Florian, Thanks for being in touch. Please try "/v2/repositories/" with the trailing slash, which I believe will work. I have verified it on pulp 2.3 beta.
As for the "Authentication Failed" message, that is a bug that was fixed in Pulp 2.2. https://bugzilla.redhat.com/show_bug.cgi?id=916729 Your email did cause me to notice an error in our REST API documentation, which I reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1034316 Thanks, Michael Hrivnak ----- Original Message ----- From: "Florian Sachs" <[email protected]> To: [email protected] Sent: Monday, November 25, 2013 9:39:42 AM Subject: [Pulp-list] Cannot grant permissions on repositories Hi, Before I begin: I am in the process of building a new serverstructure within my company using all puppet, foreman, devops and all the other buzzwords the fly around and actually work pretty well. The backbone of my (Repository) Release-Management is pulp for which I wrote a rest-client to handle Repository and Release stuff in a defined way and everything works quite well. So a big "Thank you" for building pulp! I plan to grant permissions on specific repositories to specific users, so they can sync, upload etc their software without my help. I want my users, to be able to list all repositories. As admin, I call "pulp-admin rpm repo list". According to the .pulp/server_calls, the request is 'GET request to / pulp/api/v2/repositories / with parameters None'. So here is what I tried: ========= root@pulpserver:~ # pulp-admin auth permission grant --login=myuser --resource=/repositories -o read Permissions [/repositories : ['READ']] successfully granted to user [myuser] ========= myuser@myserver:~ # pulp-admin rpm repo list +--------------------------------------------------------------------------------------------------------+ RPM Repositories +--------------------------------------------------------------------------------------------------------+ Authentication Failed The session certificate expired on Dec 2 14:18:47 2013 GMT. Use the login command to begin a new session. ========= myuser@myserver:~ # tail .pulp/admin.log self.all_repos_cache = self.context.server.repo.repositories(query_params).response_body File "/usr/lib/python2.6/site-packages/pulp/bindings/repository.py", line 33, in repositories return self.server.GET(path, query_parameters) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 84, in GET return self._request('GET', path, queries) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 142, in _request self._handle_exceptions(response_code, response_body) File "/usr/lib/python2.6/site-packages/pulp/bindings/server.py", line 183, in _handle_exceptions raise code_class_mappings[response_code](response_body) PermissionsException: Permission Denied ========= myuser@myserver:~ # tail .pulp/server_calls.log 2013-11-25 15:18:54,314 - INFO - Response body : "Permission Denied" 2013-11-25 15:19:15,375 - INFO - GET request to / pulp/api/v2/repositories / with parameters None 2013-11-25 15:19:15,375 - INFO - Response status : 401 2013-11-25 15:19:15,376 - INFO - Response body : "Permission Denied" ========= The "Authentication Failed" Message is misleading, as the session certificate is valid and it is indeed not a Authentication Failure but a Permission Error. Maybe that can be clarified in future releases. I then tried to widen the permission with root@pulp1:~ # pulp-admin auth permission grant --login=myuser --resource= / repositories / -o read Permissions [ / repositories / : ['READ']] successfully granted to user [myuser] root@pulp1:~ # pulp-admin auth permission grant --login=myuser --resource=/v2/repositories -o read Permissions [/v2/repositories : ['READ']] successfully granted to user [myuser] root@pulp1:~ # pulp-admin auth permission grant --login=myuser --resource=/api/v2/repositories -o read Permissions [/api/v2/repositories : ['READ']] successfully granted to user [myuser] root@pulp1:~ # pulp-admin auth permission grant --login=myuser --resource=/pulp/api/v2/repositories -o read Permissions [/pulp/api/v2/repositories : ['READ']] successfully granted to user [myuser] - but the Permissions Error kept going. I was only able to list the repositories as user, when I set the resource to '/'. * Am I using the correct --resource parameter? * Should it work the way I thought? * Do you have any hints for me? I am using pulp 2.1.3 on a RHEL6.3 x86_64 best regards, florian -- Florian Sachs Austrian Federal Ministry of Defence Command Support Centre / ICT Engineering Division Stiftgasse 2a 1070, Wien Postadresse: Rossauer Lände 1, 1090 Wien Tel.: +43 50201 10 33466 _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
