jasonrahm
commented
5 years ago For the API, you will need to create a custom role. Details here: https://devcentral.f5.com/articles/icontrol-rest-fine-grained-role-based-access-control-30773
Closed kamulchik closed 5 years ago
jasonrahm
commented
5 years ago For the API, you will need to create a custom role. Details here: https://devcentral.f5.com/articles/icontrol-rest-fine-grained-role-based-access-control-30773
Hello. I am trying disable nodes on F5 throw API. I have code: node_exists = mgmt.tm.ltm.nodes.node.exists(partition='Common',name=node_ip) node = mgmt.tm.ltm.nodes.node.load(partition='Common',name=node_ip) node.session = "user-enabled" node.update() And this work with admin account, but do not work with role "operator". User with role operator can disabling and enabling nodes and members in the pool throw GUI. But can't do it throw API.
What i do incorrect?
Traceback (most recent call last): File "node-restart-3.1.py", line 290, in
auto()
File "node-restart-3.1.py", line 95, in auto
node.update(state="user-disabled")
File "/usr/lib/python2.7/site-packages/f5/bigip/tm/ltm/node.py", line 72, in update
return self._update(checked)
File "/usr/lib/python2.7/site-packages/f5/bigip/resource.py", line 579, in _update
response = session.put(update_uri, json=data_dict, requests_params)
File "/usr/lib/python2.7/site-packages/icontrol/session.py", line 284, in wrapper
raise iControlUnexpectedHTTPError(error_message, response=response)
icontrol.exceptions.iControlUnexpectedHTTPError: 400 Unexpected Error: Bad Request for uri: https://ip-f5:443/mgmt/tm/ltm/node/~Common~node-ip/
Text: u'{"code":400,"message":"01070822:3: Access Denied: user (test) does not have modify access to attribute (node_address_app_id) of object (node_address)","errorStack":[],"apiError":3}'
I do not nodify ip address....
Thanks.