search

fleetdm / fleet

Open-source platform for IT, security, and infrastructure teams. (Linux, macOS, Chrome, Windows, cloud, data center)
https://fleetdm.com
Other
3.01k stars 419 forks source link

GitOps user cannot use --dry-run to #13177

Closed ksatter closed 1 year ago

ksatter commented 1 year ago

Fleet version: v4.35.1

🧑‍💻  Expected behavior

As a Fleet GitOps administrator, I expect to be able to use a Fleet GitOps user to validate configuration files in my CI/CD pipeline.

💥  Actual behavior

When running a GitHub action to validate configuration files using fleetctl apply --dry-run -f <file>, I receive an authorization error:

Error: applying custom settings: POST /api/latest/fleet/mdm/apple/profiles/batch received status 403 forbidden: forbidden

👣 Reproduction steps

  1. Log in to fleetctl using a Fleet user with the GitOps Role
  2. Attempt to validate a config file using --dry-run
xpkoala commented 1 year ago

Attempting to do a --dry-run with a gitops user.

reed@reed fleet % sudo ./build/fleetctl apply --dry-run -f ./test_config.yml
[+] would've applied fleet config
fleet-release commented 1 year ago

GitOps user yearns, Dry-run option confirms paths, Fleet's truth, unfurls.