docker深入2-UI之portainer通過API來更新service的ACL
2018/10/15
準備工作
- 閱讀文檔
- 本例使用 httpie 來發送請求
brew install httpie
- 通過 jq 來格式化數據
brew install jq
- workdir
/tmp/httpie
原因
portainer升級至1.19.2後,有比較特別的變化:
儘管之前爲 service 設置過 ACL ,但在升級後發現還是全部重置爲 Administrators 權限
1.19.2
Breaking changes
This version changes the default ownership for externally created resources from Public to Administrator restricted (#960, #2137). The migration process will automatically migrate any existing resource declared as Public to Administrators only.
臨時解決辦法
通過API來重置ACL
下面是具體示範:
##### *1. 拿到認證 token*
# http POST http://your-portainer-addr/api/auth Username="admin" Password="ti9M%DjI6c7M"
{
"jwt": "xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
}
##### *2. 列出teams信息*
# http GET http://your-portainer-addr/api/teams \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
[
{
"Id": 1,
"Name": "dev"
},
{
"Id": 2,
"Name": "qa"
},
{
"Id": 3,
"Name": "ops"
}
]
##### *示例: 從文本中讀取json數據來發送POST請求*
# http POST http://your-portainer-addr/api/resource_controls \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" \
@/tmp/httpie/1.json
##### *示例: 獲得通過service前綴過濾後的狀態*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\='{"name":["dev-app1"]}' \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq '.[] | {name: .Spec.Name, id: .ID, teams: .Portainer.ResourceControl.TeamAccesses[0].TeamId}'
##### *3. 獲得通過service前綴過濾後的ID*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\='{"name":["dev-app1"]}' \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq '.[].ID' \
> .id
##### *4. 根據上述信息,批量執行API來設置team權限*
s1='{"Type":"service","Public":false,"ResourceID":"'
s2='","Users":[],"Teams":[2]}'
for ID in `cat .id |sed 's/"//g'`;do
echo $ID
echo ${s1}${ID}${s2}>d.json
http POST http://your-portainer-addr/api/resource_controls \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" \
@/tmp/httpie/d.json
echo '---------'
done
ZYXW、參考
1、swagger
https://app.swaggerhub.com/apis/deviantony/Portainer/1.19.2/#/
2、issuecomment
https://github.com/portainer/portainer/pull/2137#issuecomment-426421950
3、releases-tag-1.19.2
https://github.com/portainer/portainer/releases/tag/1.19.2