How to we enable trace and deploy option for custom role via curl call which do not have trace and deploy permission ?

Google Cloud Apigee
1

We recently upgraded to 15.07.03 version and we observed the custom roles created will not have deploy and trace option for the users in that particular role / for their api proxy . so every time we manually have to enable the trace and deploy option for particular API proxy for particullar role .

1 Like
2

I think you want to associate a particular user to a role in the Edge organization, a role that will allow the user to trace and deploy proxies. If that is right, here’s the info.

First, you need a role in the organization that allows trace and deploy. To list the roles in the organization, use this command:

curl -i -n -X GET \
 [https://mgmtserver/v1/o/MYORG/userroles](https://mgmtserver/v1/o/MYORG/userroles)

To query the permissions of a particular role, you can use this:

curl -i -n -X GET \
 [https://mgmtserver/v1/o/MYORG/userroles/ROLENAME/permissions](https://mgmtserver/v1/o/MYORG/userroles/ROLENAME/permissions)

You want to find or create a role that has the debugsessions permission, as well as the deployments permission. These look like this:

    {
      "permissions": [
        "put",
        "get",
        "delete"
      ],
      "path": "/environments/test/applications/*/revisions/*/debugsessions",
      "organization": "MYORG"
    },
   ...
    {
      "permissions": [
        "put",
        "get",
        "delete"
      ],
      "path": "/environments/test/applications/*/revisions/*/deployments",
      "organization": "MYORG"
    },

You can replace “test” in the above path with an asterisk, to allow deployment and debugging to any environment.

Finally, to associate a user to a particular role, use one of the following two commands. The first works for the Apigee Edge public cloud:

curl -i -n -X POST \
   -H content-type:application/json \
   [https://api.enterprise.apigee.com/v1/o/myorg/users/vaibhav@example.com/userroles](https://api.enterprise.apigee.com/v1/o/myorg/users/vaibhav@example.com/userroles) \
   -d '{
  "role" : [ { "name" : "name_of_role1" }, { "name" : "name_of_role2" } ]
}'

This one works on your own privately-managed Edge cloud:

curl -i -n -X POST \
 -H 'Content-Type: application/x-www-form-urlencoded' \
 'https://managementserver/v1/o/MYORG/userroles/ROLENAME/users?id=vaibhav@example.com'

Read all about it in the documentation.

2 Likes