Uploaded image for project: 'Hybrid Cloud Console'
  1. Hybrid Cloud Console
  2. RHCLOUD-44776

403 permission occured when run advisor api system_retrieve on kessel ephemeral env

XMLWordPrintable

    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • Unset
    • None

      Descriptions

      403 permission occured when run advisor api system_retrieve on kessel ephemeral env

       

      ForbiddenException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Date': 'Wed, 04 Feb 2026 09:32:03 GMT', 'Server': 'WSGIServer/0.2 CPython/3.12.12', 'Content-Type': 'application/json', 'Vary': 'Accept', 'Allow': 'GET, HEAD, OPTIONS', 'X-Frame-Options': 'DENY', 'Content-Length': '63', 'X-Content-Type-Options': 'nosniff', 'Referrer-Policy': 'same-origin', 'Cross-Origin-Opener-Policy': 'same-origin'})
HTTP response body: {"detail":"You do not have permission to perform this action."}

       

      Steps to Reproduce

       

       

      In [13]: app_org_admin_advisor.advisor.rest_client_v5.system_api.system_retrieve(uuid="e53c81ba-733a-4f30-b49b-ffc1749ded7e")
2026-02-04 02:27:32.935 [    INFO] [iqe.base.rest_client] REST: GET http://advisor-backend-api.ephemeral-moih6u.svc:8000/api/insights/v1/system/e53c81ba-733a-4f30-b49b-ffc1749ded7e/ with query params [] and x-rh-insights-request-id=None
ForbiddenException: (403)
Reason: Forbidden
HTTP response headers: HTTPHeaderDict({'Date': 'Wed, 04 Feb 2026 02:27:32 GMT', 'Server': 'WSGIServer/0.2 CPython/3.12.12', 'Content-Type': 'application/json', 'Vary': 'Accept', 'Allow': 'GET, HEAD, OPTIONS', 'X-Frame-Options': 'DENY', 'Content-Length': '63', 'X-Content-Type-Options': 'nosniff', 'Referrer-Policy': 'same-origin', 'Cross-Origin-Opener-Policy': 'same-origin'})
HTTP response body: {"detail":"You do not have permission to perform this action."}


In [14]: AdvisorModeledUser
Out[14]: User(attributes=UserAttributes(type=<UserType.USER: 'User'>, account_number='3558629', org_id='0202783', email='christinagoodwin@example.com', first_name='John', last_name='Doe', is_active=True, is_org_admin=True, is_internal=False, locale='en_US'), auth=UserAuth(jwt_grant_type='password', username='angela98', password='', user_id='96930582', cert_type='system', cert=None, key=None, cn='FmgozyzhpISTdNBV.example.net', cluster_id=None, refresh_token=None, client_id=None, client_secret=None, scope=None), entitlements={'hybrid_cloud': UserEntitlement(is_entitled=True, is_trial=False), 'insights': UserEntitlement(is_entitled=True, is_trial=False), 'openshift': UserEntitlement(is_entitled=True, is_trial=False), 'smart_management': UserEntitlement(is_entitled=True, is_trial=False)}, permissions=None, identity=None)

In [16]: app_org_admin_advisor.advisor.rbac_api.get_advisor_access()
2026-02-04 02:32:52.102 [    INFO] [iqe.base.rest_client] REST: GET http://rbac-service.ephemeral-moih6u.svc:8000/api/rbac/v1/access/ with query params [('application', 'advisor')] and x-rh-insights-request-id=None
Out[16]: 
{'data': [{'permission': 'advisor:*:*', 'resource_definitions': []}],
 'links': {'first': '/api/rbac/v1/access/?application=advisor&limit=1&offset=0',
           'last': '/api/rbac/v1/access/?application=advisor&limit=1&offset=0',
           'next': None,
           'previous': None},
 'meta': {'count': 1, 'limit': 1, 'offset': 0}}

       

       

      Actual Behavior  

      403 permission occured when run advisor api system_retrieve

      Expected Behavior

      run advisor api should works well with the permission 'advisor::'

              lpichler@redhat.com Libor Pichler
              yanpliu yanping liu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: