How do AAP/AWX applications work - aka why doesn't it work

In AAP (2.4) I setup an application for Prometheus to monitor the AAP metrics, this application points to the API metrics endpoint.

I also created a “mortal”, a.k.a. non-admin user and generated a token to access the metrics to use in Prometheus.

But I constantly get an “Access denied”. When I use an admin user everything works as I want.

Am I thinking wrong or am I running into a bug?

1 Like

So, what we’re trying to accomplish is to have a token which is permitted to access a single URI in AWX/AAP.

Currently this occurs:

$ curl -sSf -H "Authorization: Bearer jFGD1eQHXTF8M0F1z8Cl5UHoe265Iv" https://awx.example/api/v2/metrics/
curl: (56) The requested URL returned error: 403

I’ve toyed with giving the user whom the token belongs to all manner of roles, but I can’t get it to work for a non-admin user.

And if the token does belong to a user with admin rights, it (the token) can access any URL, e.g. list jobs, etc.