Uploaded image for project: 'Percona Monitoring and Management'
  1. Percona Monitoring and Management
  2. PMM-6693

`pmm-managed` denies request when using API keys even if the role set is admin

    XMLWordPrintable

Details

    • 1
    • Yes
    • Yes
    • Impediment
    • [obsolete] Server Integrations

    Description

      The pmm-managed service allows API requests from Users but not from API keys. To test, create a user and API key from http://PMMSERVER/graph/org/users and http://PMMSERVER/graph/org/apikeys with admin role.

      Test with curl on Grafana:

       

      $ curl --user testuser:testpassword http://192.168.0.8/graph/api/dashboards/home
{"redirectUri":"/graph/d/pmm-home/home-dashboard"}
$ curl -H "Authorization: Bearer eyJrIjoiR3dob29hYmIyb3lia2RsVFl1ZHZqaTV6OXZoblY0N3giLCJuIjoic2FtcGxlciIsImlkIjoxfQ==" http://192.168.0.8/graph/api/dashboards/home
{"redirectUri":"/graph/d/pmm-home/home-dashboard"}

       

      Test with curl on pmm-managed:

       

      $ curl --user testuser:testpassword -X POST "http://192.168.0.8/v1/Settings/Get" -H "accept: application/json" -H "Content-Type: application/json" 
{"settings":{"telemetry_enabled":true,"metrics_resolutions":{"hr":"5s","mr":"10s","lr":"60s"},"data_retention":"2592000s","aws_partitions":["aws"]}}
curl -H "Authorization: Bearer eyJrIjoiR3dob29hYmIyb3lia2RsVFl1ZHZqaTV6OXZoblY0N3giLCJuIjoic2FtcGxlciIsImlkIjoxfQ==" -X POST "http://192.168.0.8/v1/Settings/Get" -H "accept: application/json" -H "Content-Type: application/json" 
{"code":7,"error":"Access denied.","message":"Access denied."}

       

      Error on pmm-managed.log:

      WARN[2020-09-28T00:44:54.113+00:00] Minimal required role is "Admin". component=grafana/auth prefix=/v1/Settings/ req="POST /v1/Settings/Get" role=None
WARN[2020-09-28T00:44:54.148+00:00] Minimal required role is "Admin". component=grafana/auth prefix=/v1/Settings/ req="GET /v1/Settings/Get" role=None

       

      Attachments

        Issue Links

          relates to

          New Feature - A new feature of the product, which has yet to be developed. PMM-7353 Create API key for pmm-client

          • Medium - Important issues that need attention but do not significantly disrupt the system's core functionality.
          • Done

          Activity

            People

              nurlan.moldomurov Nurlan Moldomurov
              jaime.sicam@percona.com Jaime Sicam
              Votes:
              1 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Smart Checklist