I worked out a solution to this. I'll post it here in case anyone else has this issue.
To set a permission on "/pulp/api/v2/repositories/foo/actions/import_upload/", you have to specify the URI as "/v2/repositories/foo/actions/import_upload/" (i.e. remove the "/pulp/api" prefix). This is a bit strange (inconsistent) as the "_href" field for the repository is "/pulp/api/v2/repositories/bob/" (it includes the prefix). I don't know in which cases one must exclude the "/pulp/api" prefix when setting permissions on a resource (some? all? only this case?), but in this case it worked... On Thu, Feb 25, 2016 at 11:42 AM, Richard Grainger <[email protected]> wrote: > Hi > > I'm try to delegate permissions to users in Pulp so that individuals > can upload content units to particular repositories. > > For example, I've granted the update permission to the user 'bob' on > resource "/pulp/api/v2/repositories/foo/actions/import_upload/" > > ...but when 'bob' attempts to upload an RPM they get a permission > denied error on that resource at the import stage. > > I basically followed this: > > https://gist.github.com/duritong/8003827 > > But 'bob' gets the following error: > > # pulp-admin -vv rpm repo uploads rpm --repo-id foo --file /tmp/bar.rpm > > . > . > . > [successful upload here] > . > . > . > Importing into the repository... > 2016-02-25 11:37:38,017 - DEBUG - sending POST request to > /pulp/api/v2/repositories/foo/actions/import_upload/ > 2016-02-25 11:37:38,196 - INFO - POST request to > /pulp/api/v2/repositories/foo/actions/import_upload/ with parameters > {"override_config": {}, "unit_type_id": "rpm", "upload_id": > "a7a232d8-7520-4fed-a575-696c23758461", "unit_key": {}, > "unit_metadata": {"checksum_type": null}} > 2016-02-25 11:37:38,196 - INFO - Response status : 401 > > 2016-02-25 11:37:38,196 - INFO - Response body : > { > "exception": null, > "traceback": null, > "_href": "/pulp/api/v2/repositories/foo/actions/import_upload/", > "error_message": "Permission denied: user bob cannot perform UPDATE.", > "http_request_method": "POST", > "http_status": 401, > "error": { > "code": "PLP0026", > "data": { > "operation": "UPDATE", > "user": "bob" > }, > "description": "Permission denied: user bob cannot perform UPDATE.", > "sub_errors": [] > }, > "auth_error_code": "permission_denied" > } > > 2016-02-25 11:37:38,197 - ERROR - RequestException: POST request on > /pulp/api/v2/repositories/foo/actions/import_upload/ failed with 401 - > Permission denied: user bob cannot perform UPDATE. > The specified user does not have permission to execute the given command > > > Any ideas? > > Richard _______________________________________________ Pulp-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/pulp-list
