thiezn_180250
Jun 07, 2016Nimbostratus
iControl REST Access to specific partitions only
Hello,
We would like to create a user account for the iControl REST API that is only allowed to access/create resources in a specific partition. This would allow us to give specific application groups access to only their resources.
I've already managed to create a new role that only allows access to certain resources only by POSTing a new group to and tried to add the $filter parameter to the relevant resourceMasks like this:
{'name': 'restricted-api-access,
'userReferences': [{'link': user_reference}],
"resources":[
{"resourceMask":"/mgmt/tm/ltm/*$filter=partition%20eq%20VPN*","restMethod":"GET"},
{"resourceMask":"/mgmt/tm/ltm/*/*$filter=partition%20eq%20VPN*","restMethod":"GET"},
{"resourceMask":"/mgmt/tm/ltm/*/*/*$filter=partition%20eq%20VPN*","restMethod":"GET"},
{"resourceMask":"/mgmt/tm/ltm/*/*/*/*$filter=partition%20eq%20VPN*","restMethod":"GET"}
]
}
Unfortunately the resourceMask doesn't respect the $filter parameter, is there another way to restrict this?
edit: Im able to allow access to a specific resource on a partition using the following but this still won't allow me to create new items in a specific partition only:
"resourceMask":"/mgmt/tm/ltm/pool/~VPN~testpool","restMethod":"GET"}
Cheers, Mathijs