Forum Discussion
JFrancisco
Nimbostratus
NimbostratusiControl permissions
Hi All,
Hoping that you can help me on this, i'm fairly new to f5 and facing a task that i need help with.
I'm trying to add an iControl permission for our web dev team for them to pull the status of the nodes on f5 LTM via API.
I am having a problem when adding the user to iControl. I followed the guide from this link https://support.f5.com/csp/article/K84925527#allowremotewithbasic but i can't add the service account.
I'm using my personal admin account for f5 that is tied to AD to add the user.
The password contains the character (!) on it. Also tried using \\ as an escape character.
curl -sk -u sampeuser:password\\! https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/devaccount"}] }'
the return code is: "code":401,"message":"Authorization failed:
I also tried using our root cli account.
curl -sk -u root:password\\! https://localhost/mgmt/shared/authz/roles/iControl_REST_API_User -H "Content-Type: application/json" -X PATCH -d '{ "userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/devaccount"}] }'
the return code is a bunch of error.
{"name":"iControl_REST_API_User","userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/zmfrancis"}],"resources":[{"resourceMask":"/mgmt/tm/vcmp/*","restMethod":"PUT"},{"resourceMask":"/mgmt/tm/util/*/*","restMethod":"PATCH"},{"resourceMask":"/mgmt/tm/auth/*/*/*","restMethod":"GET"},{"resourceMask":"/mgmt/tm/sys/*/*/*/*/*/*/*","restMethod":"POST"},{"resourceMask":"/mgmt/tm/pem","restMethod":"GET"},{"resourceMask":"/mgmt/tm/wam/*/*","restMethod":"POST"},{"resourceMask":"/mgmt/tm/ltm/*/*/*/*/*/*/*/*/*","restMethod":"POST"},{"resourceMask":"/mgmt/tm/net/*/*/*/*/*/*/*/*","restMethod":"PATCH"},{"resourceMask":"/mgmt/tm/transaction/*/*/*","restMethod":"PUT"},{"resourceMask":"/mgmt/tm/vcmp/*/*/*/*/*/*","restMethod":"DELETE"},{"resourceMask":"/mgmt/tm/cli","restMethod":"DELETE"},{"resourceMask":"/mgmt/tm/gtm/*/*/*/*/*/*/*","restMethod":"GET"},.........
JGCumulonimbus
Try it as the "admin" user.
- jonwest1_uk
Cirrus
Or alternatively you can use your personal account with Token Based Authentication. Generate a Token in a first API request then include the token as a header in your next request. There's a good example here:
https://f5-automation-labs.readthedocs.io/en/latest/class1/module1/lab2.html
jaikumar_f5MVP
Also its not like you always have to parse the password in the same command.
When you give -u and parse only the username and hit enter.
It would automatically ask for the password in the prompt.