Ask Your Question
0

Logged into the PE console as admin, trying to delete a role but can't find a way. The Uses tab description states "Create and edit user roles". We have never used the roles so don't need any related audit trail.

asked 2016-06-08 10:13:49 -0500

yoyo gravatar image

Logged into the PE console as admin, trying to delete a role but can't find a way. The Uses tab description states "Create and edit user roles". We have never used the roles so don't need any related audit trail.

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2016-06-10 09:36:17 -0500

reesek gravatar image

updated 2016-06-16 09:49:15 -0500

Have a look at the rbac api

https://docs.puppet.com/pe/latest/rbacrolesv1.html

Obtain the id of the role you wish to delete by listing the roles:

CERT=$(/usr/local/bin/puppet config print hostcert)
CACERT=$(/usr/local/bin/puppet config print localcacert)
PRVKEY=$(/usr/local/bin/puppet config print hostprivkey)
OPTIONS="--cert ${CERT} --cacert ${CACERT} --key ${PRVKEY}"
HOST=$(puppet agent --configprint certname)

# GET user groups
curl -s -X GET $OPTIONS https://$HOST:4433/rbac-api/v1/roles | python -m json.tool

Obtain the id from the output, then update the above curl to:

curl -s -X DELETE $OPTIONS https://$HOST:4433/rbac-api/v1/roles/<**id you want to delete**>

If this is acceptable to you, please upvote/accept my answer :) Thanks!

edit flag offensive delete link more
0

answered 2016-06-13 03:26:45 -0500

yoyo gravatar image

updated 2016-06-13 03:35:26 -0500

Thanks for responding.

Puppet Enterprise is a commercial product and I don't see why there would not be a button for deleting roles.

I was curious so I took a look, found the following which makes me even less sure why there is no button for deleting roles.

https://docs.puppet.com/pe/latest/rbacrolesv1.html

DELETE /roles/:rid

Deletes the role identified by the role ID (:rid). Users with this role will lose the role and all permissions granted by it immediately, but their session will be otherwise unaffected. Access to the next request that the user makes will be determined by the new set of permissions the user has without this role.

Returns

200 OK The role identified by :rid has been deleted.
404 Not Found No role exists for id :rid.
403 Forbidden The current user lacks permission to delete the role identified by :rid.

I will look into deleting the roles via the API but this seemingly simple operation has already required more time and effort than I expected.

edit flag offensive delete link more

Comments

no problem -- I should have provided you an example. You may have figured it out by now, but I've updated my original answer with an example. Thanks!

reesek gravatar imagereesek ( 2016-06-16 09:49:53 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2016-06-08 10:13:49 -0500

Seen: 64 times

Last updated: Jun 16 '16