docker深入2-UI之portainer通過API來更新service的ACL

原創 pcnk 2018-10-16 02:36

docker深入2-UI之portainer通過API來更新service的ACL
2018/10/15

準備工作

  1. 閱讀文檔
  2. 本例使用 httpie 來發送請求
    brew install httpie
  3. 通過 jq 來格式化數據
    brew install jq
  4. workdir
    /tmp/httpie

原因

portainer升級至1.19.2後,有比較特別的變化:
儘管之前爲 service 設置過 ACL ,但在升級後發現還是全部重置爲 Administrators 權限

1.19.2

Breaking changes

This version changes the default ownership for externally created resources from Public to Administrator restricted (#960, #2137). The migration process will automatically migrate any existing resource declared as Public to Administrators only.

臨時解決辦法

通過API來重置ACL
下面是具體示範:

##### *1. 拿到認證 token*

# http POST http://your-portainer-addr/api/auth Username="admin" Password="ti9M%DjI6c7M"
{
    "jwt": "xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
}

##### *2. 列出teams信息*
# http GET http://your-portainer-addr/api/teams \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"

[
    {
        "Id": 1,
        "Name": "dev"
    },
    {
        "Id": 2,
        "Name": "qa"
    },
    {
        "Id": 3,
        "Name": "ops"
    }
]

##### *示例: 從文本中讀取json數據來發送POST請求*
# http POST http://your-portainer-addr/api/resource_controls \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" \
@/tmp/httpie/1.json

##### *示例: 獲得通過service前綴過濾後的狀態*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\='{"name":["dev-app1"]}' \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq '.[] | {name: .Spec.Name, id: .ID, teams: .Portainer.ResourceControl.TeamAccesses[0].TeamId}'

##### *3. 獲得通過service前綴過濾後的ID*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\='{"name":["dev-app1"]}' \
"Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq '.[].ID' \
> .id

##### *4. 根據上述信息,批量執行API來設置team權限*
s1='{"Type":"service","Public":false,"ResourceID":"'
s2='","Users":[],"Teams":[2]}'

for ID in `cat .id |sed 's/"//g'`;do
  echo $ID
  echo ${s1}${ID}${s2}>d.json
  http POST http://your-portainer-addr/api/resource_controls \
  "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" \
  @/tmp/httpie/d.json
  echo '---------'
done

ZYXW、參考

1、swagger
https://app.swaggerhub.com/apis/deviantony/Portainer/1.19.2/#/
2、issuecomment
https://github.com/portainer/portainer/pull/2137#issuecomment-426421950
3、releases-tag-1.19.2
https://github.com/portainer/portainer/releases/tag/1.19.2

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

docker 容器固定ip

rshare 2019-02-23 00:32:37

linux上安裝Docker(非常簡單的安裝方法)

幸運券發放 2019-02-24 19:38:01

Error response from daemon: OCI runtime create failed

uiz 2019-02-24 13:44:10

『高級篇』docker之kubernetes基礎集羣附加功能kube-proxy和kube-dns(

IT人故事 2019-02-23 14:07:34

寶塔面板 + Rancher + 阿里雲鏡像倉庫 + Docker + Kubernetes,添加集羣、部署 web 應用

燕小范 2019-02-23 13:20:14

jenkins觸發式自動構建docker鏡像上傳至harbor併發布

龍澤 2019-02-23 13:07:50

Flask 教程 第十九章:Docker容器上的部署

天降攻城獅 2019-02-23 10:17:16

docker

xmlgrg 2019-02-23 00:41:20

docker 基礎命令

qq5a3c5e337fedf 2019-02-23 00:40:07

docker容器初探—基本概念和基礎命令用法

IT陳工 2019-02-23 00:35:57

Docker的入門使用

二郎神六號 2019-02-23 00:33:25

學習docker

寧金 2019-02-23 00:27:04

『高級篇』docker之kubernetes基礎集羣命令小實戰(35)

IT人故事 2019-02-23 00:25:42

docker安裝

Leo_zhjl 2019-02-23 00:19:35

【Docker篇之一】Docker鏡像及容器

Matbe 2019-02-23 00:17:01