Bug #16060
closed
Validation/template host build issue for non-admin users with search filters
Description
I've setup an account limited to build certain hostgroups. This account has permission to build hosts, but fails to do so. This is the error when hitting Build:
Host Failed to validate id-00000018784.classroom.bednet.be: Host::Base#domain_id= delegated to primary_interface.domain_id=, but primary_interface is nil: #<Host::Managed id: 154, name: "id-00000018784.classroom.bednet.be", last_compile: "2016-08-11 08:11:22", last_report: "2016-08-11 08:11:18", updated_at: "2016-08-11 08:11:31", created_at: "2016-08-10 12:33:47", root_pass: "deleted", architecture_id: 1, operatingsystem_id: 2, environment_id: 1, ptable_id: 62, medium_id: 12, build: false, comment: "Auto-discovered and provisioned via rule 'classroo...", disk: nil, installed_at: "2016-08-10 13:13:29", model_id: 15, hostgroup_id: 7, owner_id: 2, owner_type: "User", enabled: true, puppet_ca_proxy_id: 1, managed: true, use_image: nil, image_file: nil, uuid: nil, compute_resource_id: nil, puppet_proxy_id: 1, certname: "id-00000018784.classroom.bednet.be", image_id: nil, organization_id: nil, location_id: nil, type: "Host::Managed", otp: nil, realm_id: nil, compute_profile_id: nil, provision_method: nil, grub_pass: "deleted", global_status: 2, lookup_value_matcher: "fqdn=id-00000018784.classroom.bednet.be", discovery_rule_id: 2> Templates Failure parsing Preseed default finish: The snippet 'preseed_networking_setup' threw an error: undefined method 'dhcp_boot_mode?' for NilClass::Jail (NilClass).
However, this host builds just fine when I build using my admin account.
I've attached the permissions for the account. Maybe I forgot a permission somehow? If so, it's not immediately obvious to me :) Let me know if you need further information.
Files
Updated by Simon Wydooghe over 7 years ago
Small update: it seems the search filter is the culprit. If I set Unlimited, I can build using that account. However, the search filter does work as intended. I can only edit the intended hosts using the filter. Any other hosts cannot be edited, as it should be. Just the building fails because of the search filter for some reason.
Updated by Dominic Cleal over 7 years ago
- Subject changed from Permission issue for building hosts to Validation/template host build issue for non-admin users with search filters
- Category set to Users, Roles and Permissions
Updated by Simon Wydooghe over 7 years ago
I'm experiencing a similar issue now with another service account. This service account was used to retrieve reports for hosts in a specific domain. This was working as intended before (I'm guessing on 1.11 most likely). However now I get the following error when using hammer:
Association named 'domain' was not found on ConfigReport; perhaps you misspelled it?
The only way to fix it is by removing the filter and setting Unlimited.
Updated by Marek Hulán over 7 years ago
- Status changed from New to Need more information
Hello Simon.
The second issue is very likely unrelated, I'd suggest reporting it separately. I wonder how it could have worked, I don't think report was ever linked with the domain.
For the template problem, it seems that host for which you try to render the template does not have any interface defined. Can you send a printscreen of interfaces tab for the host please? Second error about calling `dhcp_boot_mode?` on nil comes from the fact that host's subnet is undefined which is also determined by primary interface's subnet. So make sure there is a primary interface configured for the host.
I tried to reproduce with the same permission set you have but I failed. If it works for admin account it might be related to permissions and in that case I'd suggest adding permissions view_subnet and view_domain but that's just a wild guess.
Updated by Simon Wydooghe over 7 years ago
Hey Marek,
My apologies, but I no longer have access to the infrastructure where I was experiencing this problem (switched jobs). This can be closed if you like.
Regards,
Simon
Updated by Marek Hulán over 7 years ago
- Status changed from Need more information to Feedback
ok thanks for update Simon, closing this until someone reproduces
Updated by Anonymous almost 7 years ago
- Status changed from Feedback to Resolved