BUG: REST-API "Create a user" creates non-editable users

Dirk · July 27, 2022, 3:35pm

CMK version: 2.1.0p8.cee and 2.1.0p9.cee
OS version: Ubuntu 20.04

I’m currently checking out the REST API and wanted to create a user programmatically. I used to do it with the Web-API and that works as expected. Now, with the REST-API I can create a user (and even log in as that user) but in the overview the user cannot be edited. Also, the authentication method seems broken:

I created this user with the very example from the REST API docs, i.e. with this code:

Create user script

#!/usr/bin/env python3
import pprint
import requests

HOST_NAME = "localhost"
SITE_NAME = "testsite"
API_URL = f"http://{HOST_NAME}/{SITE_NAME}/check_mk/api/1.0"

USERNAME = "automation"
PASSWORD = "***"

session = requests.session()
session.headers['Authorization'] = f"Bearer {USERNAME} {PASSWORD}"
session.headers['Accept'] = 'application/json'

resp = session.post(
    f"{API_URL}/domain-types/user_config/collections/all",
    headers={
        "Content-Type": 'application/json',
    },
    json={
        'username': 'cmkuser',
        'fullname': 'Mathias Kettner',
        'auth_option': {
            'auth_type': 'password',
            'password': 'password',
        },
        'contact_options': {
            'email': 'user@example.com'
        },
        'roles': ['user'],
        'contactgroups': ['all'],
    },
)
if resp.status_code == 200:
    pprint.pprint(resp.json())
elif resp.status_code == 204:
    print("Done")
else:
    raise RuntimeError(pprint.pformat(resp.json()))

I can fake the URL to edit that user in the GUI and that works. Also, it is possible to log in as that user. Neither omd restart nor cmk -O do help.

If I login as that user, the last seen timestamp is updated and the bullet gets green but when I logout again it chenges back to Never logged in.

Is this a known problem?

KAMI · September 7, 2022, 1:52pm

Hey,

I’m facing the exact same issue, did you get any feedback ?
I’m running version 2.1.0p9

Regards,

Vincent

Dirk · September 7, 2022, 2:25pm

Hi Vincent,

no, I didn’t get any feedback so far. I haven’t tried the latest version yet (2.1.0p11), maybe the error is gone?

Regards
Dirk

andreas-doehler · September 8, 2022, 6:02am

I checked this inside my actual dev environment and the bug is also there with p11.
That this user is editable from the gui only one small part in the “users.mk” is missing. → 'connector': 'htpasswd'

KAMI · September 9, 2022, 8:24am

Hey Andreas,

I edited the file etc/check_mk/multisite.d/wato/users.mk and setting the correct value ‘connector’: None to ‘connector’:‘htpasswd’ and then the user is editable… sounds like a bug no ?

I sent a bug report via the feedback email address : FEED-7346

Regards,

Vincent

MaxL · September 13, 2022, 7:48am

I have to look into user creation with the REST API soon for another bug. I will have a look at this as well.

MaxL · September 28, 2022, 1:04pm

This has been fixed with werk 14806. The link should start working soon.

system · September 28, 2023, 1:04pm

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.