Role manipulation in Foreman 1.5

Support
1

I'm having issues manipulating roles (creating, updating, etc) via the API
after upgrading from version 1.4.2 to version 1.5.0.

It seems a number of the role api calls have broken in 1.5.0.

In version 1.4.2, if I ran the command:
curl -s -u admin:changeme -k -X GET http://localhost/api/roles

I would get the expected response that is described in the API docs:

> { "name": "Manager", "id": 1, "builtin": 0, "permissions": [
> "view_architectures", "create_architecture",<snip>

When I run the same command on my (upgraded 1.5.0) test instance, I get:

{"error":{"message":"undefined method `key?' for
> #<JSON::Ext::Generator::State:0x000000088ad538>"}}
>

If I change the REST call to

curl -s -u admin:changeme -k -X GET http://localhost/api/v2/roles
>
then I get a response of:

{
> "total": 10,
> "subtotal": 10,
> "page": 1,
> "per_page": 20,
> "search": null,
> "sort": {
> "by": null,
> "order": null
> },
> "results": [{"name":"Manager","id":1,"builtin":0},{"name":"Edit partition
> tables","id":2,"builtin":0},{"name":"View
> hosts","id":3,"builtin":0},{"name":"Edit
> hosts","id":4,"builtin":0},{"name":"Viewer","id":5,"builtin":0},{"name":"Site
> manager","id":6,"builtin":0},{"name":"Default
> user","id":7,"builtin":1},{"name":"Anonymous","id":8,"builtin":2},{"name":"Anonymous_admin","id":15,"builtin":0}]
> }
>

If I try to list a specific role, ala

curl -s -u admin:changeme -k -X GET http://localhost/api/v2/roles/1
>
the response is:

{"name":"Manager","id":1,"builtin":0,"filters":[{"id":1},{"id":2},{"id":3},{"id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"id":12},{"id":13},{"id":14},{"id":15},{"id":16},{"id":17},{"id":18},{"id":19},{"id":20},{"id":21},{"id":22},{"id":23},{"id":24},{"id":25},{"id":26},{"id":27},{"id":28},{"id":29},{"id":30}]}[root@foreman
> roles]
>
which is a bunch of filter ids instead of actual permissions, as the API docs suggest.

When I try to create a new role, I am using this command

curl -s -u admin:changeme -k -H "Content-type:application/json" -X POST -d
> @test.json https://localhost/api/v2/roles
>

where test.json contains

> {
> "role": {
> "permissions": [
> "view_architectures",
> "view_environments",
> "view_external_variables",
> "view_facts",
> "edit_classes",
> "create_params",
> "edit_params",
> "destroy_params",
> "view_hostgroups",
> "view_hosts",
> "edit_hosts"
> ],
> "name": "test role"
> }
> }
>

The server response is

> "error": {"message":"Permission(#65105840) expected, got String(#8668640)"}
>

It looks to me like the new permissions model broken the v1 Roles API completely, and the v2 Roles API now revolves around the new 'Filters' concept, which isn't documented in the API docs.

Thanks

2

Hello Michael,

would you mind opening a new issue in our redmine? [1] Ideally set it blocking
existing issue #4552. Also it could be helpful to attach the trace from
production log for the undefined method key? error if there's any.

[1] http://projects.theforeman.org/

··· -- Marek

On Monday 26 of May 2014 11:55:37 Michael Griffin wrote:

I’m having issues manipulating roles (creating, updating, etc) via the API
after upgrading from version 1.4.2 to version 1.5.0.

It seems a number of the role api calls have broken in 1.5.0.

In version 1.4.2, if I ran the command:
curl -s -u admin:changeme -k -X GET http://localhost/api/roles

I would get the expected response that is described in the API docs:

{ “name”: “Manager”, “id”: 1, “builtin”: 0, “permissions”: [
“view_architectures”, “create_architecture”,

When I run the same command on my (upgraded 1.5.0) test instance, I get:

{“error”:{“message”:"undefined method `key?’ for

#JSON::Ext::Generator::State:0x000000088ad538"}}

If I change the REST call to

curl -s -u admin:changeme -k -X GET http://localhost/api/v2/roles

then I get a response of:

{

“total”: 10,
“subtotal”: 10,
“page”: 1,
“per_page”: 20,
“search”: null,
“sort”: {
“by”: null,
“order”: null
},
“results”: [{“name”:“Manager”,“id”:1,“builtin”:0},{“name”:“Edit partition
tables”,“id”:2,“builtin”:0},{“name”:“View
hosts”,“id”:3,“builtin”:0},{“name”:“Edit
hosts”,“id”:4,“builtin”:0},{“name”:“Viewer”,“id”:5,“builtin”:0},{“name”:“S
ite manager”,“id”:6,“builtin”:0},{“name”:“Default
user”,“id”:7,“builtin”:1},{“name”:“Anonymous”,“id”:8,“builtin”:2},{“name”:
“Anonymous_admin”,“id”:15,“builtin”:0}] }

If I try to list a specific role, ala

curl -s -u admin:changeme -k -X GET http://localhost/api/v2/roles/1

the response is:

{“name”:“Manager”,“id”:1,“builtin”:0,“filters”:[{“id”:1},{“id”:2},{“id”:3},{
“id”:4},{“id”:5},{“id”:6},{“id”:7},{“id”:8},{“id”:9},{“id”:10},{“id”:11},{“i
d”:12},{“id”:13},{“id”:14},{“id”:15},{“id”:16},{“id”:17},{“id”:18},{“id”:19}
,{“id”:20},{“id”:21},{“id”:22},{“id”:23},{“id”:24},{“id”:25},{“id”:26},{“id”
:27},{“id”:28},{“id”:29},{“id”:30}]}[root@foreman

roles]

which is a bunch of filter ids instead of actual permissions, as the API
docs suggest.

When I try to create a new role, I am using this command

curl -s -u admin:changeme -k -H “Content-type:application/json” -X POST -d

@test.json https://localhost/api/v2/roles

where test.json contains

{

“role”: {

"permissions": [

  "view_architectures",
  "view_environments",
  "view_external_variables",
  "view_facts",
  "edit_classes",
  "create_params",
  "edit_params",
  "destroy_params",
  "view_hostgroups",
  "view_hosts",
  "edit_hosts"

],
"name": "test role"

}

}

The server response is

“error”: {“message”:“Permission(#65105840) expected, got
String(#8668640)”}

It looks to me like the new permissions model broken the v1 Roles API
completely, and the v2 Roles API now revolves around the new 'Filters’
concept, which isn’t documented in the API docs.

Thanks

3

http://projects.theforeman.org/issues/5945

It doesn't seem as though I have permissions to set a blocker for 4552.

Thanks

··· On Tuesday, May 27, 2014 2:35:49 AM UTC-4, Marek Hulan wrote: > > Hello Michael, > > would you mind opening a new issue in our redmine? [1] Ideally set it > blocking > existing issue #4552. Also it could be helpful to attach the trace from > production log for the `undefined method key?` error if there's any. > > [1] http://projects.theforeman.org/ > > -- > Marek > > On Monday 26 of May 2014 11:55:37 Michael Griffin wrote: > > I'm having issues manipulating roles (creating, updating, etc) via the > API > > after upgrading from version 1.4.2 to version 1.5.0. > > > > It seems a number of the role api calls have broken in 1.5.0. > > > > In version 1.4.2, if I ran the command: > > curl -s -u admin:changeme -k -X GET http://localhost/api/roles > > > > I would get the expected response that is described in the API docs: > > > { "name": "Manager", "id": 1, "builtin": 0, "permissions": [ > > > "view_architectures", "create_architecture", > > > > When I run the same command on my (upgraded 1.5.0) test instance, I get: > > > > {"error":{"message":"undefined method `key?' for > > > > > #"}} > > > > If I change the REST call to > > > > *curl -s -u admin:changeme -k -X GET http://localhost/api/v2/roles* > > > > then I get a response of: > > > > { > > > > > "total": 10, > > > "subtotal": 10, > > > "page": 1, > > > "per_page": 20, > > > "search": null, > > > "sort": { > > > "by": null, > > > "order": null > > > }, > > > "results": [{"name":"Manager","id":1,"builtin":0},{"name":"Edit > partition > > > tables","id":2,"builtin":0},{"name":"View > > > hosts","id":3,"builtin":0},{"name":"Edit > > > > hosts","id":4,"builtin":0},{"name":"Viewer","id":5,"builtin":0},{"name":"S > > > ite manager","id":6,"builtin":0},{"name":"Default > > > > user","id":7,"builtin":1},{"name":"Anonymous","id":8,"builtin":2},{"name": > > > "Anonymous_admin","id":15,"builtin":0}] } > > > > If I try to list a specific role, ala > > > > curl -s -u admin:changeme -k -X GET http://localhost/api/v2/roles/1 > > > > the response is: > > > > > {"name":"Manager","id":1,"builtin":0,"filters":[{"id":1},{"id":2},{"id":3},{ > > > > "id":4},{"id":5},{"id":6},{"id":7},{"id":8},{"id":9},{"id":10},{"id":11},{"i > > > > d":12},{"id":13},{"id":14},{"id":15},{"id":16},{"id":17},{"id":18},{"id":19} > > > > ,{"id":20},{"id":21},{"id":22},{"id":23},{"id":24},{"id":25},{"id":26},{"id" > > > :27},{"id":28},{"id":29},{"id":30}]}[root@foreman > > > roles] > > > > which is a bunch of filter ids instead of actual permissions, as the API > > docs suggest. > > > > When I try to create a new role, I am using this command > > > > curl -s -u admin:changeme -k -H "Content-type:application/json" -X POST > -d > > > > > @test.json https://localhost/api/v2/roles > > > > where test.json contains > > > > > { > > > > > > "role": { > > > > > > "permissions": [ > > > > > > "view_architectures", > > > "view_environments", > > > "view_external_variables", > > > "view_facts", > > > "edit_classes", > > > "create_params", > > > "edit_params", > > > "destroy_params", > > > "view_hostgroups", > > > "view_hosts", > > > "edit_hosts" > > > > > > ], > > > "name": "test role" > > > > > > } > > > > > > } > > > > The server response is > > > > > "error": {"message":"Permission(#65105840) expected, got > > > String(#8668640)"} > > > > It looks to me like the new permissions model broken the v1 Roles API > > completely, and the v2 Roles API now revolves around the new 'Filters' > > concept, which isn't documented in the API docs. > > > > Thanks > > >