RBAC service errors

RBAC API error responses can be formatted as ctext/html or JSON objects.

Error response format

RBAC API error responses can use the following keys:


Key	Definition
`kind`	The kind of error encountered.
`msg`	A human-readable message associated with the error. For error responses formatted as `text/html`, the body is the contents of this key.
`details`	Additional, potentially machine-readable, information about the error condition.

General error responses

RBAC API endpoints that accept a JSON body might return these responses.


Response	Response code	Description
`malformed-request`	400	The submitted data is not valid JSON. The `details` key contains an error message from the JSON parser.
`schema-violation`	400	The submitted data has an unexpected structure, such as invalid fields or missing required fields. The `msg` key describes the problem, and the `details` key is an object containing: `submitted`: The submitted data as it was seen during schema validation. `schema`: The expected structure of the data. `error`: A structured description of the error.
`inconsistent-id`	400	ID data in the request body doesn't match the ID in the request's URI path. The `details` key shows the two IDs.
`invalid-id-filter`	400	The request's URI path contains a filter on the ID with an invalid format. No details are given with this error.
`invalid-uuid`	400	An invalid UUID was submitted. No details are given with this error.
`user-unauthenticated`	401	An unauthenticated user attempted to access an endpoint that requires authentication.
`user-revoked`	401	A revoked user attempted to access an endpoint that requires authentication.
`api-user-login`	401	A person attempted to log in as the `api_user` with a password. The `api_user` does not support username/password authentication.
`remote-user-conflict`	401	A remote user who is not yet known to RBAC attempted to authenticate, but a local user with the same login already exists. The solution is to change either the local user's login in RBAC, or to change the remote user's login. To change the remote user's login you can either change the `user_lookup_attr` in the DS settings or change the value in the directory service itself.
`permission-denied`	403	A user attempted an action that they are not permitted to perform.
`admin-user-immutable` `admin-user-not-in-admin-role` `default-roles-immutable`	403	A user attempted to edit metadata or associations belonging to the default user roles or default users (`admin` or `api_user`) that they are not allowed to change.
`conflict`	409	You submitted a value for a field that is supposed to be unique, but another object already has that value. For example, when you attempt to create a user with the same login as an existing user.
`invalid-associated-id`	422	An object was submitted with a list of associated IDs (for example, `user_ids`) and one or more of those IDs does not correspond to an object of the correct type.
`no-such-user-LDAP` `no-such-group-LDAP`	422	An object was submitted with a list LDAP user or group IDs, and one or more of those IDs does not correspond to an existing LDAP user or group.
`non-unique-lookup-attr`	422	A login was attempted, but LDAP found multiple users with the given username. Your directory service settings must use a `user_lookup_attr` that is guaranteed to be unique within the provided user's RDN.
`server-error`	500	Occurs when the server throws an unspecified exception. A message and stack trace are usually available in the logs.

Was this page helpful?

We’re sorry to hear that!
Please tell us why so we can help. Enter your feedback and email. This form is sent to the Puppet docs team. We ask for your email as we might contact you regarding your feedback. If you need help with the product itself, visit Puppet Support or ask in Puppet Community on Slack. Feedback:

Email Address:

To learn about how Puppet uses your personal information, visit our privacy policy.

If you leave us your email, we may contact you regarding your feedback. For more information on how Puppet uses your personal information, see our privacy policy.

See an issue? Please file a JIRA ticket in our [DOCUMENTATION] project.