Project

General

Profile

Actions

Bug #33727

closed

Unable to assign ansible roles to a host group via hammer/api with non-admin user

Added by Dominik Matoulek almost 3 years ago. Updated almost 3 years ago.

Status:
Closed
Priority:
Normal
Category:
Users, Roles and Permissions
Target version:
-
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1999604

Description of problem:
It's not possible to assign ansible roles to a host group via hammer/api with a non-admin user.

How reproducible:
Always

Steps to Reproduce:
1. Create a role with the following permission set:

  1. hammer role filters --id 33
    ~~
    ----|------------------------|--------|------------|-----------|------|---------------------------------------------------------------------------------
    ID | RESOURCE TYPE | SEARCH | UNLIMITED? | OVERRIDE? | ROLE | PERMISSIONS
    ----|------------------------|--------|------------|-----------|------|---------------------------------------------------------------------------------
    335 | AnsibleRole | none | yes | no | api | view_ansible_roles
    336 | Architecture | none | yes | no | api | view_architectures
    337 | Operatingsystem | none | yes | no | api | view_operatingsystems
    338 | Parameter | none | yes | no | api | view_params, create_params, edit_params, destroy_params
    339 | Katello::ActivationKey | none | no | no | api | view_activation_keys
    340 | Katello::ContentView | none | no | no | api | view_content_views
    341 | Katello::KTEnvironment | none | no | no | api | view_lifecycle_environments
    342 | Hostgroup | none | no | no | api | view_hostgroups, create_hostgroups, edit_hostgroups, destroy_hostgroups, play...
    343 | Organization | none | no | no | api | view_organizations, assign_organizations
    344 | Domain | none | no | no | api | view_domains
    345 | Environment | none | no | no | api | view_environments
    346 | Host | none | no | no | api | view_hosts, create_hosts, edit_hosts, destroy_hosts, play_roles_on_host
    347 | Location | none | no | no | api | view_locations, assign_locations
    348 | Subnet | none | no | no | api | view_subnets, create_subnets, edit_subnets, destroy_subnets
    349 | SmartProxy | none | no | no | api | view_smart_proxies
    ----|------------------------|--------|------------|-----------|------|---------------------------------------------------------------------------------
    ~~

2. Assign this role to a user.
3. Try to assign ansible roles to a HG with this user via WebUI --> SUCCESS
4. Try to assign ansible roles to a HG with this user via hammer --> FAIL:

  1. hammer -u api -p redhat hostgroup ansible-roles assign --id 1 --ansible-role-ids 3
    ~~
    Could not assign roles to the hostgroup:
    Access denied
    Missing one of the required permissions: edit_hostgroups
    ~~
Actions

Also available in: Atom PDF