From dbdbc7635a84f7eca136836d65b6ae76090a51e6 Mon Sep 17 00:00:00 2001 From: Chris Meyers Date: Thu, 19 Sep 2024 08:55:54 -0400 Subject: [PATCH] Redirect user to platform supported collection * AAP 2.5 Controller 4.6 Org, User, and Team endpoints are restricted. When the user performs a restricted operation via the Controller collection, kindly notify them that they should be using the platform collection instead. --- .../plugins/module_utils/controller_api.py | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/awx_collection/plugins/module_utils/controller_api.py b/awx_collection/plugins/module_utils/controller_api.py index 541639306a..ab91a34dc8 100644 --- a/awx_collection/plugins/module_utils/controller_api.py +++ b/awx_collection/plugins/module_utils/controller_api.py @@ -525,7 +525,18 @@ class ControllerAPIModule(ControllerModule): self.fail_json(msg='Invalid authentication credentials for {0} (HTTP 401).'.format(url.path)) # Sanity check: Did we get a forbidden response, which means that the user isn't allowed to do this? Report that. elif he.code == 403: - self.fail_json(msg="You don't have permission to {1} to {0} (HTTP 403).".format(url.path, method)) + # Hack: Tell the customer to use the platform supported collection when interacting with Org, Team, User Controller endpoints + err_msg = he.fp.read().decode('utf-8') + try: + # Defensive coding. Handle json responses and non-json responses + err_msg = loads(err_msg) + err_msg = err_msg['detail'] + # JSONDecodeError only available on Python 3.5+ + except ValueError: + pass + prepend_msg = " Use the collection ansible.platform to modify resources Organization, User, or Team." if ( + "this resource via the platform ingress") in err_msg else "" + self.fail_json(msg="You don't have permission to {1} to {0} (HTTP 403).{2}".format(url.path, method, prepend_msg)) # Sanity check: Did we get a 404 response? # Requests with primary keys will return a 404 if there is no response, and we want to consistently trap these. elif he.code == 404: