Jason,
http://pulp-user-guide.readthedocs.org/en/latest/admin-client/authentication.html#permissions
The resource is essentially a URI path of a pulp rest api after
'/pulp/api' part. So eg. to give permission to all repositories, you
would use resource '/v2/repositories/'.
There is no way to list all resources except to look at the api
documentation at
http://pulp-dev-guide.readthedocs.org/en/latest/integration/rest-api/.
As expected if you have permissions to the prefix of a resource, you
will have same permissions to all sub-resources as well. Permission to
'/v2/repositories/' gives you permission to
'/v2/repositories/<repo_id>/distributors/<distributor_id>/' as well.
In your 2 examples, you should use following resources
1. '/v2/content/uploads/' and '/v2/repositories/'
2. '/v2/consumers/'
Note that the trailing slash is important.
Thanks,
On 04/03/2014 11:24 AM, Ashby, Jason (IMS) wrote:
Hi all,
Is there a way to list all possible pulp resources? E.g. pulp-admin
auth permission list, but showing resources and resource-id's. I'm
guessing this translates to the URLs and REST API, but it's not clear
to me in the docs.
The auth permission grant accepts just about anything without error, e.g.
pulp-admin auth permission grant --resource /booyah1234 --role-id
uploaders -o create -o read -o update -o delete -o execute
Permissions [/booyah1234: ['CREATE', 'READ', 'UPDATE', 'DELETE',
'EXECUTE']] successfully granted to role [uploaders]
My goal is to create two users with minimalist privileges:
1)an admin that can only upload or delete rpms to a repository.
pulp-admin auth permission grant --resource /content --role-id
uploaders -o create -o read -o update -o delete -o execute
I tried /content and /repositories, but both fail with "Insufficient
Permissions" when running the uploads command.
2)A user that can only register/unregister consumers and bind to
repositories. More detail in my bug report here:
https://bugzilla.redhat.com/show_bug.cgi?id=1081534
Thanks again!
Jason
------------------------------------------------------------------------
Information in this e-mail may be confidential. It is intended only
for the addressee(s) identified above. If you are not the
addressee(s), or an employee or agent of the addressee(s), please note
that any dissemination, distribution, or copying of this communication
is strictly prohibited. If you have received this e-mail in error,
please notify the sender of the error.
_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list
--
Sayli Karmarkar
Software Engineer
Systems Management and Cloud Enablement
http://www.redhat.com
_______________________________________________
Pulp-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pulp-list
