This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

What are the least permissions settings to allow an account to set KVM values?

Posted on 09-03-2015 11:36 AM
Not applicable
Reply posted on --/--/---- --:-- AM

What are the least permissions settings to allow an account to set KVM values?

So we would like to add KVM values (and modify them) using the management API interface. We are a private cloud org - so this is the only way to do this at the time (there is no UI interface for this)

I am trying to figure out what the LEAST permissions an account would need to be able to do this. I know it can be done by an org admin - but that isnt the LEAST permissions.

Solved Solved
1 15 773
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

This worked for me. 

## create a user role 
curl -i -n -H accept:application/xml \
 -H content-type:application/xml \
 -X POST \
 "http://api.edgemgmt/v1/o/org1/userroles" \
 -d '<Roles><Role name="kvmuser"/></Roles>'  




## add permissions on keyvaluemaps to the existing role
curl -i -n -X POST \
  -H content-type:application/xml \
  -H accept:application/xml \
  'http://api.edgemgmt/v1/o/org1/userroles/kvmuser/permissions' \
  -d '
<ResourcePermission path="/keyvaluemaps">
  <Permissions>
    <Permission>get</Permission>
    <Permission>put</Permission>
    <Permission>delete</Permission>
  </Permissions>
</ResourcePermission>'




## Add a user 
curl -n -i -X POST \
  -H content-Type:application/xml \
  'http://api.edgemgmt/v1/users' \
  -d '<User>
  <FirstName>Barak</FirstName>
  <LastName>Obama</LastName>
  <Password>Secret123</Password>
  <EmailId>B@obama.com</EmailId>
</User>'




## Attach the userrole to that user
curl -n -i -X POST \
  -H content-type:application/x-www-form-urlencoded \
  "http://api.edgemgmt/v1/o/org1/userroles/kvmuser/users?id=B@obama.com"



## Authenticating as the new user, create a KVM
curl -u "B@obama.com:Secret123" \
-i -X POST \
  -H content-type:application/json \
  "http://api.edgemgmt/v1/o/org1/keyvaluemaps" \
  -d '{   
 "name" : "kvm1",
 "entry" : [ 
  {
   "name" : "Key1",
   "value" : "value_one"
  },
  {
   "name" : "Key2",
   "value" : "value_two"
  } 
 ]
}'


## Succeeds


## Authenticating as the new user, Try to read apis
curl -u "B@obama.com:Secret123" \
  -i -X GET \
  "http://api.edgemgmt/v1/o/org1/apis"


## 403 Forbidden

All the curl commands that use -n assume that there are "orgadmin" credentials in your .netrc file. If that's not the case, just replace -n with -u "orgadminuser:orgadminpassword"

View solution in original post

Jump to Solution
15 REPLIES 15
Top Solution Authors
View all