Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rest permission issues #3390

Open
3 tasks
rahulguptajss opened this issue Dec 18, 2024 · 3 comments · Fixed by #3391 or #3392
Open
3 tasks

Rest permission issues #3390

rahulguptajss opened this issue Dec 18, 2024 · 3 comments · Fixed by #3391 or #3392
Labels
bug Something isn't working ontap-pending

Comments

@rahulguptajss
Copy link
Contributor

rahulguptajss commented Dec 18, 2024

As mentioned in issue #3359, there are pending issues related to REST role permissionsrelated to leases privilege approach.

harvest2-role

time=2024-12-05T17:24:07.132+05:30 level=ERROR source=collector.go:422 msg="Entering standby mode" Poller=dc-1 collector=Rest:Support error="failed to fetch data: error making request StatusCode: 403, Error: Permission denied, Message: not authorized for that command, API: /api/support/autosupport?fields=enabled%2Cis_minimal%2Ctransport&ignore_unknown_fields=true&max_records=500&return_records=true" task=data

harvest-rest-role

time=2024-12-05T17:29:27.505+05:30 level=ERROR source=collector.go:422 msg="Entering standby mode" Poller=dc-1 collector=Rest:SnapshotPolicy error="failed to fetch data: error making request StatusCode: 403, Error: Permission denied, Message: not authorized for that command, API: /api/private/cli/snapshot/policy?fields=comment%2Cpolicy%2Ctotal_schedules%2Cvserver&ignore_unknown_fields=true&max_records=500&return_records=true" task=data
time=2024-12-05T17:29:27.560+05:30 level=ERROR source=collector.go:422 msg="Entering standby mode" Poller=dc-1 collector=Rest:Support error="failed to fetch data: error making request StatusCode: 403, Error: Permission denied, Message: not authorized for that command, API: /api/support/autosupport?fields=enabled%2Cis_minimal%2Ctransport&ignore_unknown_fields=true&max_records=500&return_records=true" task=data

There is another entry below, used in exports.yaml, which is disabled by default.

security login rest-role create -role harvest-rest-role -access readonly -api /api/private/cli/export-policy/rule

Error: command failed: failed to set field "cmddirname" to "export-policy rule"

Below are 3 JIRA for tracking the same

  • CONTAP-363810 (Workaround done via PR #3391 )
  • CONTAP-363818
  • CONTAP-364232 (Workaround done via PR #3392)
@rahulguptajss rahulguptajss added bug Something isn't working ontap-pending labels Dec 18, 2024
@rahulguptajss rahulguptajss linked a pull request Dec 18, 2024 that will close this issue
@rahulguptajss
Copy link
Contributor Author

As mentioned in CONTAP-363810, As a workaround, we can use api/private/cli/volume/snapshot/policy instead of /api/private/cli/snapshot/policy.

@mamoep
Copy link

mamoep commented Dec 18, 2024

Export-policy is working via
security login rest-role create -role harvest-rest-role -access readonly -api /api/private/cli/vserver/export-policy/rule

@rahulguptajss
Copy link
Contributor Author

Export-policy is working via security login rest-role create -role harvest-rest-role -access readonly -api /api/private/cli/vserver/export-policy/rule

Thanks. Yes It is. We'll update it!

@rahulguptajss rahulguptajss reopened this Dec 18, 2024
@rahulguptajss rahulguptajss linked a pull request Dec 18, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working ontap-pending
Projects
None yet
2 participants