Actions
Bug #11201
open
No permission to access /api/hosts/:id/parameters with view_hosts
Status:
New
Priority:
Normal
Assignee:
-
Category:
API
Target version:
-
Description
I've run foreman-debug and uploaded the file: /tmp/foreman-debug-fBc8y.tar.xz
OS: debian
RELEASE: 7.8
FOREMAN: 1.8.2
RUBY: ruby 1.9.3p194 (2012-04-20 revision 35410) [x86_64-linux]
PUPPET: 3.8.1I have the following problem with permissions:
A user may view all facts of a host in the webinterface he is also able to get the information for the host via a curl call.
curl -k -u USER -H "Accept: version=2,application/json" https://foreman.rack.zone/api/hosts/798
But when the user runs
hammer host info --name <servername>
he recieves 'Forbidden - server refused to process the request'
Here is the output of the hammer call with -d
I've deleted some details.
Its also strange the clients actually has the information but returns a forbidden.
THANKS!
hammer -d -u USER -s foreman --name vs125
[ INFO 2015-07-23 17:46:12 Init] Initialization of Hammer CLI (0.2.0) has started...
[DEBUG 2015-07-23 17:46:12 Init] Running at ruby 2.1.5-p273
[ INFO 2015-07-23 17:46:12 Init] Configuration from the file /etc/hammer/cli_config.yml has been loaded
[ INFO 2015-07-23 17:46:12 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman.yml has been loaded
[ INFO 2015-07-23 17:46:12 Init] Configuration from the file /home/aoehler/.hammer/cli.modules.d/foreman.yml has been loaded
[ WARN 2015-07-23 17:46:13 Modules] Veraltete Konfiguration von Modulen entdeckt. Prüfen Sie den Abschnitt zum Thema Konfiguration im Benutzerhandbuch
[DEBUG 2015-07-23 17:46:13 Connection] Registered: foreman
[DEBUG 2015-07-23 17:46:13 API] Global headers: {
:content_type => "application/json",
:accept => "application/json;version=2",
"Accept-Language" => "de"
}
[ INFO 2015-07-23 17:46:13 Modules] Extension module hammer_cli_foreman (0.2.0) loaded
[ INFO 2015-07-23 17:46:13 Modules] Extension module hammer_cli_foreman (0.2.0) loaded
[DEBUG 2015-07-23 17:46:13 Init] Using locale 'de'
[DEBUG 2015-07-23 17:46:13 Init] 'mo' files for locale domain 'hammer-cli' loaded from '/usr/share/locale'
[DEBUG 2015-07-23 17:46:13 Init] 'mo' files for locale domain 'hammer-cli-foreman' loaded from '/usr/share/locale'
[ INFO 2015-07-23 17:46:13 HammerCLI::MainCommand] Called with options: {"option_debug"=>true, "option_username"=>"USER", "option_server"=>"foreman"}
[ INFO 2015-07-23 17:46:13 HammerCLIForeman::Host] Called with options: {}
[ INFO 2015-07-23 17:46:13 HammerCLIForeman::Host::InfoCommand] Called with options: {"option_name"=>"vs125"}
[ INFO 2015-07-23 17:46:13 API] GET /api/hosts
[DEBUG 2015-07-23 17:46:13 API] Params: {
:search => "name = \"vs125\""
}
[DEBUG 2015-07-23 17:46:13 API] Headers: {
:params => {
:search => "name = \"vs125\""
}
}
[Foreman]-Passwort für user:
[DEBUG 2015-07-23 17:46:20 API] Response: {
"total" => 31,
"subtotal" => 1,
"page" => 1,
"per_page" => 20,
"search" => "name = \"vs125\"",
"sort" => {
"by" => nil,
"order" => nil
},
"results" => [
[0] {
"ip" => "10.1.160.60",
"environment_id" => 2,
"environment_name" => "development",
"last_report" => nil,
"mac" => "52:54:00:d2:6d:21",
"realm_id" => nil,
"realm_name" => nil,
"sp_mac" => nil,
"sp_ip" => nil,
"sp_name" => nil,
"domain_id" => 9,
"domain_name" => "unstable",
"architecture_id" => 1,
"architecture_name" => "x86_64",
"operatingsystem_id" => 5,
"operatingsystem_name" => "Debian Wheezy (INSTALL!)",
"subnet_id" => 10,
"subnet_name" => "Subnet",
"sp_subnet_id" => nil,
"ptable_id" => 9,
"ptable_name" => "Preseed custom LVM all_root",
"medium_id" => 7,
"medium_name" => "BY Debian Mirror",
"build" => false,
"comment" => "",
"disk" => "",
"installed_at" => "2015-07-23T09:01:29Z",
"model_id" => nil,
"model_name" => nil,
"hostgroup_id" => 16,
"hostgroup_name" => "Team Product",
"owner_id" => 5,
"owner_type" => "Usergroup",
"enabled" => true,
"puppet_ca_proxy_id" => nil,
"managed" => true,
"use_image" => nil,
"image_file" => "",
"uuid" => "5d0cdc37-ec9b-e4c3-0c16-f0b6aa2aa1ec",
"compute_resource_id" => 51,
"compute_resource_name" => "cr-3-73",
"compute_profile_id" => 2,
"compute_profile_name" => "S",
"capabilities" => [
[0] "build",
[1] "image"
],
"provision_method" => "build",
"puppet_proxy_id" => nil,
"certname" => "vs125",
"image_id" => nil,
"image_name" => nil,
"created_at" => "2015-07-23T08:48:46Z",
"updated_at" => "2015-07-23T14:50:21Z",
"last_compile" => nil,
"last_freshcheck" => nil,
"serial" => nil,
"source_file_id" => nil,
"puppet_status" => 0,
"organization_id" => 25,
"organization_name" => "Developer",
"location_id" => 18,
"location_name" => "UNSTABLE",
"name" => "vs125",
"id" => 22125
}
]
}
[DEBUG 2015-07-23 17:46:20 API] Response headers: {
:date => "Thu, 23 Jul 2015 15:46:17 GMT",
:server => "Apache/2.2.22 (Debian)",
:x_powered_by => "Phusion Passenger (mod_rails/mod_rack) 3.0.13",
:foreman_version => "1.8.2",
:foreman_api_version => "2",
:apipie_checksum => "e3bfd0c4952c158d0555df77379f5010",
:x_ua_compatible => "IE=Edge,chrome=1",
:etag => "\"b71e23a8376524b48769d23b545e3c93\"",
:cache_control => "must-revalidate, private, max-age=0",
:x_request_id => "d845316b408235c1b2e8739f3f30f11a",
:x_runtime => "3.169905",
:x_rack_cache => "miss",
:set_cookie => [
[0] "request_method=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
],
:status => "200",
:content_length => "1741",
:connection => "close",
:content_type => "application/json; charset=utf-8"
}
[ INFO 2015-07-23 17:46:20 API] GET /api/hosts/22125
[DEBUG 2015-07-23 17:46:20 API] Params: {}
[DEBUG 2015-07-23 17:46:20 API] Headers: {
:params => {}
}
[DEBUG 2015-07-23 17:46:23 API] Response: {
"ip" => "10.1.160.60",
"environment_id" => 2,
"environment_name" => "development",
"last_report" => nil,
"mac" => "52:54:00:d2:6d:21",
"realm_id" => nil,
"realm_name" => nil,
"sp_mac" => nil,
"sp_ip" => nil,
"sp_name" => nil,
"domain_id" => 9,
"domain_name" => "unstable",
"architecture_id" => 1,
"architecture_name" => "x86_64",
"operatingsystem_id" => 5,
"operatingsystem_name" => "Debian Wheezy (INSTALL!)",
"subnet_id" => 10,
"subnet_name" => "DC",
"sp_subnet_id" => nil,
"ptable_id" => 9,
"ptable_name" => "Preseed custom LVM all_root",
"medium_id" => 7,
"medium_name" => "BY Debian Mirror",
"build" => false,
"comment" => "",
"disk" => "",
"installed_at" => "2015-07-23T09:01:29Z",
"model_id" => nil,
"model_name" => nil,
"hostgroup_id" => 16,
"hostgroup_name" => "Product",
"owner_id" => 5,
"owner_type" => "Usergroup",
"enabled" => true,
"puppet_ca_proxy_id" => nil,
"managed" => true,
"use_image" => nil,
"image_file" => "",
"uuid" => "5d0cdc37-ec9b-e4c3-0c16-f0b6aa2aa1ec",
"compute_resource_id" => 51,
"compute_resource_name" => "unstable73",
"compute_profile_id" => 2,
"compute_profile_name" => "S",
"capabilities" => [
[0] "build",
[1] "image"
],
"provision_method" => "build",
"puppet_proxy_id" => nil,
"certname" => "vs125",
"image_id" => nil,
"image_name" => nil,
"created_at" => "2015-07-23T08:48:46Z",
"updated_at" => "2015-07-23T14:50:21Z",
"last_compile" => nil,
"last_freshcheck" => nil,
"serial" => nil,
"source_file_id" => nil,
"puppet_status" => 0,
"organization_id" => 25,
"organization_name" => "Developer",
"location_id" => 18,
"location_name" => "ALL/DC/IPC3/UNSTABLE",
"name" => "vs125",
"id" => 22125,
"parameters" => [],
"interfaces" => [
[0] {
"id" => 43685,
"name" => "vs125",
"ip" => "10.1.160.60",
"mac" => "52:54:00:d2:6d:21",
"identifier" => "",
"primary" => true,
"provision" => true,
"type" => "interface"
},
[1] {
"id" => 43686,
"name" => "",
"ip" => nil,
"mac" => "52:54:00:85:36:82",
"identifier" => "",
"primary" => false,
"provision" => false,
"type" => "interface"
}
],
"puppetclasses" => [],
"config_groups" => [],
"all_puppetclasses" => []
}
[DEBUG 2015-07-23 17:46:23 API] Response headers: {
:date => "Thu, 23 Jul 2015 15:46:20 GMT",
:server => "Apache/2.2.22 (Debian)",
:x_powered_by => "Phusion Passenger (mod_rails/mod_rack) 3.0.13",
:foreman_version => "1.8.2",
:foreman_api_version => "2",
:apipie_checksum => "e3bfd0c4952c158d0555df77379f5010",
:x_ua_compatible => "IE=Edge,chrome=1",
:etag => "\"1fd03aa7ae5d66544cf80820d3275b69\"",
:cache_control => "must-revalidate, private, max-age=0",
:x_request_id => "f175345ed869d89e4afac0862a11c787",
:x_runtime => "2.788702",
:x_rack_cache => "miss",
:set_cookie => [
[0] "request_method=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
],
:status => "200",
:content_length => "1935",
:connection => "close",
:content_type => "application/json; charset=utf-8"
}
[ INFO 2015-07-23 17:46:23 API] GET /api/hosts/22125/parameters
[DEBUG 2015-07-23 17:46:23 API] Params: {}
[DEBUG 2015-07-23 17:46:23 API] Headers: {
:params => {}
}
[DEBUG 2015-07-23 17:46:25 API] 403 Forbidden
{
"error" => {
"message" => "Zugang verweigert",
"details" => nil
}
}
[ERROR 2015-07-23 17:46:25 Exception] Abgelehnt - Server verweigert die Verarbeitung der Anfrage
Abgelehnt - Server verweigert die Verarbeitung der Anfrage
[ERROR 2015-07-23 17:46:25 Exception]
RestClient::Forbidden (403 Forbidden):
/usr/lib/ruby/vendor_ruby/restclient/abstract_response.rb:74:in `return!'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:230:in `process_result'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:178:in `block in transmit'
/usr/lib/ruby/2.1.0/net/http.rb:853:in `start'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:172:in `transmit'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:64:in `execute'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:33:in `execute'
/usr/lib/ruby/vendor_ruby/restclient/resource.rb:51:in `get'
/usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:280:in `call_client'
/usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:211:in `http_call'
/usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:161:in `call'
/usr/lib/ruby/vendor_ruby/apipie_bindings/resource.rb:14:in `call'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/host.rb:194:in `get_parameters'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/host.rb:188:in `extend_data'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:376:in `send_request'
/usr/lib/ruby/vendor_ruby/hammer_cli/apipie/command.rb:34:in `execute'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run'
/usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run'
/usr/lib/ruby/vendor_ruby/clamp/subcommand/execution.rb:11:in `execute'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run'
/usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run'
/usr/lib/ruby/vendor_ruby/clamp/subcommand/execution.rb:11:in `execute'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run'
/usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:126:in `run'
/usr/bin/hammer:108:in `<main>'
Updated by 
Updated by
Actions