Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: 6.13.0
Affects Version/s: 6.11.4
Component/s: Puppet
Labels:

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
BZ Flags:
- qe_test_coverage+
- sat-6.13.0+
BZ Status:
CLOSED
Bugzilla Bug:
RHBZ: 2142555
PM Score:
900
Satellite Team:

Rocket
BZ Keywords:
- Triaged
Intelligence Requested:
Market:

Severity:
Moderate

Regression:
None

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Description of problem:

permissions

Puppetclass -> import_puppetclasses

for limited users does not work. Instead, when such user is used, error

"error":

{"message":"Access denied","details":"Missing one of the required permissions: ","missing_permissions":[]}

is returned

Version-Release number of selected component (if applicable):

6.11.4

How reproducible:

100%

Steps to Reproduce:
1. administer -> users create user "puppetenvuser"
2. administer -> roles create role "puppet-env-import-role"
with following filters:

hammer role filters --name puppet-env-import-role
---|-------------|------|----------|---------|----------------------|------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
---|-------------|------|----------|---------|----------------------|------------------------------------------
588 | Puppetclass | none | yes | no | puppet-env-import-role | create_puppetclasses, import_puppetclasses
592 | Location | none | no | no | puppet-env-import-role | view_locations
593 | Organization | none | no | no | puppet-env-import-role | view_organizations
594 | SmartProxy | none | yes | no | puppet-env-import-role | view_smart_proxies
595 | Environment | none | yes | no | puppet-env-import-role | view_environments
---|-------------|------|----------|---------|----------------------|----------------------

3. assign puppet-env-import-role to puppetenvuser
4. try to use puppetenvuser to import puppet classes

Actual results:

#curl -s -k -X POST -u puppetenvuser:redhat -H "Content-Type: application/json" https://10.44.129.52/api/environments/production/smart_proxies/1/import_puppetclasses?dryrun=true

{
"error":

{"message":"Access denied","details":"Missing one of the required permissions: ","missing_permissions":[]}

}

Expected results:

#curl -s -k -X POST -u puppetenvuser:redhat -H "Content-Type: application/json" https://10.44.129.52/api/environments/production/smart_proxies/1/import_puppetclasses?dryrun=true
{
"message": "Successfully updated environment and puppetclasses from the on-disk puppet installation",
"results":

{"name":"production","actions":["new"],"new_puppetclasses":["access_insights_client::current","access_insights_client","access_insights_client::old","foreman_scap_client","foreman_scap_client::params","stdlib","stdlib::stages"]}

}

Additional info:

in /usr/share/gems/gems/foreman_puppet-2.0.6/lib/foreman_puppet/register.rb adding

permission :import_puppetclasses,

{ 'foreman_puppet/puppetclasses' => %i[import_environments obsolete_and_new], 'foreman_puppet/api/v2/environments' => [:import_puppetclasses], + 'api/v2/smart_proxies' => [:import_puppetclasses] }

fixes the issue

external trackers

Red Hat Errata Tool 110313

Red Hat Issue Tracker SAT-14681

Red Hat Product Errata RHSA-2023:2097

Assignee:: RH Bugzilla Integration

Reporter:: RH Bugzilla Integration

QA Contact:: Vijaykumar Sawant

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/01/05 6:54 AM

Updated:: 2024/08/16 12:20 PM

Resolved:: 2023/01/25 1:53 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates