[Pulp-list] Pulp 2.7.1 permissions issue
Richard Grainger
grainger at gmail.com
Fri Feb 26 09:44:57 UTC 2016
I worked out a solution to this. I'll post it here in case anyone else
has this issue.
To set a permission on
"/pulp/api/v2/repositories/foo/actions/import_upload/", you have to
specify the URI as "/v2/repositories/foo/actions/import_upload/" (i.e.
remove the "/pulp/api" prefix). This is a bit strange (inconsistent)
as the "_href" field for the repository is
"/pulp/api/v2/repositories/bob/" (it includes the prefix). I don't
know in which cases one must exclude the "/pulp/api" prefix when
setting permissions on a resource (some? all? only this case?), but in
this case it worked...
On Thu, Feb 25, 2016 at 11:42 AM, Richard Grainger <grainger at gmail.com> wrote:
> Hi
>
> I'm try to delegate permissions to users in Pulp so that individuals
> can upload content units to particular repositories.
>
> For example, I've granted the update permission to the user 'bob' on
> resource "/pulp/api/v2/repositories/foo/actions/import_upload/"
>
> ...but when 'bob' attempts to upload an RPM they get a permission
> denied error on that resource at the import stage.
>
> I basically followed this:
>
> https://gist.github.com/duritong/8003827
>
> But 'bob' gets the following error:
>
> # pulp-admin -vv rpm repo uploads rpm --repo-id foo --file /tmp/bar.rpm
>
> .
> .
> .
> [successful upload here]
> .
> .
> .
> Importing into the repository...
> 2016-02-25 11:37:38,017 - DEBUG - sending POST request to
> /pulp/api/v2/repositories/foo/actions/import_upload/
> 2016-02-25 11:37:38,196 - INFO - POST request to
> /pulp/api/v2/repositories/foo/actions/import_upload/ with parameters
> {"override_config": {}, "unit_type_id": "rpm", "upload_id":
> "a7a232d8-7520-4fed-a575-696c23758461", "unit_key": {},
> "unit_metadata": {"checksum_type": null}}
> 2016-02-25 11:37:38,196 - INFO - Response status : 401
>
> 2016-02-25 11:37:38,196 - INFO - Response body :
> {
> "exception": null,
> "traceback": null,
> "_href": "/pulp/api/v2/repositories/foo/actions/import_upload/",
> "error_message": "Permission denied: user bob cannot perform UPDATE.",
> "http_request_method": "POST",
> "http_status": 401,
> "error": {
> "code": "PLP0026",
> "data": {
> "operation": "UPDATE",
> "user": "bob"
> },
> "description": "Permission denied: user bob cannot perform UPDATE.",
> "sub_errors": []
> },
> "auth_error_code": "permission_denied"
> }
>
> 2016-02-25 11:37:38,197 - ERROR - RequestException: POST request on
> /pulp/api/v2/repositories/foo/actions/import_upload/ failed with 401 -
> Permission denied: user bob cannot perform UPDATE.
> The specified user does not have permission to execute the given command
>
>
> Any ideas?
>
> Richard
More information about the Pulp-list
mailing list