chef-server
chef-server copied to clipboard
can't fetch acl info without admins membership
hi,
I was trying to fetch acl data for a node (via GETing /nodes/$node/_acl) and I'm receiving HTTP 403 with body of {"error":["missing read permission"]} https://github.com/chef/chef-server/blob/master/src/oc_erchef/doc/API/acl.md#get-_acl-api says that "The authorization service manages the permissions for who can read an ACL; at this time if you have any of CRUDG on the object you can read its ACL." The acl for the given node allows create, read and update for the users groups (which my user is member of) so I think I should be allowed to fetch the acl data. I can also confirm that I can fetch the acl information with another user which is member of the admins group. Could you please clarify if this is a bug or a documentation problem (see the above statement and also https://docs.chef.io/api_chef_server.html lacks documentation on the /nodes/node/_acl endpoint).
@jkeiser any chance you could take a look at this?
any update on this?
bump
@Tyrael sorry for the late reply on this. We would like to dig deeper into this by checking what happens in the code and the tests we have setup. We believe the api should behave the was you understand it. We will do some investigation and get back to you on this.
🙄