I need to create a custom role to Download an existing API, Upload a revision of the existing API, and Deploy the new revision. The role needs limited scope and cannot be an org admin. I tried using the operations admin but that cannot upload new revisions.
Even with excessive permissions I can't upload files using the API (though I can update using the UI). Here are my permissions:
{ "organization": "sandbox", "path": "/environments/sandbox/*", "permissions": ["put", "get"] }, { "organization": "sandbox", "path": "/applications/HelloWorld/*", "permissions": ["put", "get"] }, { "organization": "sandbox", "path": "/applications/*", "permissions": ["put", "get"] }, { "organization": "sandbox", "path": "/environment/*", "permissions": ["put", "get"] }
Here's the curl command to upload the zip:
curl -X POST -u 'user@gmail.com' -F 'file=@HelloWorld.v333.zip' 'https://api.enterprise.apigee.com/v1/o/costco-sandbox/apis?action=import&name=HelloWorld' --insecure -i
I get this response: HTTP/1.1 403 Forbidden
ok, you want to upload a revision of an API Proxy.
Here's how I do it.
curl -X POST "${mgmtserver}/v1/o/$org/apis?action=import&name=$proxyname" -T $zipname -H "Content-Type: application/octet-stream"
I see a couple problems with the curl command you are using.
A bit more.... The title text on your question says you want to "Deploy". But the API you are using is for IMPORT. Those are two separate actions, in Apigee Edge. I think a permission like this governs import:
{ "path": "/applications", "permissions": ["put", "get"] },
...while a permission like this governs deployment of the API in an environment:
{ "path" : "/environments/test/applications/*/revisions/*/deployments", "permissions" : [ "get", "put", "delete" ] }
Thanks Dino.
My initial curl command works (with an Org Admin user). But I switched to yours. That also works with the Org Admin User but not with the Non-Org Admin user. I suspect the problem is that the user is not permitted according to RBAC. Do you know what permissions I'd use to enable the user to do the upload. I set these permissions: { "organization" : "sandbox", "path" : "/applications/*", "permissions" : [ "get", "put" ] }, { "organization" : "sandbox", "path" : "/environment/*", "permissions" : [ "get", "put" ] }
Setting those let me make the update with the Non-Org Admin user in the web UI but still not via the API.
Hmm, can you try
{ "path": "/applications", "permissions": ["put", "get"] },
..rather than
{ "path": "/applications/*", "permissions": ["put", "get"] },
That worked. Thanks Dino.
User | Count |
---|---|
2 | |
1 | |
1 | |
1 | |
1 |