NetApp · shmueldanan · Jun 26, 2025 · Jun 18, 2025 · Jun 18, 2025 · Jun 19, 2025
@@ -9,6 +9,7 @@ This subfolder contains tools that can help you manage your FSx ONTAP file syste
 | [fsxn-rotate-secret](/Management-Utilities/fsxn-rotate-secret) | This is a Lambda function that can be used with an AWS Secrets Manager secret to rotate the FSx for ONTAP admin password. |
 | [iscsi-vol-create-and-mount](/Management-Utilities/iscsi-vol-create-and-mount) | This tool will create an iSCSI volume on an FSx ONTAP file system and mount it to an EC2 instance running Windows. |
 | [warm_performance_tier](/Management-Utilities/warm_performance_tier) | This tool to warm up the performance tier of an FSx ONTAP file system volume. |
+| [Workload-Factory-API-Samples](/Management-Utilities/Workload-Factory-API-Samples) | This folder contains a collection of bash scripts that demonstrate how to use the Workload Factory APIs. |
 
 ## Author Information
 

@@ -0,0 +1,59 @@
+# Workload Factory API Samples
+
+This folder contains various bash shell scripts that demonstrate how to use the Workload Factory APIs to perform an action.
+They all depend on the [wf_utils](wf_utils) file that contains common functions used by all the scripts. One function
+in particular, `get_token()`, is used to get an authentication token from the BlueXP Workload Factory API. So, if you
+copy just some of the files from this repository, make sure to copy the `wf_utils` file as well.
+
+## Prerequisites
+To run these scripts, you need to have the following prerequisites:
+- A bash shell.
+- The `curl` command-line tool installed.
+- The `jq` command-line JSON processor installed. You can install it using your package manager, e.g., `apt-get install jq` on Debian/Ubuntu or `brew install jq` on macOS.
+
+## Notes:
+- All scripts allow you to set environment variables to pass options instead of having to use the
+command line options. For example, instead of using the `-t` option to pass the
+[BlueXP Refresh Token](https://docs.netapp.com/us-en/bluexp-automation/platform/create_user_token.html#1-generate-a-netapp-refresh-token),
+you can set the `REFRESH_TOKEN` environment variable.
+
+- All scripts use the `-h` option to display the help message, which includes the available options and their descriptions.
+
+Hopefully with these samples you'll be able to create your own scripts that use any the Workload Factory APIs.
+If you do create a new script, please consider contributing it back to this repository so that others can benefit from it.
+
+## Available Scripts
+| Script | Description |
+| --- | --- |
+| [list_bluexp_accts](list_bluexp_accts) | This list all the BlueXP accounts (a.k.a. organizations) that you have access to. |
+| [list_credentials](list_credentials) | This lists all the Workload Factory credentials that you have access to. |
+| [list_filesystems](list_filesystems) | This lists all the FSx for ONTAP file systems that you have access to in the specified AWS region. |
+| [list_snapmirrors](list_snapmirrors) | This lists all the SnapMirror relationships that are associated with the specified file system. |
+| [list_svms](list_svms) | This lists all the SVMs that are associated with the specified file system. |
+| [list_volumes](list_volumes) | This lists all the volumes that are associated with the specified file system. |
+| [snapmirror_break](snapmirror_break) | This breaks the SnapMirror relationship for the specified relationship. |
+| [snapmirror_create](snapmirror_create) | This creates a SnapMirror relationship between the specified source volume and destination SVM. |
+| [snapmirror_delete](snapmirror_delete) | This deletes the SnapMirror relationship for the specified relationship. |
+| [snapmirror_resync](snapmirror_resync) | This resyncs the SnapMirror relationship for the specified relationship. |
+| [snapmirror_reverse](snapmirror_reverse) | This reverses the SnapMirror relationship for the specified relationship. |
+| [snapmirror_update](snapmirror_update) | This updates the SnapMirror relationship for the specified relationship. |
+| [snapshot_create](snapshot_create) | This creates a snapshot of the specified volume. |
+| [volume_clone](volume_clone) | This clones the specified volume. |
+| [volume_delete](volume_delete) | This deletes the specified volume. |
+| [wf_utils](wf_utils) | This file contains common functions used by all the scripts. It includes the `get_token()` function that retrieves an authentication token from the Workload Factory API. |
+
+## Author Information
+
+This repository is maintained by the contributors listed on [GitHub](https://github.com/NetApp/FSx-ONTAP-samples-scripts/graphs/contributors).
+
+## License
+
+Licensed under the Apache License, Version 2.0 (the "License").
+
+You may obtain a copy of the License at [apache.org/licenses/LICENSE-2.0](http://www.apache.org/licenses/LICENSE-2.0).
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an _"AS IS"_ basis, without WARRANTIES or conditions of any kind, either express or implied.
+
+See the License for the specific language governing permissions and limitations under the License.
+
+© 2025 NetApp, Inc. All Rights Reserved.
@@ -0,0 +1,81 @@
+#!/bin/bash
+#
+# This script is used to list all the BlueXP accounts that a user has
+# access to. 
+#
+# It is dependent on the 'wf_utils' file that is included in this repo. That
+# file contains the 'get_token' function that is used to obtain a valid
+# access token that is needed to run the Workload Factory APIs. The file needs
+# to either be in the command search path or in the current directory.
+################################################################################
+
+################################################################################
+# Display usage information then exits the script.
+################################################################################
+usage () {
+  cat >&2 <<EOF
+This script is used to list all the BlueXP accounts (a.k.a. organizations)
+that you have access to.
+
+Usage is: $(basename $0) -t refresh_token 
+
+Where: refresh_token - Is a refresh token used to obtain an access token needed
+                       to run the Workload Factory APIs. You can obtain a refresh
+                       token by going to https://services.cloud.netapp.com/refresh-token
+
+Note, instead of passing parameters on the command line, you can set the
+following environment variables instead:
+
+    export REFRESH_TOKEN=<refresh_token>
+EOF
+  exit 1
+}
+
+tmpout=/tmp/list_accounts-out.$$
+tmperr=/tmp/list_accounts-err.$$
+trap 'rm -f $tmpout $tmperr' exit
+
+while getopts ht: opt; do
+  case $opt in
+    t) REFRESH_TOKEN="$OPTARG" ;;
+    *) usage ;;
+  esac
+done
+#
+# Source the wf_utils file.
+wf_utils=$(command -v wf_utils)
+if [ -z "$wf_utils" ]; then
+  if [ ! -x "./wf_utils" ]; then
+    cat <<EOF >&2
+Error: The 'wf_utils' script was not found in the current directory or in the command search path.
+It is required to run this script. You can download it from:
+https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples
+EOF
+    exit 1
+  else
+    wf_utils=./wf_utils
+  fi
+fi
+. "$wf_utils"
+#
+# Check that the required commands are available.
+for cmd in jq curl; do
+  if ! command -v $cmd &> /dev/null; then
+    echo "Error: The required command '$cmd' was not found. Please install it." >&2
+    exit 1
+  fi
+done
+
+token=$(get_token)
+if [ -z "$token" ]; then
+  echo "Error: Failed to obtain an access token. Exiting." >&2
+  exit 1
+fi
+
+run_curl GET "$token" https://api.bluexp.netapp.com/tenancy/account $tmpout $tmperr
+if jq -r '.[] | .accountName + " " + .accountPublicId' $tmpout > $tmperr; then
+  cat $tmperr | column -t -N Name,ID
+else
+  echo "Error: Failed to parse the response from the API." >&2
+  exit 1
+fi
@@ -0,0 +1,119 @@
+#!/bin/bash
+#
+# This script is used to list all the Workload Factory credentials the
+# user has access to. 
+#
+# It is dependent on the 'wf_utils' file that is included in this repo. That
+# file contains the 'get_token' function that is used to obtain a valid
+# access token that is needed to run the Workload Factory APIs. The file needs
+# to either be in the command search path or in the current directory.
+################################################################################
+
+################################################################################
+# Display usage information then exits the script.
+################################################################################
+usage() {
+  cat >&2 <<EOF
+This script lists all the Workload Factory credentials you has access to.
+
+Usage: $(basename $0) -t refresh_token -a blueXP_account_ID [-o]
+
+Where: refresh_token - Is a refresh token used to obtain an access token needed
+                       to run the Workload Factory APIs. You can obtain a refresh
+                       token by going to https://services.cloud.netapp.com/refresh-token
+       blueXP_account_ID - is the BlueXP account ID. You can find all the accounts
+                           you have access to by running the "list_bluexp_accts" script
+       -o means to also show the ONTAP credentials
+
+Instead of passing parameters on the command line, you can set the
+following environment variables:
+
+    export REFRESH_TOKEN=<refresh_token>
+    export BLUEXP_ACCOUNT_ID=<blueXP_account_ID>
+EOF
+  exit 1
+}
+
+################################################################################
+# Main logic starts here.
+################################################################################
+tmpout=$(mktemp /tmp/list_credentials-out.XXXXXX)
+tmpout2=$(mktemp /tmp/list_credentials-out2.XXXXXX)
+tmperr=$(mktemp /tmp/list_credentials-err.XXXXXX)
+trap 'rm -f $tmpout $tmpout2 $tmperr' exit
+#
+# Source the wf_utils file.
+wf_utils=$(command -v wf_utils)
+if [ -z "$wf_utils" ]; then
+  if [ ! -x "./wf_utils" ]; then
+    cat >&2 <<EOF
+Error: The 'wf_utils' script was not found in the current directory or in the command search path.
+It is required to run this script. You can download it from:
+https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples
+EOF
+    exit 1
+  else
+    wf_utils=./wf_utils
+  fi
+fi
+. "$wf_utils"
+#
+# Set defaults.
+filter="filter=$(urlencode "type eq 'AWS_ASSUME_ROLE'")"
+while getopts "ht:a:o" opt; do
+  case $opt in
+    t) REFRESH_TOKEN="$OPTARG" ;;
+    a) BLUEXP_ACCOUNT="$OPTARG" ;;
+    o) filter="";; # No filter, list all credentials.
+    *) usage ;;
+  esac
+done
+#
+# Check that all the parameters are set.
+if [ -z "$REFRESH_TOKEN" ]; then
+  cat >&2 <<EOF
+Error: A BlueXP refresh tokon is required to run this script.
+Can you be obtain from this web page:
+
+    https://services.cloud.netapp.com/refresh-token
+
+EOF
+  usage
+fi
+
+if [ -z "$BLUEXP_ACCOUNT_ID" ]; then
+  cat >&2 <<EOF
+Error: A BlueXP account ID is required to run this script.
+You can see the list of accounts you have access to by running the "list_bluexp_accts" script
+found in this GitHub repository: https://github.com/NetApp/FSx-ONTAP-samples-scripts/tree/main/Management-Utilities/Workload-Factory-API-Samples
+
+EOF
+  usage
+fi
+#
+# Check that the required commands are available.
+for cmd in curl jq; do
+  if ! command -v $cmd > /dev/null 2>&1; then
+    echo "Error: The required command '$cmd' was not found. Please install it." >&2
+    exit 1
+  fi
+done
+
+token=$(get_token)
+if [ -z "$token" ]; then
+  echo "Error: Failed to obtain an access token. Exiting." >&2
+  exit 1
+fi
+
+run_curl GET "$token" "https://api.workloads.netapp.com/accounts/${BLUEXP_ACCOUNT_ID}/credentials/v1/credentials?$filter" $tmpout $tmperr
+jq -r '.items[] | if(.type == "ONTAP") then "\(.metadata.fileSystemId) \(.type) \(.accountId) \(.id)" else "\(.metadata.name) \(.type) \(.credentials | split(":") | .[4]) \(.id)" end' $tmpout > $tmpout2
+#
+# Check to see if there are more.
+nextToken=$(jq -r '.nextToken' $tmpout)
+while [ "$nextToken" != "null" ]; do
+  run_curl GET "$token" "https://api.workloads.netapp.com/accounts/${BLUEXP_ACCOUNT_ID}/credentials/v1/credentials?nextToken=$nextToken&$filter" $tmpout $tmperr
+  jq -r '.items[] | if(.type == "ONTAP") then "\(.metadata.fileSystemId) \(.type) \(.accountId) \(.id)" else "\(.metadata.name) \(.type) \(.credentials | split(":") | .[4]) \(.id)" end' $tmpout >> $tmpout2
+  nextToken=$(jq -r '.nextToken' $tmpout)
+done
+
+sort -f -k 2,2 -k 1,1 $tmpout2 | column -t -N "Name,Type,Account,ID"