docker深入2-UI之portainer通过API来更新service的ACL
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了docker深入2-UI之portainer通过API来更新service的ACL相关的知识,希望对你有一定的参考价值。
docker深入2-UI之portainer通过API来更新service的ACL
2018/10/15
准备工作
- 阅读文档
- 本例使用 httpie 来发送请求
brew install httpie - 通过 jq 来格式化数据
brew install jq - workdir
/tmp/httpie
原因
portainer升级至1.19.2后,有比较特别的变化:
尽管之前为 service 设置过 ACL ,但在升级后发现还是全部重置为 Administrators 权限
1.19.2
Breaking changes
This version changes the default ownership for externally created resources from Public to Administrator restricted (#960, #2137). The migration process will automatically migrate any existing resource declared as Public to Administrators only.
临时解决办法
通过API来重置ACL
下面是具体示范:
##### *1. 拿到认证 token*
# http POST http://your-portainer-addr/api/auth Username="admin" Password="ti9M%DjI6c7M"
{
"jwt": "xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
}
##### *2. 列出teams信息*
# http GET http://your-portainer-addr/api/teams "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
[
{
"Id": 1,
"Name": "dev"
},
{
"Id": 2,
"Name": "qa"
},
{
"Id": 3,
"Name": "ops"
}
]
##### *示例: 从文本中读取json数据来发送POST请求*
# http POST http://your-portainer-addr/api/resource_controls "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" @/tmp/httpie/1.json
##### *示例: 获得通过service前缀过滤后的状态*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services?filters=‘{"name":["dev-app1"]}‘ "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq ‘.[] | {name: .Spec.Name, id: .ID, teams: .Portainer.ResourceControl.TeamAccesses[0].TeamId}‘
##### *3. 获得通过service前缀过滤后的ID*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services?filters=‘{"name":["dev-app1"]}‘ "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq ‘.[].ID‘ > .id
##### *4. 根据上述信息,批量执行API来设置team权限*
s1=‘{"Type":"service","Public":false,"ResourceID":"‘
s2=‘","Users":[],"Teams":[2]}‘
for ID in `cat .id |sed ‘s/"//g‘`;do
echo $ID
echo ${s1}${ID}${s2}>d.json
http POST http://your-portainer-addr/api/resource_controls "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" @/tmp/httpie/d.json
echo ‘---------‘
done
ZYXW、参考
1、swagger
https://app.swaggerhub.com/apis/deviantony/Portainer/1.19.2/#/
2、issuecomment
https://github.com/portainer/portainer/pull/2137#issuecomment-426421950
3、releases-tag-1.19.2
https://github.com/portainer/portainer/releases/tag/1.19.2
以上是关于docker深入2-UI之portainer通过API来更新service的ACL的主要内容,如果未能解决你的问题,请参考以下文章