Uploaded image for project: 'Satellite'
  1. Satellite
  2. SAT-14681

import puppet classes permission filter does not work

XMLWordPrintable

    • Moderate

      Description of problem:

      permissions

      Puppetclass -> import_puppetclasses

      for limited users does not work. Instead, when such user is used, error

      "error":

      {"message":"Access denied","details":"Missing one of the required permissions: ","missing_permissions":[]}

      is returned

      Version-Release number of selected component (if applicable):

      6.11.4

      How reproducible:

      100%

      Steps to Reproduce:
      1. administer -> users create user "puppetenvuser"
      2. administer -> roles create role "puppet-env-import-role"
      with following filters:

      hammer role filters --name puppet-env-import-role
      ---|-------------|------|----------|---------|----------------------|------------------------------------------
      ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
      ---|-------------|------|----------|---------|----------------------|------------------------------------------
      588 | Puppetclass | none | yes | no | puppet-env-import-role | create_puppetclasses, import_puppetclasses
      592 | Location | none | no | no | puppet-env-import-role | view_locations
      593 | Organization | none | no | no | puppet-env-import-role | view_organizations
      594 | SmartProxy | none | yes | no | puppet-env-import-role | view_smart_proxies
      595 | Environment | none | yes | no | puppet-env-import-role | view_environments
      ---|-------------|------|----------|---------|----------------------|----------------------

      3. assign puppet-env-import-role to puppetenvuser
      4. try to use puppetenvuser to import puppet classes

      Actual results:

      #curl -s -k -X POST -u puppetenvuser:redhat -H "Content-Type: application/json" https://10.44.129.52/api/environments/production/smart_proxies/1/import_puppetclasses?dryrun=true

      {
      "error":

      {"message":"Access denied","details":"Missing one of the required permissions: ","missing_permissions":[]}

      }

      Expected results:

      #curl -s -k -X POST -u puppetenvuser:redhat -H "Content-Type: application/json" https://10.44.129.52/api/environments/production/smart_proxies/1/import_puppetclasses?dryrun=true
      {
      "message": "Successfully updated environment and puppetclasses from the on-disk puppet installation",
      "results":

      {"name":"production","actions":["new"],"new_puppetclasses":["access_insights_client::current","access_insights_client","access_insights_client::old","foreman_scap_client","foreman_scap_client::params","stdlib","stdlib::stages"]}

      }

      Additional info:

      in /usr/share/gems/gems/foreman_puppet-2.0.6/lib/foreman_puppet/register.rb adding

      permission :import_puppetclasses,

      { 'foreman_puppet/puppetclasses' => %i[import_environments obsolete_and_new], 'foreman_puppet/api/v2/environments' => [:import_puppetclasses], + 'api/v2/smart_proxies' => [:import_puppetclasses] }

      ,

      fixes the issue

            jira-bugzilla-migration RH Bugzilla Integration
            jira-bugzilla-migration RH Bugzilla Integration
            Vijaykumar Sawant Vijaykumar Sawant
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: