I'm using foreman version 4.0, and it seems that the only way for
allowing a user to run a 'puppetrun' , is to make him/her an administrator.
Am I missing something here? It seems that none of the pre-defined roles
have a function for 'puppetrun'. What's the best way to allow a user to do
a 'puppetrun' without being an administrator?
Part II:
I use the audit view to see who and when classes have been assigned to
hosts, but is there a way to also audit those who do 'puppetrun'? that
would be very useful That way I can see who ran puppet and when. The
reports only show the 'when' and the 'what', but not the 'who'
> Hello,
>
> I'm using foreman version 4.0, and it seems that the only way for
> allowing a user to run a 'puppetrun' , is to make him/her an administrator.
> Am I missing something here? It seems that none of the pre-defined roles
> have a function for 'puppetrun'. What's the best way to allow a user to do
> a 'puppetrun' without being an administrator?
>
> Part II:
>
> I use the audit view to see who and when classes have been assigned
> to hosts, but is there a way to also audit those who do 'puppetrun'? that
> would be very useful That way I can see who ran puppet and when. The
> reports only show the 'when' and the 'what', but not the 'who'
>
>
Hi Henry,
Sounds like a new feature request, do you mind adding it to the tracker?
thanks,
Ohad
···
On Sat, Jul 7, 2012 at 3:44 PM, CraftyTech wrote:
Make sure to vote for it! (I swear I don't lurk on this list only to
repost this one issue.)
···
On Sat, Jul 7, 2012 at 8:44 AM, CraftyTech wrote:
> I'm using foreman version 4.0, and it seems that the only way for
> allowing a user to run a 'puppetrun' , is to make him/her an administrator.
> Am I missing something here? It seems that none of the pre-defined roles
> have a function for 'puppetrun'. What's the best way to allow a user to do
> a 'puppetrun' without being an administrator?
Can't log in to file a 'feature request' with foreman. Even after
re-setting the password. I always had an issue with logging
in(craftytech), I can't re-register because it says that my email address
is already in use. In any case, for informational purposes, is being an
admin the only to execute a puppetrun?
I just want to make sure that it is that way by design, and that there are
no roles that allow a user to do puppetruns without making them an admin.
Thanks,
Henry
···
On Saturday, July 7, 2012 9:18:08 AM UTC-4, ohad wrote:
>
>
>
> On Sat, Jul 7, 2012 at 3:44 PM, CraftyTech wrote:
>
>> Hello,
>>
>> I'm using foreman version 4.0, and it seems that the only way for
>> allowing a user to run a 'puppetrun' , is to make him/her an administrator.
>> Am I missing something here? It seems that none of the pre-defined roles
>> have a function for 'puppetrun'. What's the best way to allow a user to do
>> a 'puppetrun' without being an administrator?
>>
>> Part II:
>>
>> I use the audit view to see who and when classes have been assigned
>> to hosts, but is there a way to also audit those who do 'puppetrun'? that
>> would be very useful :) That way I can see who ran puppet and when. The
>> reports only show the 'when' and the 'what', but not the 'who' :(
>>
>>
> Hi Henry,
>
> Sounds like a new feature request, do you mind adding it to the tracker?
>
> thanks,
> Ohad
>
>
>> Thanks,
>>
>> Henry
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Foreman users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/foreman-users/-/B7b2vvDlXVgJ.
>> To post to this group, send email to foreman-users@googlegroups.com.
>> To unsubscribe from this group, send email to
>> foreman-users+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/foreman-users?hl=en.
>>
>
>
I work around it by giving everyone permission to do a puppet run:
Edit app/controllers/application_controller.rb
Insert into 'def authorize' (around line 32) to be:
Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action])
return true if request.xhr?
return true if action == 'puppetrun'
return true if action == 'update_multiple_puppetrun'
allowed = User.current.allowed_to?({:controller => ctrl.gsub(/::/,
"_").underscore, :action => action})
allowed ? true : deny_access
end
'update_multiple_puppetrun' is version 1.0 specific. 'puppetrun' works on
0.4.
···
On Monday, July 16, 2012 4:13:47 PM UTC-4, Adam Heinz wrote:
>
> On Sat, Jul 7, 2012 at 8:44 AM, CraftyTech wrote:
> > I'm using foreman version 4.0, and it seems that the only way for
> > allowing a user to run a 'puppetrun' , is to make him/her an
> administrator.
> > Am I missing something here? It seems that none of the pre-defined
> roles
> > have a function for 'puppetrun'. What's the best way to allow a user to
> do
> > a 'puppetrun' without being an administrator?
>
> Part I: http://theforeman.org/issues/985
>
> Make sure to vote for it! (I swear I don't lurk on this list only to
> repost this one issue.) ;)
>