API Connect

Everything in the following blog post pertains to API Connect version 10.0.5.6+. Some introductory information on using the Portal Admin CLI can be found at https://www.ibm.com/docs/en/api-connect/10.0.5.x_lts?topic=cli-getting-started-portal-commands if you aren’t familiar with the process.

Introduction

Drupal User Role management was previously a task confined to the Drupal Admin UI. Starting from API Connect 10.0.7.0, you can complete the full lifecycle of Drupal User Roles using the Portal Admin CLI or via HTTP requests on these routes. The lifecycle includes creation and deletion of new roles as well as adding and removing permissions to roles.

List roles and Get a specific one

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Get a specific Role

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:get portal_cli_blog

3. List All Roles

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:list

When using the list command you can also use the flag --fliter_by_permission which will return all the roles that currently have that permission. In addition, you can also filter by a specific role with the list command as well by providing the --role flag.

Create a Role

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Create role

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:create --machine_name "portal_cli_blog" --human_readable_name "Portal CLI Blog"

It is easy and simple to create a role. You must provide a `machine_name` and a human_readable_name. The machine_name is what is used by Drupal to refer to the role

and must only contain lowercase letters, numbers, and underscores. The human_readable_name is what is displayed to the end user on the UI and can contain other characters such as spaces.

Adding Permissions to a Role

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Add permissions to desired role

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:add-permission portal_cli_blog --permissions="access comments,access content,access shortcuts"

The permissions flag is a list of the permissions you would like to add to your desired role. Multiple permissions can be added in one command call and they must be provided as a comma separated list. When adding permissions to roles they must exist otherwise the command will return the error of

- [error]  Permission(s) not found: fake permission

Remove Permissions from a Role

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Remove unwanted permission(s) from a role

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:remove-permission portal_cli_blog --permissions="access comments"

Just like adding permissions you can remove multiple permissions in one command run by providing a comma separated list of permissions. If you try and remove a permission that doesn’t exist on the role will return the error of

  - [error]  Permission(s) not found: perm not on role

Delete a Role

1. Login to the Portal Admin CLI

apic login --realm provider/default-idp-2 --username <username> --password <password> --server <management-platform-api>

2. Delete a specific role

apic --mode portaladmin -s <management-platform-api> -o <org> -c <catalog> role:delete portal_cli_blog

If you try and delete a role that doesn’t exist you will receive the error of

  - [error]  Unable to load the user_role: no_role

Conclusion

All these commands help facilitate the process adding creating new roles and adding permissions and to said new new or existing roles. These can be integrated into a CI/CD process if needed where roles of your custom modules can be read and added to the roles you desire without having to think about it too much.

Portal Admin CLI Blog Series

#APIConnect #developerportal #portal #drupal #portalcli