5.430 Access Control Lists (ACLs)

This topic describes behavior of the ACL Rules (Access Control List Rules) object in Moab Web Services. It contains the URLs, request bodies, and responses delivered to and from MWS.

The Fields: Access Control Lists (ACLs) reference contains the type and description of all fields in the ACL Rules object. It also contains details regarding which fields are valid during PUT and POST actions.

Supported methods

ACLs are not directly manipulated through a single URL, but with sub-URLs of the other objects such as Virtual Containers and Reservations.

Resource GET PUT POST DELETE
/rest/reservations/<rsvId>/acl-rules/<aclId> -- Create or Update ACL -- Delete ACL
/rest/vcs/<vcId>/acl-rules/<aclId> -- Create or Update ACL -- Delete ACL

This topic contains these sections:

5.430.1 Getting ACLs

Although ACL Rules cannot be retrieved directly using the GET method on any of the acl-rules resources, ACL Rules are attached to supported objects when querying for them. Each supported object contains a field named aclRules, which is a collection of the ACL Rules defined on that object.

Supported objects

The following is a list of objects that will return ACL Rules when queried:

5.430.2 Creating or Updating ACLs

The HTTP PUT method is used to create or update ACL Rules. The request body can contain one or more ACL Rules. If an ACL Rule with the same type and value exists, then it will be overwritten.

Quick reference

PUT http://localhost:8080/mws/rest/reservations/<rsvId>/acl-rules?api-version=3

5.430.2.A Create or Update ACL

URLs and parameters

PUT http://localhost:8080/mws/rest/reservations/<rsvId>/acl-rules?api-version=3
Parameter Required Type Valid values Description
objectId Yes String -- The unique identifier of the object.

See Global URL Parameters for available URL parameters.

Request body

The request body below shows all the fields that are available for the PUT method, along with some sample values.

JSON Request Body
------------------------------------

{"aclRules": [{
  "affinity": "POSITIVE",
  "comparator": "LEXIGRAPHIC_EQUAL",
  "type": "USER",
  "value": "ted"
}]}

Sample response

This message may not match the message returned from Moab exactly, but is given as an example of the structure of the response.

JSON Request Body
------------------------------------

{"messages":["Reservation 'rsv1' successfully modified"]}

Samples

Create or update multiple ACLs on a single object:

CPUT http://localhost:8080/mws/rest/reservations/system.21/acl-rules?api-version=3
------------------------------------

{"aclRules": [
    {
    "affinity": "POSITIVE",
    "comparator": "LESS_THAN_OR_EQUAL",
    "type": "DURATION",
    "value": "3600"
  },
    {
    "affinity": "POSITIVE",
    "comparator": "LEXIGRAPHIC_EQUAL",
    "type": "USER",
    "value": "ted"
  }
]}

Restrictions

5.430.3 Deleting ACLs

The HTTP DELETE method is used to remove ACL Rules.

Quick reference

ACL Rules cannot be removed from Standing Reservations.

DELETE http://localhost:8080/mws/rest/reservations/<rsvId>/acl-rules?api-version=3/<aclId>

5.430.3.A Delete ACL

URLs and parameters

DELETE http://localhost:8080/mws/rest/reservations/<objectId>/acl-rules?api-version=3/<aclId>
Parameter Required Type Valid values Description
objectId Yes String -- The unique identifier of the object from which to remove the ACL Rule.
aclId Yes String -- A string representing the ACL Rule, with the format type:value.

See Global URL Parameters for available URL parameters.

Sample response

This message may not match the message returned from Moab exactly, but is given as an example of the structure of the response.

JSON Response
------------------------------------

{"messages":["Successfully modified reservation 'rsv1'"]}

Restrictions

Related Topics 

© 2017 Adaptive Computing