I was under the impression that puppet run for non-sysadmin users was
corrected in version 0.5. I must be missing something because I can't get
anything but "Permission denied. You are not authorized to perform this
action." Even though the Run Puppet button is enabled (and puppetrun
setting is set to true).
Can't find any permission setting for it. Works fine with an admin account.
Tried following the code but couldn't find any security checks along the
way for the call.
···
On Tuesday, May 29, 2012 9:19:02 AM UTC-4, Roger wrote:
>
> I was under the impression that puppet run for non-sysadmin users was
> corrected in version 0.5. I must be missing something because I can't get
> anything but "Permission denied. You are not authorized to perform this
> action." Even though the Run Puppet button is enabled (and puppetrun
> setting is set to true).
>
> Can't find any permission setting for it. Works fine with an admin
> account.
>
> Tried following the code but couldn't find any security checks along the
> way for the call.
>
The feature request is not currently scheduled for any release.
···
On Tue, May 29, 2012 at 9:19 AM, Roger wrote:
> I was under the impression that puppet run for non-sysadmin users was
> corrected in version 0.5. I must be missing something because I can't get
> anything but "Permission denied. You are not authorized to perform this
> action." Even though the Run Puppet button is enabled (and puppetrun
> setting is set to true).
Unless I am missing something, it seems to me that we need to extend
roles to provide this permission, and rely on that. -Brian
···
On Tue, May 29, 2012 at 11:23 AM, Roger wrote:
> I managed to get it to work by hacking
> app/controllers/application_controller.rb
>
> diff --git a/app/controllers/application_controller.rb
> b/app/controllers/application_controller.rb
> index 88d2684..1cf9b34 100644
> --- a/app/controllers/application_controller.rb
> +++ b/app/controllers/application_controller.rb
> @@ -31,6 +31,7 @@ class ApplicationController < ActionController::Base
> # Authorize the user for the requested action
> def authorize(ctrl = params[:controller], action = params[:action])
> return true if request.xhr?
> + return true if action = 'puppetrun'
> allowed = User.current.allowed_to?({:controller => ctrl.gsub(/::/,
> "_").underscore, :action => action})
> allowed ? true : deny_access
> end
>
> Not ideal, but it works.
>
> On Tuesday, May 29, 2012 9:19:02 AM UTC-4, Roger wrote:
>>
>> I was under the impression that puppet run for non-sysadmin users was
>> corrected in version 0.5. I must be missing something because I can't get
>> anything but "Permission denied. You are not authorized to perform this
>> action." Even though the Run Puppet button is enabled (and puppetrun
>> setting is set to true).
>>
>> Can't find any permission setting for it. Works fine with an admin
>> account.
>>
>> Tried following the code but couldn't find any security checks along the
>> way for the call.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Foreman users" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/foreman-users/-/MHy_tGzEAgMJ.
>
> To post to this group, send email to foreman-users@googlegroups.com.
> To unsubscribe from this group, send email to
> foreman-users+unsubscribe@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/foreman-users?hl=en.
>> I was under the impression that puppet run for non-sysadmin users was
>> corrected in version 0.5. I must be missing something because I can't get
>> anything but "Permission denied. You are not authorized to perform this
>> action." Even though the Run Puppet button is enabled (and puppetrun
>> setting is set to true).
>
> Feature #985: no permission corresponds to 'Run Puppet' feature - Foreman
>
> The feature request is not currently scheduled for any release.
Ah… so I unassigned it. If someone wants to pick it up, feel free.
(Greg, hint, hint.) (It's a bit beyond my coding skills right now…
but I will look into the roles stuff, and see how hard it would be to
add.) (One the role is added, the other code needs to be refactored. I
also think I need to migrate the schema, which I haven't done yet.)
Cheers,
Brian
···
On Tue, May 29, 2012 at 1:40 PM, Adam Heinz wrote:
> On Tue, May 29, 2012 at 9:19 AM, Roger wrote:
Heh. I can take a look, but I don't use puppetrun at all, so testing
will be difficult. If someone is prepared to volunteer to test any
patches I create, then I'll be happy to try and get to it in the next
week or two.
Greg
···
On 29/05/12 18:47, Brian Gupta wrote:
Ah… so I unassigned it. If someone wants to pick it up, feel
free. (Greg, hint, hint.)
Currently in the process of migrating from a foreman 0.4 / puppet 2.6
environment to 0.5 / 2.7. Should be a couple weeks before I put the new
stuff in production mode.
···
On Wednesday, May 30, 2012 6:21:05 AM UTC-4, Greg Sutcliffe wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 29/05/12 18:47, Brian Gupta wrote:
>
> > Ah.. so I unassigned it. If someone wants to pick it up, feel
> > free. (Greg, hint, hint.)
>
> Heh. I can take a look, but I don't use puppetrun at all, so testing
> will be difficult. If someone is prepared to volunteer to test any
> patches I create, then I'll be happy to try and get to it in the next
> week or two.
>
> Greg
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.19 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk/F9JEACgkQ8O7RN8oK65NRgQCff0QggDA369mmkcQkY8Ftc0yk
> NtEAoKTkwbv9WeV18NGVSi0yyqttP/5e
> =WC2o
> -----END PGP SIGNATURE-----
>
