[Pulp-list] List of possible auth resources
Sayli Karmarkar
skarmark at redhat.com
Thu Apr 3 21:00:25 UTC 2014
Jason,
http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions
The resource is essentially a URI path of a pulp rest api after
'/pulp/api' part. So eg. to give permission to all repositories, you
would use resource '/v2/repositories/'.
There is no way to list all resources except to look at the api
documentation at
http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/.
As expected if you have permissions to the prefix of a resource, you
will have same permissions to all sub-resources as well. Permission to
'/v2/repositories/' gives you permission to
'/v2/repositories/<repo_id>/distributors/<distributor_id>/' as well.
In your 2 examples, you should use following resources
1. '/v2/content/uploads/' and '/v2/repositories/'
2. '/v2/consumers/'
Note that the trailing slash is important.
Thanks,
On 04/03/2014 11:24 AM, Ashby, Jason (IMS) wrote:
>
> Hi all,
>
> Is there a way to list all possible pulp resources? E.g. pulp-admin
> auth permission list, but showing resources and resource-id's. I'm
> guessing this translates to the URLs and REST API, but it's not clear
> to me in the docs.
>
> The auth permission grant accepts just about anything without error, e.g.
>
> pulp-admin auth permission grant --resource /booyah1234 --role-id
> uploaders -o create -o read -o update -o delete -o execute
>
> Permissions [/booyah1234: ['CREATE', 'READ', 'UPDATE', 'DELETE',
> 'EXECUTE']] successfully granted to role [uploaders]
>
> My goal is to create two users with minimalist privileges:
>
> 1)an admin that can only upload or delete rpms to a repository.
>
> pulp-admin auth permission grant --resource /content --role-id
> uploaders -o create -o read -o update -o delete -o execute
>
> I tried /content and /repositories, but both fail with "Insufficient
> Permissions" when running the uploads command.
>
> 2)A user that can only register/unregister consumers and bind to
> repositories. More detail in my bug report here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1081534
>
> Thanks again!
>
> Jason
>
>
> ------------------------------------------------------------------------
>
> Information in this e-mail may be confidential. It is intended only
> for the addressee(s) identified above. If you are not the
> addressee(s), or an employee or agent of the addressee(s), please note
> that any dissemination, distribution, or copying of this communication
> is strictly prohibited. If you have received this e-mail in error,
> please notify the sender of the error.
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
--
Sayli Karmarkar
Software Engineer
Systems Management and Cloud Enablement
http://www.redhat.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-list/attachments/20140403/07f58414/attachment.htm>
More information about the Pulp-list
mailing list