Skip to content

controller_roles state invalid error of an organization being required for credential objects #1099

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tenletters10 opened this issue May 21, 2025 · 1 comment
Open

controller_roles state invalid error of an organization being required for credential objects #1099

tenletters10 opened this issue May 21, 2025 · 1 comment
Labels
bug Something isn't working module-issue

Comments

@tenletters10
Copy link

Summary

When using dispatch to process an controller_roles variable that is granting use and read permissions to a credential that does not have an organiziation set it generates the following error:

Failed to grant role. You cannot grant credential access to a team when the Organization field isn't set, or belongs to a different organization invocation

If you access the UI and go to the credential without an Organization set, under "Team Access" and then "Add roles," you can grant the 'Credential Use' role to a team. Users in that team can use it without any issues.

This indicates that error handling for controller_roles is incorrect and credentials do not require an Organization to be set to grant a team access to use or read on a credential.

I tried a variety combo of roles with controller_roles of just read + use, read, and use, but they all generate the same invalid error.

Issue Type

  • Bug Report

Ansible, Collection, Controller details

ansible-core 2.16
Coming from this ee image - https://catalog.redhat.com/software/containers/ansible-automation-platform-25/ee-minimal-rhel9/650a567e82adff7ec49ffba5

collections added on top of ee image:
  - name: infra.aap_configuration
    version: 3.1.0
  - name: infra.aap_configuration_extended
    version: 1.0.0
  - name: ansible.eda
    version: 2.6.1
  - name: ansible.controller
    version: 4.6.11
  - name: ansible.platform
    version: 2.5.20250326
  - name: ansible.hub
    version: 1.0.0

Controller version 4.6.12
  • ansible installation method: EE

OS / ENVIRONMENT

EE image specified above talking directly to the Controller

Desired Behavior

Role is created for team to grant Use and Read access to the credential that does not have an organiziation set.

Actual Behavior

This error is generated when calling the dispatch role and supplying the following variable:

Failed to grant role. You cannot grant credential access to a team when the Organization field isn't set, or belongs to a different organization invocation

controller_roles:

  • team: Devs
    credentials:
    • Dev Git
    • Dev Container Registry
      roles:
    • read
    • use

GitHub is messing with the example above, but it is yaml content and I have attached a copy it as well

controller_roles.txt

STEPS TO REPRODUCE

Explained above and also explained how in the UI this is allowed to be performed in the product and how to test that.
@tenletters10 tenletters10 added bug Something isn't working new New issue, this should be removed once reviewed labels May 21, 2025
@djdanielsson
Copy link
Collaborator

this is likely a module issue but I would need to test some to verify that

@djdanielsson djdanielsson added module-issue and removed new New issue, this should be removed once reviewed labels Jun 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working module-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@djdanielsson @tenletters10