This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Best Role Permissions to deploy apiproxy with apigeetool?

Posted on 12-14-2016 07:06 AM
Not applicable
Reply posted on --/--/---- --:-- AM

I am trying to deploy an APIProxy using apigee tool and I want to assign a Role for that,

I tried the 'Operations Administrator' but it doesn't work and I get 403.

This Role needs to be able to deploy an API proxy but not change it.

thanks

0 3 360
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
kurtkanaskie
Staff
Reply posted on --/--/---- --:-- AM

Hi @YuriAbaev

Apigeetool does not allow you to just deploy a particular revision, rather it allows you to create a new revision and deploys it. The permissions for 'Operations Administrator' doesn't allow that.

You have a couple options:

1 - Create a custom role that allows CRUD on proxies and add that role to existing 'Operations Administrators' users. I wasn't able to create a complete new 'Operations' role because I couldn't add in certain permissions (e.g. virtualhost). This works and Apigeetool can deploy new proxies, if that's want you really want. Here's a screen shot of the new operations role (note the check marks):

4201-operationsrole.png

and a screen shot of the user with the new role:

4200-operationsuser.png

2 - This is the easiest, use API management calls to undeploy and deploy using the existing 'Operations Administrators' role. The curl calls are:

# Undeploy apitest
curl -X POST -u "$UN:$PW" "https://api.enterprise.apigee.com/v1/o/$ORG/apis/apitest/revisions/1/deployments?action=undeploy&env=test"

# Deploy apitest
curl -X POST -u "$UN:$PW" "https://api.enterprise.apigee.com/v1/o/$ORG/environments/test/apis/apitest/revisions/1/deployments"

Hope that helps

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
In response to kurtkanaskie
Reply posted on --/--/---- --:-- AM

@Kurt Kanaskie thanks for your answer,

but my goal when creating an `operation` role was to prevent a 3rd party who gets this credentials to change or delete current running proxies.will this `operations` role prevent a 3rd party user signing in to ManagmentUI and change current proxies?

0 Likes

Posted on --/--/---- --:-- AM
kurtkanaskie
Staff
In response to
Reply posted on --/--/---- --:-- AM

No the 'operations' role is just to add in the ability to change or delete existing proxies, sounds like you don't want that.

The current 'Operations Administrator' role DOES NOT allow the changes or deletions to the API proxy itself. The role DOES allow deploying and undeploying any of the API proxy revisions as I've shown in the curl commands.

Unfortunately, Apigeetool doesn't allow you to just deploy an existing revision of an API proxy.

P.S. please remember to add your comments as comments rather than answers. I fix it 🙂

0 Likes