Forum Discussion
Mattias_Anderss
Nimbostratus
NimbostratusMultiple partitions in same route-domain
Hi,
we are currently working on a project where our developers should be allowed to use the API to configure certain VIPs, pools and nodes for there applications. The trendy word for it is DevOp...
Hi Mattias,
you can use authorization roles and mask access control. I´m using it on v11.5.1 at one of my clients since a couple of months. It´s possible to create a list of masks for the differents REST methods in the following format:{
"resourceMask": "/mgmt/tm/ltm/*/*/*/*/*",
"restMethod": "PUT"
},
This information (role definition for "iControl_REST_API_LTM_Pool_Change") is stored in a .json file.
It will be imported this way:curl -sk -u admin:admin -X POST -H "Content-type: application/json" https://localhost/mgmt/shared/authz/roles -d @icr_ltm_pool.json
There is a guest user (api_user) defined on the system who will get the role assigned:
curl -sk -X PATCH -u admin:admin -H "Content-type: application/json" https://localhost/mgmt/shared/authz/roles/iControl_REST_API_LTM_Pool_Change -d '{"userReferences":[{"link":"https://localhost/mgmt/shared/authz/users/'"${api_user}"'"}]}'
This information is not stored in a .ucs archive and will get lost after software update.
You need to restore it manually (lines above were taken from a script to automate this task). Thanks, Stephan