terraform-provider-netbox icon indicating copy to clipboard operation
terraform-provider-netbox copied to clipboard

Published 20 hours ago verified publisher icon e-breuninger

Only able to create prefix but not able to add available prefix

Open bsabri2023 opened this issue 2 years ago • 2 comments

I am able to create this prefix 10.182.0.0/20 but not able to add available prefix. it says: You do not have permission to perform this action. Any idea why its throwing this error? using superuser works fine but my user is regular user, has this privilege / constriants > ipam | prefix actions review, add, change, delete {"tenant__slug": "dev"}

Terraform Version

Terraform v1.3.5

Terraform provider netbox version

e-breuninger/netbox v3.0.10

Affected Resource(s)

  • IPAM - Prefix

Terraform Configuration Files

data "netbox_tenant" "dev-tenant" {
  name = "dev"
}

data "netbox_vrf" "we-vrf" {
  name = "we-vrf"
}

resource "netbox_prefix" "dev-prefix" {
  prefix  = "10.182.0.0/20"
  status  = "active"
  is_pool = true
  tenant_id = data.netbox_tenant.dev-tenant.id
  vrf_id = data.netbox_vrf.we-vrf.id
}

resource "netbox_available_prefix" "dev" {
  parent_prefix_id = netbox_prefix.dev-prefix.id
  prefix_length    = 24
  status           = "active"
}

Error Output

│ Error: [POST /ipam/prefixes/{id}/available-prefixes/][403] ipam_prefixes_available-prefixes_create default map[detail:You do not have permission to perform this action.] │ │ with netbox_available_prefix.dev-available-prefix-a, │ on network.tf line 44, in resource "netbox_available_prefix" "dev": │ 44: resource "netbox_available_prefix" "dev" {

bsabri2023 avatar Nov 30 '22 19:11 bsabri2023

Hm. An observation: The Create function of the available prefix resource also calls the Update function of the regular prefix resource, which in turn then runs the Read function. But these function do not call any API endpoints outside of prefixes. Also, your error says quite explicitly that it is the available prefix endpoint failing. So this seems to be an issue with the netbox permissions.

Someone on the netbox slack suggested that you can try using PUT or PATCH instead of POST. You could test this by changing the verb in https://github.com/fbreckle/go-netbox/blob/master/swagger.processed.json at the /ipam/prefixes/{id}/available-prefixes/" endpoint. The "post" is in line 49586. Then generate a client and play around with the client.

fbreckle avatar Dec 01 '22 20:12 fbreckle

I fixed the above permission error by using this constraints {"prefix__net_contained": "10.182.0.0/20"} however I still have issue, the issue is my customer able to create different prefixes which is not within this prefix 10.182.0.0/20

bsabri2023 avatar Dec 02 '22 08:12 bsabri2023