第 4 章使用 REST API 管理授权

要自动维护 Red Hat Developer Hub 权限策略和角色，您可以使用 Developer Hub 基于角色的访问控制(RBAC) REST API。

您可以使用 REST API 执行以下操作：

检索有关以下相关信息：
- 所有权限策略
- 特定权限策略
- 特定角色
- 静态插件权限策略
创建、更新或删除：
- 权限策略
- 角色

4.1. 使用 curl 工具将请求发送到 RBAC REST API
复制链接

您可以使用 curl 实用程序发送 RBAC REST API 请求。

先决条件

您可以访问 RBAC 功能。

流程

查找 Bearer 令牌以向 REST API 进行身份验证。
1. 在您的浏览器中，打开 Web 控制台网络选项卡。
2. 在主屏幕中，重新载入 Developer Hub Homepage。
3. 在 Web 控制台网络选项卡中，搜索 query?term= 网络调用。
4. 将令牌保存到响应 JSON 中，以获取后续步骤。

在终端中运行 curl 命令并查看响应：

GET 或 DELETE 请求

curl -v \
  -H "Authorization: Bearer <token>" \
  -X <method> "https://<my_developer_hub_url>/<endpoint>" \

curl -v \
  -H "Authorization: Bearer <token>" \
  -X <method> "https://<my_developer_hub_url>/<endpoint>" \

Copy to Clipboard

Toggle word wrap

需要 JSON 正文数据的 POST 或 PUT 请求

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -X POST "https://<my_developer_hub_url>/<endpoint>" \
  -d <body>

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -X POST "https://<my_developer_hub_url>/<endpoint>" \
  -d <body>

Copy to Clipboard

Toggle word wrap

<token>

输入您保存的授权令牌。

<method>

输入 API 端点的 HTTP 方法。

GET ：从指定资源端点检索指定的信息。
POST ：要创建或更新资源。
PUT ：更新资源。
DELETE ：删除资源。

https://<my_developer_hub_url>

输入您的 Developer Hub URL。

<endpoint>

输入您要发送请求的 API 端点，如 /api/permission/policies。

<body>

输入带有 API 端点可能需要的数据的 JSON 正文，以及 HTTP POST 或 PUT 请求。

创建角色的请求示例

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -X POST "https://<my_developer_hub_url>/api/permission/roles" \
  -d '{
      "memberReferences": ["group:default/example"],
      "name": "role:default/test",
      "metadata": { "description": "This is a test role" }
    }'

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -X POST "https://<my_developer_hub_url>/api/permission/roles" \
  -d '{
      "memberReferences": ["group:default/example"],
      "name": "role:default/test",
      "metadata": { "description": "This is a test role" }
    }'

Copy to Clipboard

Toggle word wrap

更新角色的请求示例

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -X PUT "https://<my_developer_hub_url>/api/permission/roles/role/default/test" \
  -d '{
          "oldRole": {
            "memberReferences":  [ "group:default/example" ],
            "name": "role:default/test"
          },
          "newRole": {
            "memberReferences": [ "group:default/example", "user:default/test" ],
            "name": "role:default/test"
          }
        }'

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer <token>" \
  -X PUT "https://<my_developer_hub_url>/api/permission/roles/role/default/test" \
  -d '{
          "oldRole": {
            "memberReferences":  [ "group:default/example" ],
            "name": "role:default/test"
          },
          "newRole": {
            "memberReferences": [ "group:default/example", "user:default/test" ],
            "name": "role:default/test"
          }
        }'

Copy to Clipboard

Toggle word wrap

创建权限策略的请求示例

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X POST "https://<my_developer_hub_url>/api/permission/policies" \
  -d '[{
      "entityReference":"role:default/test",
      "permission": "catalog-entity",
      "policy": "read", "effect":"allow"
    }]'

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X POST "https://<my_developer_hub_url>/api/permission/policies" \
  -d '[{
      "entityReference":"role:default/test",
      "permission": "catalog-entity",
      "policy": "read", "effect":"allow"
    }]'

Copy to Clipboard

Toggle word wrap

更新权限策略的请求示例

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X PUT "https://<my_developer_hub_url>/api/permission/policies/role/default/test" \
  -d '{
         "oldPolicy": [
           {
             "permission": "catalog-entity", "policy": "read", "effect": "allow"
           }
         ],
         "newPolicy":
           [
             {
               "permission": "policy-entity", "policy": "read", "effect": "allow"
             }
           ]
       }'

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X PUT "https://<my_developer_hub_url>/api/permission/policies/role/default/test" \
  -d '{
         "oldPolicy": [
           {
             "permission": "catalog-entity", "policy": "read", "effect": "allow"
           }
         ],
         "newPolicy":
           [
             {
               "permission": "policy-entity", "policy": "read", "effect": "allow"
             }
           ]
       }'

Copy to Clipboard

Toggle word wrap

创建条件的请求示例

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X POST "https://<my_developer_hub_url>/api/permission/roles/conditions" \
  -d '{
      "result": "CONDITIONAL",
      "roleEntityRef": "role:default/test",
      "pluginId": "catalog",
      "resourceType": "catalog-entity",
      "permissionMapping": ["read"],
      "conditions": {
        "rule": "IS_ENTITY_OWNER",
        "resourceType": "catalog-entity",
        "params": {"claims": ["group:default/janus-authors"]}
      }
    }'

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X POST "https://<my_developer_hub_url>/api/permission/roles/conditions" \
  -d '{
      "result": "CONDITIONAL",
      "roleEntityRef": "role:default/test",
      "pluginId": "catalog",
      "resourceType": "catalog-entity",
      "permissionMapping": ["read"],
      "conditions": {
        "rule": "IS_ENTITY_OWNER",
        "resourceType": "catalog-entity",
        "params": {"claims": ["group:default/janus-authors"]}
      }
    }'

Copy to Clipboard

Toggle word wrap

更新条件的请求示例

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X PUT "https://<my_developer_hub_url>/api/permission/roles/conditions/1" \
  -d '{
          "result":"CONDITIONAL",
          "roleEntityRef":"role:default/test",
          "pluginId":"catalog",
          "resourceType":"catalog-entity",
          "permissionMapping": ["read",  "update", "delete"],
          "conditions": {
            "rule": "IS_ENTITY_OWNER",
            "resourceType": "catalog-entity",
            "params": {"claims": ["group:default/janus-authors"]}
          }
       }'

curl -v -H "Content-Type: application/json" \
  -H "Authorization: Bearer $token" \
  -X PUT "https://<my_developer_hub_url>/api/permission/roles/conditions/1" \
  -d '{
          "result":"CONDITIONAL",
          "roleEntityRef":"role:default/test",
          "pluginId":"catalog",
          "resourceType":"catalog-entity",
          "permissionMapping": ["read",  "update", "delete"],
          "conditions": {
            "rule": "IS_ENTITY_OWNER",
            "resourceType": "catalog-entity",
            "params": {"claims": ["group:default/janus-authors"]}
          }
       }'

Copy to Clipboard

Toggle word wrap

验证

查看返回的 HTTP 状态代码：
200 OK
请求成功。
201 created
请求会导致成功创建新资源。
204 无内容
请求成功，响应有效负载没有更多内容。
400 错误请求
输入错误以及请求。
401 未授权
缺少请求资源的有效身份验证。
403 Forbidden
退款以授权请求。
404 not Found
无法找到所请求的资源。
409 冲突
请求与当前状态和目标资源冲突。

第 4 章使用 REST API 管理授权

4.1. 使用 curl 工具将请求发送到 RBAC REST API
复制链接

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

第 4 章 使用 REST API 管理授权

4.1. 使用 curl 工具将请求发送到 RBAC REST API复制链接链接已复制到粘贴板!

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

第 4 章使用 REST API 管理授权

4.1. 使用 curl 工具将请求发送到 RBAC REST API
复制链接