Project

General

Profile

Bug #5612

Foreman API v1 & v2 do not display common_parameters for non-admin users

Added by Jason Knudsen about 5 years ago. Updated 11 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Authorization
Target version:
Difficulty:
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

ENV:
Puppet: 3.5.1
Foreman :1.5.0RC2

We have a non-admin user called foreman that we use for API queries to pull down facts, parameters, hostgroups, classes, and global_parameters and it uses this to generate templates. Basically it needs to know parameters from other hosts, and global parameters.

The ruby code basically queries the API at https://hostname:port/api/common_parameters to fetch global parameters. This no longer seems to work at all for this non-admin user. It has view/viewer roles. The admin user works fine. If we call specific parameters, it will work, e.g.: https://hostname:port/api/common_parameters/test displays the expected result. Also, the same symptoms occur if we use Hammer with the foreman user. No results are displayed.

However, permissions are fine and we can login to the Foreman UI and see global parameters, hosts, hostgroups, etc. Just fine.

Seems like a regression. The last version we tested and it worked on was Foreman 1.4.


Related issues

Blocks Foreman - Tracker #4552: New permissions/authorization system issuesNew

Associated revisions

Revision 7cb05aa9 (diff)
Added by Dominic Cleal about 5 years ago

fixes #5612 - use correct permissions for authz in parameters API

Revision 5f65c486 (diff)
Added by Dominic Cleal about 5 years ago

fixes #5612 - use correct permissions for authz in parameters API

(cherry picked from commit 7cb05aa94e942bd3917c6cde33957288ea84a735)

History

#1 Updated by Dominic Cleal about 5 years ago

  • Category changed from 65 to Authorization
  • Status changed from New to Assigned
  • Assignee changed from Martin Bacovsky to Dominic Cleal
  • Target version set to 1.8.3
  • Legacy Backlogs Release (now unused) changed from 4 to 16

Thanks, reproduced successfully. It's trying to look up permissions for Parameter, not CommonParameter.

Also affected are the /api/v2/*/parameters routes, which try to look up permissions "view_domains_parameters" etc.

#2 Updated by Dominic Cleal about 5 years ago

  • Blocks Tracker #4552: New permissions/authorization system issues added

#3 Updated by Dominic Cleal about 5 years ago

  • Status changed from Assigned to Ready For Testing

#4 Updated by Jason Knudsen about 5 years ago

Awesome. Thanks for the quick turnaround on that - confirmed it's working in our lab!

#5 Updated by Dominic Cleal about 5 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#6 Updated by Dominic Cleal about 5 years ago

  • Legacy Backlogs Release (now unused) changed from 16 to 4

#7 Updated by Dominic Cleal about 5 years ago

Jason Knudsen wrote:

Awesome. Thanks for the quick turnaround on that - confirmed it's working in our lab!

Great, it'll be in 1.5.0 final. Thanks for helping test the RCs!

Also available in: Atom PDF