Highlighted
MWigger
1 Copper

API Priviledges

Jump to solution

Hello,

I write a script with works with syncIQ jobs

Currently it works with the root account, but now I want to make it accessible for users.

Now i fail getting the correct (minimal) permissions to get this to work

e.g. when I try to get" /1/sync/policies" I get a permission denied, but my permissions look like this:

ISI01-5# isi auth roles view papiusers
       Name: papiusers
Description: -
    Members: ####################
Privileges
             ID: ISI_PRIV_LOGIN_PAPI
      Read Only: True

             ID: ISI_PRIV_JOB_ENGINE
      Read Only: False

             ID: ISI_PRIV_LICENSE
      Read Only: True

             ID: ISI_PRIV_SYNCIQ
      Read Only: False

             ID: ISI_PRIV_NS_IFS_ACCESS
      Read Only: True

Is there an detailed overview which priviledge is for which access?

Best regards,

Marius

Labels (1)
Tags (2)
0 Kudos
1 Solution

Accepted Solutions
Yan_Faubert
2 Iron

Re: API Priviledges

Jump to solution

I'm using OneFS 7.1.1.1 and I've configured the following role which works fine when I list SyncIQ policies.

yfvm-7111-2# isi auth roles view api

       Name: api

Description: -

    Members: api

Privileges

             ID: ISI_PRIV_LOGIN_PAPI

      Read Only: True

             ID: ISI_PRIV_SYNCIQ

      Read Only: False

yfvm-7111-2#

I've created a local user called 'api' in the system zone local provider and I can successfully list SyncIQ policies with the following python script when connecting to an IP address in the system zone.

yfaubert@yfvm-deb1:~/papi$ cat get_cluster_sync_policies.py

#!/usr/bin/env python

import requests

papi_url = "https://192.168.32.221:8080/platform/"

authinfo = ('api', 'api')

syncinfo = "1/sync/policies"

if __name__ == "__main__":

    syncinfo = requests.get(papi_url + syncinfo, auth=authinfo, verify=False)

    print "DEBUG: Returned info is: " + str(syncinfo.json())

    for p in syncinfo.json()["policies"]:

        print "----"

        print "name: " + str(p["name"])

        print "id: " + str(p["id"])

        print "action: " + str(p["action"])

        print "source_root_path: " + str(p["source_root_path"])

        print "target_host: " + str(p["target_host"])

        print "target_path: " + str(p["target_path"])

0 Kudos
3 Replies
Yan_Faubert
2 Iron

Re: API Priviledges

Jump to solution

I'm using OneFS 7.1.1.1 and I've configured the following role which works fine when I list SyncIQ policies.

yfvm-7111-2# isi auth roles view api

       Name: api

Description: -

    Members: api

Privileges

             ID: ISI_PRIV_LOGIN_PAPI

      Read Only: True

             ID: ISI_PRIV_SYNCIQ

      Read Only: False

yfvm-7111-2#

I've created a local user called 'api' in the system zone local provider and I can successfully list SyncIQ policies with the following python script when connecting to an IP address in the system zone.

yfaubert@yfvm-deb1:~/papi$ cat get_cluster_sync_policies.py

#!/usr/bin/env python

import requests

papi_url = "https://192.168.32.221:8080/platform/"

authinfo = ('api', 'api')

syncinfo = "1/sync/policies"

if __name__ == "__main__":

    syncinfo = requests.get(papi_url + syncinfo, auth=authinfo, verify=False)

    print "DEBUG: Returned info is: " + str(syncinfo.json())

    for p in syncinfo.json()["policies"]:

        print "----"

        print "name: " + str(p["name"])

        print "id: " + str(p["id"])

        print "action: " + str(p["action"])

        print "source_root_path: " + str(p["source_root_path"])

        print "target_host: " + str(p["target_host"])

        print "target_path: " + str(p["target_path"])

0 Kudos
MWigger
1 Copper

Re: API Priviledges

Jump to solution

Hello Yan,

thanks for your answer, you pushed me to the right direction: you wrote you made a local user, but I use AD Users.

And I forgot the "DOMAIN\\"  + prefix

btw: nice code I think this is much simpler that the current code examples

Best regards,

Marius

0 Kudos
Yan_Faubert
2 Iron

Re: API Priviledges

Jump to solution

Thanks, please note the code uses a 3rd party python module called 'requests' which is really easy and simple to use.

0 Kudos