Actions
Bug #33727
closed
Unable to assign ansible roles to a host group via hammer/api with non-admin user
Status:
Closed
Priority:
Normal
Assignee:
Category:
Users, Roles and Permissions
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1999604
Description of problem:
It's not possible to assign ansible roles to a host group via hammer/api with a non-admin user.
How reproducible:
Always
Steps to Reproduce:
1. Create a role with the following permission set:
- hammer role filters --id 33
~~
----|------------------------|--------|------------|-----------|------|---------------------------------------------------------------------------------
ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
----|------------------------|--------|------------|-----------|------|---------------------------------------------------------------------------------
335 | AnsibleRole | none | yes | no | api | view_ansible_roles
336 | Architecture | none | yes | no | api | view_architectures
337 | Operatingsystem | none | yes | no | api | view_operatingsystems
338 | Parameter | none | yes | no | api | view_params, create_params, edit_params, destroy_params
339 | Katello::ActivationKey | none | no | no | api | view_activation_keys
340 | Katello::ContentView | none | no | no | api | view_content_views
341 | Katello::KTEnvironment | none | no | no | api | view_lifecycle_environments
342 | Hostgroup | none | no | no | api | view_hostgroups, create_hostgroups, edit_hostgroups, destroy_hostgroups, play...
343 | Organization | none | no | no | api | view_organizations, assign_organizations
344 | Domain | none | no | no | api | view_domains
345 | Environment | none | no | no | api | view_environments
346 | Host | none | no | no | api | view_hosts, create_hosts, edit_hosts, destroy_hosts, play_roles_on_host
347 | Location | none | no | no | api | view_locations, assign_locations
348 | Subnet | none | no | no | api | view_subnets, create_subnets, edit_subnets, destroy_subnets
349 | SmartProxy | none | no | no | api | view_smart_proxies
----|------------------------|--------|------------|-----------|------|---------------------------------------------------------------------------------
~~
2. Assign this role to a user.
3. Try to assign ansible roles to a HG with this user via WebUI --> SUCCESS
4. Try to assign ansible roles to a HG with this user via hammer --> FAIL:
- hammer -u api -p redhat hostgroup ansible-roles assign --id 1 --ansible-role-ids 3
~~
Could not assign roles to the hostgroup:
Access denied
Missing one of the required permissions: edit_hostgroups
~~
Updated by Dominik Matoulek about 3 years ago
- Subject changed from Unable to assign ansible roles to a host group via hammer/api with non-admin user to Unable to assign ansible roles to a host group via hammer/api with non-admin user
- Category set to Users, Roles and Permissions
- Assignee set to Dominik Matoulek
- Triaged changed from No to Yes
Updated by The Foreman Bot about 3 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/8857 added
Updated by Dominik Matoulek about 3 years ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman|9d8e26bf226b087933d93c3db172c69c97cb9f5d.
Updated by The Foreman Bot about 3 years ago
- Pull request https://github.com/theforeman/foreman/pull/8890 added
Actions