Spotted in #11219, seems to have existed for a while but has gotten worse with #8343.

PUT /api/v2/operatingsystems/4/os_default_templates/2 with

{
    "config_template_id": "40",
    "template_kind_id": "1" 
}

results in:

[ WARN 2015-07-31 08:51:28 app] Action failed
 | NoMethodError: undefined method `name' for nil:NilClass
 | /root/foreman/app/controllers/api/base_controller.rb:55:in `parent_scope'
 | /root/foreman/app/controllers/api/base_controller.rb:46:in `resource_scope'
 | /root/foreman/app/controllers/concerns/find_common.rb:9:in `find_resource'

It looks like the parent_resource_details method is checking the params list for top-level parameters ending in _id and assuming that is likely to be a parent resource. When sending unwrapped parameters, you get a mixture of parameters in the top-level scope, e.g. for the above something like:

=> {"config_template_id"=>"1",
 "template_kind_id"=>"1",
 "format"=>"json",
 "apiv"=>"v2",
 "action"=>"update",
 "controller"=>"api/v2/os_default_templates",
 "operatingsystem_id"=>"6",
 "id"=>"30",
 "os_default_template"=>
  {"template_kind_id"=>"1", "provisioning_template_id"=>"1"}}

Only the operatingsystem_id is the correct parent _id attribute here, the rest are actually part of the user's parameters being submitted.

We use wrap_parameters which copies attributes from the top-level into the nested hash ("os_default_template") which is used for updates/creates.