salt-api: runner unauthorized?

[Heinz Meier]

Hi,

I want to trigger salt runs via the REST API. I read https://docs.saltproject.io/en/latest/ref/netapi/all/salt.netapi.rest_cherrypy.html and try to follow the examples.

curl http://locaohst:8000 -H 'Accept: application/x-yaml' -H 'Content-type: application/json' -H 'X-Auth-Token: xxx' \

  -d '[{"client": "local", "tgt": "test01*", "fun": "test.ping" }]'

works.

But

curl http://localhost:8000 -H 'Accept: application/x-yaml' -H 'Content-type: application/json' -H 'X-Auth-Token: xxx' \

-d '[{"client": "runner", "fun": "test.arg", "kwarg one": "hello" }]'

gives me a:

<head>
   <title>401 Unauthorized</title>

Any ideas?

Michael

[Phipps, Thomas]

What do the permissions of the user the token is attached to look like? It sounds like they don’t have @runner. when you login it should send a request back that lists the authentication rules. that looks like the following

return:
- eauth: pam
  expire: 1642401057.7791557
  perms:
  - .*
  - '@wheel'
  - '@runner'
  - '@jobs'
  start: 1642357857.7791548
  token: 9b5e3ab1ec69d3d62ad34d2f4976d450d5c20d94
  user: whytewolf

whytewolf here has @runner access.

curl http://localhost:8000 -H 'Accept: application/x-yaml' -H 'Content-type: application/json' -H 'X-Auth-Token: 9b5e3ab1ec69d3d62ad34d2f4976d450d5c20d94' -d '[{"client": "runner", "fun": "test.arg", "kwarg one": "hello" }]'
return:
- args: []
  kwargs:
    kwarg one: hello

--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/CAFFTi_JQLt8mtkakCUVafCM8TJreqtoQY3dLnYJGc14X2YdNgg%40mail.gmail.com.