Actions
Bug #12406
closed
No permission to access /api/create_hosts
Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Users, Roles and Permissions
Target version:
-
Description
18:41 $ hammer --version
hammer (0.3.0)
* hammer_cli_foreman (0.3.0)
foreman 1.9.3.1
Hi,
when createing a host via the webinterface for a user this works fine. But if the user tries to do the same via the hammer cli he get an "Access Denied"
any ideas?
Here the client output:
18:39 $ hammer -d host create --architecture x86_64 --build true --compute-profile S --compute-resource-id=54 --domain-id=9 --enabled false --environment-id=2 --hostgroup-id=16 --name testhost --interface managed=true,primary=true,provision=true --location-id 18 --medium 'Debian Mirror' --operatingsystem 'Debian Wheezy (INSTALL!)' --organization-id=25 --owner-id 35 --provision-method build --subnet-id=10
[ INFO 2015-11-05 18:40:32 Init] Initialization of Hammer CLI (0.3.0) has started...
[DEBUG 2015-11-05 18:40:32 Init] Running at ruby 1.9.3-p484
[ INFO 2015-11-05 18:40:32 Init] Configuration from the file /etc/hammer/cli_config.yml has been loaded
[ INFO 2015-11-05 18:40:32 Init] Configuration from the file /etc/hammer/cli.modules.d/foreman.yml has been loaded
[ INFO 2015-11-05 18:40:32 Init] Configuration from the file /home/rgoldmann/.hammer/cli_config.yml has been loaded
[ INFO 2015-11-05 18:40:32 Init] Configuration from the file /home/rgoldmann/.hammer/cli.modules.d/foreman.yml has been loaded
[DEBUG 2015-11-05 18:40:32 Connection] Registered: foreman
[DEBUG 2015-11-05 18:40:32 API] Global headers: {
:content_type => "application/json",
:accept => "application/json;version=2",
"Accept-Language" => "en"
}
[ INFO 2015-11-05 18:40:32 Modules] Extension module hammer_cli_foreman (0.3.0) loaded
[DEBUG 2015-11-05 18:40:32 Init] Using locale 'en'
[DEBUG 2015-11-05 18:40:32 Init] 'mo' files for locale domain 'hammer-cli' loaded from '/usr/share/locale'
[DEBUG 2015-11-05 18:40:32 Init] 'mo' files for locale domain 'hammer-cli-foreman' loaded from '/usr/share/locale'
[ INFO 2015-11-05 18:40:32 HammerCLI::MainCommand] Called with options: {"option_debug"=>true}
[ INFO 2015-11-05 18:40:32 HammerCLIForeman::Host] Called with options: {}
[ INFO 2015-11-05 18:40:32 HammerCLIForeman::Host::CreateCommand] Called with options: {"option_user_id"=>"35", "option_managed"=>true, "option_build"=>true, "option_enabled"=>false, "option_volume_list"=>[], "option_interface_list"=>[{"managed"=>"true", "primary"=>"true", "provision"=>"true"}], "option_provision_method"=>"build", "option_location_id"=>18, "option_organization_id"=>25, "option_environment_id"=>2, "option_architecture_name"=>"x86_64", "option_domain_id"=>9, "option_operatingsystem_title"=>"Debian Wheezy (INSTALL!)", "option_medium_name"=>"Debian Mirror", "option_subnet_id"=>10, "option_compute_resource_id"=>54, "option_hostgroup_id"=>16, "option_compute_profile_name"=>"S", "option_name"=>"testhost" "}
[ INFO 2015-11-05 18:40:32 API] GET /api/architectures
[DEBUG 2015-11-05 18:40:32 API] Params: {
:search => "name = \"x86_64\""
}
[DEBUG 2015-11-05 18:40:32 API] Headers: {
:params => {
:search => "name = \"x86_64\""
}
}
[DEBUG 2015-11-05 18:40:33 API] Response: {
"total" => 3,
"subtotal" => 1,
"page" => 1,
"per_page" => 20,
"search" => "name = \"x86_64\"",
"sort" => {
"by" => nil,
"order" => nil
},
"results" => [
[0] {
"created_at" => "2014-05-23T14:48:49Z",
"updated_at" => "2014-05-23T14:48:49Z",
"name" => "x86_64",
"id" => 1
}
]
}
[DEBUG 2015-11-05 18:40:33 API] Response headers: {
:date => "Thu, 05 Nov 2015 17:40:32 GMT",
:server => "Apache/2.2.22 (Debian)",
:x_powered_by => "Phusion Passenger (mod_rails/mod_rack) 3.0.13",
:foreman_version => "1.9.3",
:foreman_api_version => "2",
:apipie_checksum => "89042989ea6d19b91edcb0560202f354",
:x_ua_compatible => "IE=Edge,chrome=1",
:etag => "\"6032e831cbd84b91fa13b2ca3eee4de8\"",
:cache_control => "must-revalidate, private, max-age=0",
:x_request_id => "a09e3911c33fd9b67857c27a0ffb461b",
:x_runtime => "0.144879",
:x_rack_cache => "miss",
:set_cookie => [
[0] "_session_id=4966bcbfbf63c22439deabb9c7fad2d6; path=/; HttpOnly",
[1] "request_method=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
],
:status => "200",
:content_length => "262",
:connection => "close",
:content_type => "application/json; charset=utf-8"
}
[ INFO 2015-11-05 18:40:33 API] GET /api/operatingsystems
[DEBUG 2015-11-05 18:40:33 API] Params: {
:search => "title = \"Debian Wheezy (INSTALL!)\""
}
[DEBUG 2015-11-05 18:40:33 API] Headers: {
:params => {
:search => "title = \"Debian Wheezy (INSTALL!)\""
}
}
[DEBUG 2015-11-05 18:40:33 API] Response: {
"total" => 15,
"subtotal" => 1,
"page" => 1,
"per_page" => 20,
"search" => "title = \"Debian Wheezy (INSTALL!)\"",
"sort" => {
"by" => nil,
"order" => nil
},
"results" => [
[0] {
"description" => "Debian Wheezy (INSTALL!)",
"major" => "7",
"minor" => "",
"family" => "Debian",
"release_name" => "wheezy",
"password_hash" => "MD5",
"created_at" => "2014-10-20T14:15:47Z",
"updated_at" => "2015-02-09T09:46:29Z",
"id" => 5,
"name" => "Debian",
"title" => "Debian Wheezy (INSTALL!)"
}
]
}
[DEBUG 2015-11-05 18:40:33 API] Response headers: {
:date => "Thu, 05 Nov 2015 17:40:33 GMT",
:server => "Apache/2.2.22 (Debian)",
:x_powered_by => "Phusion Passenger (mod_rails/mod_rack) 3.0.13",
:foreman_version => "1.9.3",
:foreman_api_version => "2",
:apipie_checksum => "89042989ea6d19b91edcb0560202f354",
:x_ua_compatible => "IE=Edge,chrome=1",
:etag => "\"2032ea9ee8077491beff3098087bf14b\"",
:cache_control => "must-revalidate, private, max-age=0",
:x_request_id => "efd4a3fc5ee787a81658aee8eda299af",
:x_runtime => "0.127149",
:x_rack_cache => "miss",
:set_cookie => [
[0] "_session_id=14e09c12476a613e7bba738addf39204; path=/; HttpOnly",
[1] "request_method=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT"
],
:status => "200",
:content_length => "445",
:connection => "close",
:content_type => "application/json; charset=utf-8"
}
[ INFO 2015-11-05 18:40:33 API] GET /api/media
[DEBUG 2015-11-05 18:40:33 API] Params: {
:search => "name = \"Debian Mirror\""
}
[DEBUG 2015-11-05 18:40:33 API] Headers: {
:params => {
:search => "name = \"BY Debian Mirror\""
}
}
[DEBUG 2015-11-05 18:40:33 API] 403 Forbidden
{
"error" => {
"message" => "Access denied",
"details" => nil
}
}
[ERROR 2015-11-05 18:40:33 Exception] Forbidden - server refused to process the request
Could not create the host:
Forbidden - server refused to process the request
[ERROR 2015-11-05 18:40:33 Exception]
RestClient::Forbidden (403 Forbidden):
/usr/lib/ruby/vendor_ruby/restclient/abstract_response.rb:48:in `return!'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:230:in `process_result'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:178:in `block in transmit'
/usr/lib/ruby/1.9.1/net/http.rb:746:in `start'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:172:in `transmit'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:64:in `execute'
/usr/lib/ruby/vendor_ruby/restclient/request.rb:33:in `execute'
/usr/lib/ruby/vendor_ruby/restclient/resource.rb:51:in `get'
/usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:286:in `call_client'
/usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:217:in `http_call'
/usr/lib/ruby/vendor_ruby/apipie_bindings/api.rb:163:in `call'
/usr/lib/ruby/vendor_ruby/apipie_bindings/resource.rb:14:in `call'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/id_resolver.rb:178:in `resolved_call'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/id_resolver.rb:164:in `find_resource_raw'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/id_resolver.rb:158:in `find_resource'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/id_resolver.rb:143:in `get_id'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/id_resolver.rb:133:in `block (2 levels) in define_id_finders'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:149:in `get_resource_id'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:218:in `block in customized_options'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:215:in `each'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:215:in `customized_options'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:239:in `request_params'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/host.rb:67:in `request_params'
/usr/lib/ruby/vendor_ruby/hammer_cli/apipie/command.rb:43:in `send_request'
/usr/lib/ruby/vendor_ruby/hammer_cli_foreman/commands.rb:185:in `send_request'
/usr/lib/ruby/vendor_ruby/hammer_cli/apipie/command.rb:34:in `execute'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run'
/usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run'
/usr/lib/ruby/vendor_ruby/clamp/subcommand/execution.rb:11:in `execute'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run'
/usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run'
/usr/lib/ruby/vendor_ruby/clamp/subcommand/execution.rb:11:in `execute'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:68:in `run'
/usr/lib/ruby/vendor_ruby/hammer_cli/abstract.rb:23:in `run'
/usr/lib/ruby/vendor_ruby/clamp/command.rb:133:in `run'
/usr/bin/hammer:115:in `<main>'
<pre>
Updated by Dominic Cleal over 8 years ago
- Category changed from API to Users, Roles and Permissions
- Status changed from New to Need more information
Could you show which permissions the user has via their roles?
The server log (/var/log/foreman/production.log) with the permissions logger would also be useful: http://theforeman.org/manuals/1.9/index.html#7.2Debugging
Updated by Rainer G over 8 years ago
Hi,
I've found the issue. Missing permisions for view media.
Sorry for the fuss.
Updated by Dominic Cleal over 8 years ago
- Status changed from Need more information to Resolved
No problem, thanks for reporting back.
Actions