search

plusserver / kubernetes-icinga

Kubernetes / Icinga2 integration.
Apache License 2.0
22 stars 8 forks source link

hostgroup cannot be created #7

Open jjtroberts opened 5 years ago

jjtroberts commented 5 years ago

My API user is unable to create a hostgroup even though permissions = ["*"]

[2019-03-10 00:27:23 -0600] information/HttpServerConnection: Request: GET /v1/objects/hosts/kubernetes.traefik.deploy-traefik (from [x.x.x.x]:44128, user: icinga)
[2019-03-10 00:27:23 -0600] information/HttpServerConnection: Request: GET /v1/objects/hostgroups/kubernetes.traefik (from [x.x.x.x]:44130, user: icinga)
[2019-03-10 00:27:23 -0600] information/HttpServerConnection: Request: PUT /v1/objects/hosts/kubernetes.traefik.deploy-traefik (from [x.x.x.x]:44128, user: icinga)
[2019-03-10 00:27:23 -0600] information/ConfigItem: Committing config item(s).
[2019-03-10 00:27:23 -0600] critical/config: Error: Validation failed for object 'kubernetes.traefik.deploy-traefik' of type 'Host'; Attribute 'groups': Object 'kubernetes.traefik' of type 'HostGroup' does not exist.
Location: in /var/lib/icinga2/api/packages/_api/x.x.x.x1448388007-1/conf.d/hosts/kubernetes.traefik.deploy-traefik.conf: 6:2-6:34
/var/lib/icinga2/api/packages/_api/x.x.x.x-1448388007-1/conf.d/hosts/kubernetes.traefik.deploy-traefik.conf(4):  check_command = "check_kubernetes"
/var/lib/icinga2/api/packages/_api/x.x.x.x-1448388007-1/conf.d/hosts/kubernetes.traefik.deploy-traefik.conf(5):  display_name = "kubernetes.traefik.deploy-traefik"
/var/lib/icinga2/api/packages/_api/x.x.x.x-1448388007-1/conf.d/hosts/kubernetes.traefik.deploy-traefik.conf(6):  groups = [ "kubernetes.traefik" ]
                                                                                                                                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[2019-03-10 00:27:23 -0600] critical/config: 1 error
[2019-03-10 00:27:23 -0600] information/HttpServerConnection: Request: PUT /v1/objects/hostgroups/kubernetes.traefik (from [x.x.x.x]:44130, user: icinga)
[2019-03-10 00:27:23 -0600] critical/HttpServerConnection: Unhandled exception while processing Http request: Error: Missing permission: objects/create/hostgroup

I tried added explicit permissions to no avail:

object ApiUser "icinga" {
  password = "xxxxx"
  permissions = [ "*", "objects/create/hostgroup", "objects/create/host" ]
}

Am I incorrect in my assumption that the icinga api user should be able to create a hostgroup without there first being one in groups.conf?

v2.6.2 (Yes, quite out of date)

iljaweis commented 5 years ago

The icinga api user needs the permission to create new host groups, yes.