portainer of docker in-depth 2-UI Updates service ACL through API
2018/10/15
Dead work
- Reading document
- This example uses httpie to send requests
brew install httpie - Formatting data through jq
brew install jq - workdir
/tmp/httpie
Reason
After the upgrade of portainer to 1.19.2, there are some special changes:
Although ACL was previously set for service, it was found after upgrading that all of them were reset to Administrators privileges.
1.19.2
Breaking changes
This version changes the default ownership for externally created resources from Public to Administrator restricted (#960, #2137). The migration process will automatically migrate any existing resource declared as Public to Administrators only.
Interim solutions
Reset ACL through API
The following are specific demonstrations:
##### * 1. Get the certification token*
# http POST http://your-portainer-addr/api/auth Username="admin" Password="ti9M%DjI6c7M"
{
"jwt": "xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
}
##### * 2. List teams Information*
# http GET http://your-portainer-addr/api/teams \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
[
{
"Id": 1,
"Name": "dev"
},
{
"Id": 2,
"Name": "qa"
},
{
"Id": 3,
"Name": "ops"
}
]
##### * Example: Read json data from text to send POST requests*
# http POST http://your-portainer-addr/api/resource_controls \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" \
@/tmp/httpie/1.json
##### * Example: Get the status filtered through the service prefix*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\='{"name":["dev-app1"]}' \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq '.[] | {name: .Spec.Name, id: .ID, teams: .Portainer.ResourceControl.TeamAccesses[0].TeamId}'
##### * 3. Get ID filtered through service prefix*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\='{"name":["dev-app1"]}' \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq '.[].ID' \
> .id
##### * 4. Based on the above information, batch API is executed to set team permissions*
s1='{"Type":"service","Public":false,"ResourceID":"'
s2='","Users":[],"Teams":[2]}'
for ID in `cat .id |sed 's/"//g'`;do
echo $ID
echo ${s1}${ID}${s2}>d.json
http POST http://your-portainer-addr/api/resource_controls \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" \
@/tmp/httpie/d.json
echo '---------'
done
ZYXW, Reference
1,swagger
https://app.swaggerhub.com/apis/deviantony/Portainer/1.19.2/#/
2,issuecomment
https://github.com/portainer/portainer/pull/2137#issuecomment-426421950
3,releases-tag-1.19.2
https://github.com/portainer/portainer/releases/tag/1.19.2