[Pulp-list] List of possible auth resources

Sayli Karmarkar skarmark at redhat.com
Thu Apr 3 21:00:25 UTC 2014 

Jason,

http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions
The resource is essentially a URI path of a pulp rest api after 
'/pulp/api' part. So eg. to give permission to all repositories, you 
would use resource '/v2/repositories/'.

There is no way to list all resources except to look at the api 
documentation at 
http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/. 
As expected if you have permissions to the prefix of a resource, you 
will have same permissions to all sub-resources as well. Permission to 
'/v2/repositories/' gives you permission to 
'/v2/repositories/<repo_id>/distributors/<distributor_id>/' as well.

In your 2 examples, you should use following resources

1. '/v2/content/uploads/' and '/v2/repositories/'
2. '/v2/consumers/'

Note that the trailing slash is important.

Thanks,

On 04/03/2014 11:24 AM, Ashby, Jason (IMS) wrote:
>
> Hi all,
>
> Is there a way to list all possible pulp resources?  E.g. pulp-admin 
> auth permission list, but showing resources and resource-id's.  I'm 
> guessing this translates to the URLs and REST API, but it's not clear 
> to me in the docs.
>
> The auth permission grant accepts just about anything without error, e.g.
>
>     pulp-admin auth permission grant --resource /booyah1234 --role-id 
> uploaders -o create -o read -o update -o delete -o execute
>
>     Permissions [/booyah1234: ['CREATE', 'READ', 'UPDATE', 'DELETE', 
> 'EXECUTE']] successfully granted to role [uploaders]
>
> My goal is to create two users with minimalist privileges:
>
> 1)an admin that can only upload or delete rpms to a repository.
>
>     pulp-admin auth permission grant --resource /content --role-id 
> uploaders -o create -o read -o update -o delete -o execute
>
> I tried /content and /repositories, but both fail with "Insufficient 
> Permissions" when running the uploads command.
>
> 2)A user that can only register/unregister consumers and bind to 
> repositories.  More detail in my bug report here: 
> https://bugzilla.redhat.com/show_bug.cgi?id=1081534
>
> Thanks again!
>
> Jason
>
>
> ------------------------------------------------------------------------
>
> Information in this e-mail may be confidential. It is intended only 
> for the addressee(s) identified above. If you are not the 
> addressee(s), or an employee or agent of the addressee(s), please note 
> that any dissemination, distribution, or copying of this communication 
> is strictly prohibited. If you have received this e-mail in error, 
> please notify the sender of the error.
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list


-- 
Sayli Karmarkar

Software Engineer
Systems Management and Cloud Enablement
http://www.redhat.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20140403/07f58414/attachment.htm>

More information about the Pulp-list mailing list