準備工作

1. 閱讀文檔
2. 本例使用 httpie 來發送請求
   brew install httpie
3. 通過 jq 來格式化數據
   brew install jq
4. workdir
   /tmp/httpie

原因

portainer升級至1.19.2後，有比較特別的變化：
盡管之前為 service 設置過 ACL ，但在升級後發現還是全部重置為 Administrators 權限

1.19.2

Breaking changes

This version changes the default ownership for externally created resources from Public to Administrator restricted (#960, #2137). The migration process will automatically migrate any existing resource declared as Public to Administrators only.

臨時解決辦法

通過API來重置ACL
下面是具體示範：

##### *1. 拿到認證 token*

# http POST http://your-portainer-addr/api/auth Username="admin" Password="ti9M%DjI6c7M"
{
    "jwt": "xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"
}

##### *2. 列出teams信息*
# http GET http://your-portainer-addr/api/teams "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"

[
    {
        "Id": 1,
        "Name": "dev"
    },
    {
        "Id": 2,
        "Name": "qa"
    },
    {
        "Id": 3,
        "Name": "ops"
    }
]

##### *示例: 從文本中讀取json數據來發送POST請求*
# http POST http://your-portainer-addr/api/resource_controls "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" @/tmp/httpie/1.json

##### *示例: 獲得通過service前綴過濾後的狀態*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\=‘{"name":["dev-app1"]}‘ "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq ‘.[] | {name: .Spec.Name, id: .ID, teams: .Portainer.ResourceControl.TeamAccesses[0].TeamId}‘

##### *3. 獲得通過service前綴過濾後的ID*
# http GET http://your-portainer-addr/api/endpoints/5/docker/services\?filters\=‘{"name":["dev-app1"]}‘ "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY" |jq ‘.[].ID‘ > .id

##### *4. 根據上述信息，批量執行API來設置team權限*
s1=‘{"Type":"service","Public":false,"ResourceID":"‘
s2=‘","Users":[],"Teams":[2]}‘

for ID in `cat .id |sed ‘s/"//g‘`;do
  echo $ID
  echo ${s1}${ID}${s2}>d.json
  http POST http://your-portainer-addr/api/resource_controls   "Authorization: Bearer xxJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6MSwidXNlcm5hbWUiOiJhZG1pbiIsInJvbGUiOjEsImV4cCI6MTUzOTYxNzcwNX0.ifadEaqEo7LNWPuPBl8zQMZqeFvxfVPgAD6asNdMQYY"   @/tmp/httpie/d.json
  echo ‘---------‘
done
 

ZYXW、參考

1、swagger
https://app.swaggerhub.com/apis/deviantony/Portainer/1.19.2/#/
2、issuecomment
https://github.com/portainer/portainer/pull/2137#issuecomment-426421950
3、releases-tag-1.19.2
https://github.com/portainer/portainer/releases/tag/1.19.2

docker深入2-UI之portainer通過API來更新service的ACL