Project

General

Profile

Bug #25962

Can no longer trigger puppetrun using API when authenticating as non-admin user

Added by J. A. almost 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

I'm triggering puppetruns through the Foreman API like so:

curl -XPUT -u "myuser:mypassword" https://foreman/api/hosts/testhost/puppetrun

"myuser" has the puppetrun_hosts permission (unlimited) through an assigned role. This used to work when our setup was running v1.17, but sometime between then and upgrading (through intermediaries) to v1.20.1, I get this error response instead:

{
"error": {"message":"Access denied","details":"Missing one of the required permissions: "}
}

I'm not sure if it's meant to be required, but the user also has unlimited view_hosts and a few other permissions.

If the permission requirements have indeed changed, then there is at least a bug here where the required permissions aren't being reported properly.

It works when making the same API call with an admin user - is there a permission I can add to the non-admin user to make this work in Foreman 1.20?

Also available in: Atom PDF