Nimbostratustroubleshooting rest api permissions issues
Hi I'm trying to troubleshoot a permissions problem with a custom role. I've created the role to allow an account to perform get and put request against datagroups on an v12 F5 LTM. The way I've initially approached it is to just give the following permissions and work my way back from there once I got it working.
"resources": [
{
"resourceMask": "/mgmt/tm/ltm/dataGroup",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/dataGroup/*",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/dataGroup/*/*",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/dataGroup/*/*/*",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group",
"restMethod": "PUT"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group/*",
"restMethod": "PUT"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group/*/*",
"restMethod": "PUT"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group/*/*/*",
"restMethod": "PUT"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group/*",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group/*/*",
"restMethod": "GET"
},
{
"resourceMask": "/mgmt/tm/ltm/data-group/*/*/*",
"restMethod": "GET"
}
I can perform a get against a datagroup but I'm unable to perform a put. I receive the following error
{"code":400,"message":"\"internal\" unexpected argument","errorStack":[],"apiError":26214401}
From reading the forums I understand this is a type of permissions problem.
So I also took an existing account and added it to the iControl_REST_API_User role. When trying to perform the same thing received.
{"code":400,"message":"01070822:3: Access Denied: user (username) does not have modify access to object (value_list)","errorStack":[],"apiError":3}
So I'm a little confused at how I can troubleshoot an api permissioning issue like this. If anyone has any tips they've used previously to figure out which role permissions are required for task.
