This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to we enable trace and deploy option for custom role via curl call which do not have trace and deploy permission ?

Posted on 04-10-2016 12:02 PM
vaibhav26_heddu
New Member
Reply posted on --/--/---- --:-- AM

We recently upgraded to 15.07.03 version and we observed the custom roles created will not have deploy and trace option for the users in that particular role / for their api proxy . so every time we manually have to enable the trace and deploy option for particular API proxy for particullar role .

1 1 658
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
DChiesa
Staff
Reply posted on --/--/---- --:-- AM

I think you want to associate a particular user to a role in the Edge organization, a role that will allow the user to trace and deploy proxies. If that is right, here's the info.

First, you need a role in the organization that allows trace and deploy. To list the roles in the organization, use this command:

curl -i -n -X GET \
 https://mgmtserver/v1/o/MYORG/userroles

To query the permissions of a particular role, you can use this: 

curl -i -n -X GET \
 https://mgmtserver/v1/o/MYORG/userroles/ROLENAME/permissions

You want to find or create a role that has the debugsessions permission, as well as the deployments permission. These look like this: 

    {
      "permissions": [
        "put",
        "get",
        "delete"
      ],
      "path": "/environments/test/applications/*/revisions/*/debugsessions",
      "organization": "MYORG"
    },
   ...
    {
      "permissions": [
        "put",
        "get",
        "delete"
      ],
      "path": "/environments/test/applications/*/revisions/*/deployments",
      "organization": "MYORG"
    },

You can replace "test" in the above path with an asterisk, to allow deployment and debugging to any environment.

Finally, to associate a user to a particular role, use one of the following two commands. The first works for the Apigee Edge public cloud: 

curl -i -n -X POST \
   -H content-type:application/json \
   https://api.enterprise.apigee.com/v1/o/myorg/users/vaibhav@example.com/userroles \
   -d '{
  "role" : [ { "name" : "name_of_role1" }, { "name" : "name_of_role2" } ]
}'

This one works on your own privately-managed Edge cloud: 

curl -i -n -X POST \
 -H 'Content-Type: application/x-www-form-urlencoded' \
 'https://managementserver/v1/o/MYORG/userroles/ROLENAME/users?id=vaibhav@example.com'

Read all about it in the documentation.