status in the response body becomes ok.
You have added the storage stack.