Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

aap_configuration.hub_group_role gives error adding roles to a group in automationhub #1019

Open
hobby65 opened this issue Dec 19, 2024 · 0 comments
Open

aap_configuration.hub_group_role gives error adding roles to a group in automationhub #1019

hobby65 opened this issue Dec 19, 2024 · 0 comments
Labels
bug Something isn't working new New issue, this should be removed once reviewed

Comments

@hobby65
Copy link

hobby65 commented Dec 19, 2024

Summary

When using the role aap_configuration.hub_group_role to add roles to a group in hub, there is an error:
"Create error: You do not have permission to POST api/galaxy/pulp/api/v3/groups/ (HTTP 403).," it seems
like the "admin" user has no rights to post on this part of the api.

Issue Type

  • Bug Report

Ansible, Collection, Controller details

ansible --version
ansible [core 2.15.10]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/wilco/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/wilco/.local/lib/python3.9/site-packages/ansible
  ansible collection location = /home/wilco/.ansible/collections:/usr/share/ansible/collections
  executable location = /home/wilco/.local/bin/ansible
  python version = 3.9.13 (main, Jul 25 2022, 00:00:00) [GCC 11.3.1 20220421 (Red Hat 11.3.1-2)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
[wilco@rhel9-1 ee_cac_image (update)]$ ansible-galaxy collection list

# /home/wilco/.ansible/collections/ansible_collections
Collection                          Version
----------------------------------- -------
ansible.controller                  4.6.3  
ansible.eda                         2.2.0  
ansible.hub                         1.0.0  
ansible.netcommon                   4.1.0  
ansible.platform                    2.5.3  
ansible.posix                       2.0.0  
ansible.utils                       2.8.0  
ansible.windows                     2.6.0  
awx.awx                             22.1.0 
community.crypto                    2.10.0 
community.general                   10.1.0 
community.postgresql                2.3.2  
community.vmware                    5.2.0  
community.windows                   2.3.0  
infra.aap_configuration             3.1.0  
infra.ah_configuration              2.0.4  
redhat.satellite                    4.0.0  
redhat_cop.controller_configuration 2.3.1  
vmware.vmware                       1.7.1  
wf_linux.infra                      0.0.7  
wf_linux.oracle                     0.0.1  
wf_linux.rhel                       0.0.2  
wf_linux.web                        0.0.4  

# /home/wilco/.local/lib/python3.9/site-packages/ansible_collections
Collection                          Version
----------------------------------- -------
amazon.aws                          6.5.0  
ansible.netcommon                   5.3.0  
ansible.posix                       1.5.4  
ansible.utils                       2.12.0 
ansible.windows                     1.14.0 
arista.eos                          6.2.2  
awx.awx                             22.7.0 
azure.azcollection                  1.19.0 
check_point.mgmt                    5.1.1  
chocolatey.chocolatey               1.5.1  
cisco.aci                           2.8.0  
cisco.asa                           4.0.3  
cisco.dnac                          6.9.0  
cisco.intersight                    1.0.27 
cisco.ios                           4.6.1  
cisco.iosxr                         5.0.3  
cisco.ise                           2.6.2  
cisco.meraki                        2.17.0 
cisco.mso                           2.5.0  
cisco.nso                           1.0.3  
cisco.nxos                          4.4.0  
cisco.ucs                           1.10.0 
cloud.common                        2.1.4  
cloudscale_ch.cloud                 2.3.1  
community.aws                       6.4.0  
community.azure                     2.0.0  
community.ciscosmb                  1.0.7  
community.crypto                    2.16.1 
community.digitalocean              1.24.0 
community.dns                       2.6.4  
community.docker                    3.4.11 
community.fortios                   1.0.0  
community.general                   7.5.2  
community.google                    1.0.0  
community.grafana                   1.6.1  
community.hashi_vault               5.0.1  
community.hrobot                    1.8.2  
community.libvirt                   1.3.0  
community.mongodb                   1.6.3  
community.mysql                     3.8.0  
community.network                   5.0.2  
community.okd                       2.3.0  
community.postgresql                2.4.3  
community.proxysql                  1.5.1  
community.rabbitmq                  1.2.3  
community.routeros                  2.11.0 
community.sap                       1.0.0  
community.sap_libs                  1.4.1  
community.skydive                   1.0.0  
community.sops                      1.6.7  
community.vmware                    3.11.1 
community.windows                   1.13.0 
community.zabbix                    2.2.0  
containers.podman                   1.11.0 
cyberark.conjur                     1.2.2  
cyberark.pas                        1.0.23 
dellemc.enterprise_sonic            2.2.0  
dellemc.openmanage                  7.6.1  
dellemc.powerflex                   1.9.0  
dellemc.unity                       1.7.1  
f5networks.f5_modules               1.27.1 
fortinet.fortimanager               2.3.0  
fortinet.fortios                    2.3.4  
frr.frr                             2.0.2  
gluster.gluster                     1.0.2  
google.cloud                        1.3.0  
grafana.grafana                     2.2.3  
hetzner.hcloud                      1.16.0 
hpe.nimble                          1.1.4  
ibm.qradar                          2.1.0  
ibm.spectrum_virtualize             1.12.0 
ibm.storage_virtualize              2.1.0  
infinidat.infinibox                 1.3.12 
infoblox.nios_modules               1.5.0  
inspur.ispim                        1.3.0  
inspur.sm                           2.3.0  
junipernetworks.junos               5.3.1  
kubernetes.core                     2.4.0  
lowlydba.sqlserver                  2.2.2  
microsoft.ad                        1.4.1  
netapp.aws                          21.7.1 
netapp.azure                        21.10.1
netapp.cloudmanager                 21.22.1
netapp.elementsw                    21.7.0 
netapp.ontap                        22.8.3 
netapp.storagegrid                  21.11.1
netapp.um_info                      21.8.1 
netapp_eseries.santricity           1.4.0  
netbox.netbox                       3.15.0 
ngine_io.cloudstack                 2.3.0  
ngine_io.exoscale                   1.1.0  
ngine_io.vultr                      1.1.3  
openstack.cloud                     2.2.0  
openvswitch.openvswitch             2.1.1  
ovirt.ovirt                         3.2.0  
purestorage.flasharray              1.24.0 
purestorage.flashblade              1.14.0 
purestorage.fusion                  1.6.0  
sensu.sensu_go                      1.14.0 
servicenow.servicenow               1.0.6  
splunk.es                           2.1.2  
t_systems_mms.icinga_director       1.33.1 
telekom_mms.icinga_director         1.35.0 
theforeman.foreman                  3.15.0 
vmware.vmware_rest                  2.3.1  
vultr.cloud                         1.11.0 
vyos.vyos                           4.1.0  
wti.remote                          1.0.5  

# /usr/local/lib/python3.9/site-packages/ansible_collections
Collection                          Version
----------------------------------- -------
amazon.aws                          6.5.0  
ansible.netcommon                   5.3.0  
ansible.posix                       1.5.4  
ansible.utils                       2.12.0 
ansible.windows                     1.14.0 
arista.eos                          6.2.2  
awx.awx                             22.7.0 
azure.azcollection                  1.19.0 
check_point.mgmt                    5.1.1  
chocolatey.chocolatey               1.5.1  
cisco.aci                           2.8.0  
cisco.asa                           4.0.3  
cisco.dnac                          6.9.0  
cisco.intersight                    1.0.27 
cisco.ios                           4.6.1  
cisco.iosxr                         5.0.3  
cisco.ise                           2.6.2  
cisco.meraki                        2.17.0 
cisco.mso                           2.5.0  
cisco.nso                           1.0.3  
cisco.nxos                          4.4.0  
cisco.ucs                           1.10.0 
cloud.common                        2.1.4  
cloudscale_ch.cloud                 2.3.1  
community.aws                       6.4.0  
community.azure                     2.0.0  
community.ciscosmb                  1.0.7  
community.crypto                    2.16.1 
community.digitalocean              1.24.0 
community.dns                       2.6.4  
community.docker                    3.4.11 
community.fortios                   1.0.0  
community.general                   7.5.2  
community.google                    1.0.0  
community.grafana                   1.6.1  
community.hashi_vault               5.0.1  
community.hrobot                    1.8.2  
community.libvirt                   1.3.0  
community.mongodb                   1.6.3  
community.mysql                     3.8.0  
community.network                   5.0.2  
community.okd                       2.3.0  
community.postgresql                2.4.3  
community.proxysql                  1.5.1  
community.rabbitmq                  1.2.3  
community.routeros                  2.11.0 
community.sap                       1.0.0  
community.sap_libs                  1.4.1  
community.skydive                   1.0.0  
community.sops                      1.6.7  
community.vmware                    3.11.1 
community.windows                   1.13.0 
community.zabbix                    2.2.0  
containers.podman                   1.11.0 
cyberark.conjur                     1.2.2  
cyberark.pas                        1.0.23 
dellemc.enterprise_sonic            2.2.0  
dellemc.openmanage                  7.6.1  
dellemc.powerflex                   1.9.0  
dellemc.unity                       1.7.1  
f5networks.f5_modules               1.27.1 
fortinet.fortimanager               2.3.0  
fortinet.fortios                    2.3.4  
frr.frr                             2.0.2  
gluster.gluster                     1.0.2  
google.cloud                        1.3.0  
grafana.grafana                     2.2.3  
hetzner.hcloud                      1.16.0 
hpe.nimble                          1.1.4  
ibm.qradar                          2.1.0  
ibm.spectrum_virtualize             1.12.0 
ibm.storage_virtualize              2.1.0  
infinidat.infinibox                 1.3.12 
infoblox.nios_modules               1.5.0  
inspur.ispim                        1.3.0  
inspur.sm                           2.3.0  
junipernetworks.junos               5.3.1  
kubernetes.core                     2.4.0  
lowlydba.sqlserver                  2.2.2  
microsoft.ad                        1.4.1  
netapp.aws                          21.7.1 
netapp.azure                        21.10.1
netapp.cloudmanager                 21.22.1
netapp.elementsw                    21.7.0 
netapp.ontap                        22.8.3 
netapp.storagegrid                  21.11.1
netapp.um_info                      21.8.1 
netapp_eseries.santricity           1.4.0  
netbox.netbox                       3.15.0 
ngine_io.cloudstack                 2.3.0  
ngine_io.exoscale                   1.1.0  
ngine_io.vultr                      1.1.3  
openstack.cloud                     2.2.0  
openvswitch.openvswitch             2.1.1  
ovirt.ovirt                         3.2.0  
purestorage.flasharray              1.24.0 
purestorage.flashblade              1.14.0 
purestorage.fusion                  1.6.0  
sensu.sensu_go                      1.14.0 
servicenow.servicenow               1.0.6  
splunk.es                           2.1.2  
t_systems_mms.icinga_director       1.33.1 
telekom_mms.icinga_director         1.35.0 
theforeman.foreman                  3.15.0 
vmware.vmware_rest                  2.3.1  
vultr.cloud                         1.11.0 
vyos.vyos                           4.1.0  
wti.remote                          1.0.5  

Automation Controller Version
4.6.3
Event Driven Automation Version
1.1.2
Automation Hub Version
4.10.1
  • ansible installation method: one of source, pip, OS package, EE

OS / ENVIRONMENT

Desired Behavior

The roles should be added to the exsisting groups.

Actual Behavior

Please give some details of what is actually happening.
Include a [minimum complete verifiable example] with:

  • playbook / task
---
- name: Configure rhaap platform base
  hosts: aapserver3.localdomain
  connection: local
  gather_facts: false

  - pre_tasks:
      - name: include the user_vars
        ansible.builtin.include_vars:
          file: hub_group_roles.yml

  roles:
  - infra.aap_configuration.hub_group_roles
  • configuration file / list
---
hub_group_roles:
  - groups:
      - hub_coll
    role_list:
      - roles:
           - galaxy.collection_admin
    state: present
  • error
<aap_dev> EXEC /bin/sh -c 'echo ~wilco && sleep 0'
<aap_dev> EXEC /bin/sh -c 'echo ~wilco && sleep 0'
<aap_dev> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /home/wilco/.ansible/tmp `"&& mkdir "` echo /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335 `" && echo ansible-tmp-1734610534.0161428-19209-142771980579335="` echo /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335 `" ) && sleep 0'
Using module file /home/wilco/.local/lib/python3.9/site-packages/ansible/modules/async_status.py
<aap_dev> PUT /home/wilco/.ansible/tmp/ansible-local-19141bzzy2_h_/tmp4j3fyecy TO /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335/AnsiballZ_async_status.py
<aap_dev> EXEC /bin/sh -c 'chmod u+x /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335/ /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335/AnsiballZ_async_status.py && sleep 0'
<aap_dev> EXEC /bin/sh -c '/usr/bin/python3 /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335/AnsiballZ_async_status.py && sleep 0'
<aap_dev> EXEC /bin/sh -c 'rm -f -r /home/wilco/.ansible/tmp/ansible-tmp-1734610534.0161428-19209-142771980579335/ > /dev/null 2>&1 && sleep 0'
The full traceback is:
  File "/tmp/ansible_ansible.hub.group_roles_payload_k2eypqk3/ansible_ansible.hub.group_roles_payload.zip/ansible_collections/ansible/hub/plugins/module_utils/ah_pulp_object.py", line 233, in create
    response = self.api.make_request("POST", url, data=new_item)
  File "/tmp/ansible_ansible.hub.group_roles_payload_k2eypqk3/ansible_ansible.hub.group_roles_payload.zip/ansible_collections/ansible/hub/plugins/module_utils/ah_api_module.py", line 291, in make_request
    response = self.make_request_raw_reponse(method, url, **kwargs)
  File "/tmp/ansible_ansible.hub.group_roles_payload_k2eypqk3/ansible_ansible.hub.group_roles_payload.zip/ansible_collections/ansible/hub/plugins/module_utils/ah_api_module.py", line 243, in make_request_raw_reponse
    raise AHAPIModuleError("You do not have permission to {method} {path} (HTTP 403).".format(method=method, path=url.path))
failed: [aap_dev] (item=Create/Update Group roles ['hub_coll'] | Wait for finish the Group roles creation) => {
    "__group_roles_job_async_result_item": {
        "__hub_group_roles_item": {
            "groups": [
                "hub_coll"
            ],
            "role_list": [
                {
                    "roles": [
                        "galaxy.collection_admin"
                    ]
                }
            ],
            "state": "present"
        },
        "ansible_facts": {
            "discovered_interpreter_python": "/usr/bin/python3"
        },
        "ansible_job_id": "j36406895663.19169",
        "ansible_loop_var": "__hub_group_roles_item",
        "changed": false,
        "failed": 0,
        "finished": 0,
        "results_file": "/home/wilco/.ansible_async/j36406895663.19169",
        "started": 1
    },
    "ansible_job_id": "j36406895663.19169",
    "ansible_loop_var": "__group_roles_job_async_result_item",
    "attempts": 2,
    "changed": false,
    "finished": 1,
    "invocation": {
        "module_args": {
            "ah_host": "https://aapserver3.localdomain",
            "ah_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "ah_path_prefix": "galaxy",
            "ah_username": "admin",
            "groups": [
                "hub_coll"
            ],
            "request_timeout": 60.0,
            "role_list": [
                {
                    "content_urls": [],
                    "roles": [
                        "galaxy.collection_admin"
                    ]
                }
            ],
            "state": "present",
            "validate_certs": false
        }
    },
    "msg": "Create error: You do not have permission to POST api/galaxy/pulp/api/v3/groups/ (HTTP 403)., url: https://aapserver3.localdomain/api/galaxy/pulp/api/v3/groups/",
    "results_file": "/home/wilco/.ansible_async/j36406895663.19169",
    "started": 1,
    "stderr": "",
    "stderr_lines": [],
    "stdout": "",
    "stdout_lines": []
}

STEPS TO REPRODUCE

Use the above playbook and group definition to reproduce..
make sure the group is created as team in gateway..( btw, the creation of teams and groups is poorly documented)
@hobby65 hobby65 added bug Something isn't working new New issue, this should be removed once reviewed labels Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working new New issue, this should be removed once reviewed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hobby65