[SOLVED] API : User does not doe get responses, while being admin

ednxzu

Member
Sep 28, 2022
7
2
8
The issue is kind of strange:

I'm using a service account to provision template using packer. This user, for debug purposes, is admin (is in a "service" group that has "/" administrator permissions)
I created a token for it with NO privilege separation, that works fine through packer (tho I am not certain how it is used by the builder).
using it to do some basic curl commands on the api endpoint does not work.

Code:
lanson@lead:~$ curl -H 'Authorization: PVEAPIToken=packer@pve!automation=redacted'  https://proxmox.domain.tld/api2/json/nodes/pve01/qemu/9010 | jq .

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0

I created an api token to test on the root@pam user, and it works just fine (api token with no privilege separation also)


Code:
lanson@lead:~$ curl -H 'Authorization: PVEAPIToken=root@pam!testing=redacted'  https://proxmox.domain.tld/api2/json/nodes/pve01/qemu/9010 | jq .

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100   362  100   362    0     0   3744      0 --:--:-- --:--:-- --:--:--  3770

{

  "data": [

...]

}



At this point the only difference between the two is their realm.
Attached are screenshots from the user configuration.

Any help would be appreciated :)
 

Attachments

  • Screenshot_2.png
    Screenshot_2.png
    6 KB · Views: 5
  • Screenshot_3.png
    Screenshot_3.png
    4.4 KB · Views: 5
  • Screenshot_4.png
    Screenshot_4.png
    4.9 KB · Views: 5
  • Screenshot_5.png
    Screenshot_5.png
    6.2 KB · Views: 5
Last edited:
dum dum problem == dum dum solution.

The secret manager we're using hadn't been synced on my machine for a while, token was outdated (hence why it was working fine elsewhere, it was pulling the new, correct token)
 
Last edited: