In AAP (2.4) I setup an application for Prometheus to monitor the AAP metrics, this application points to the API metrics endpoint.
I also created a “mortal”, a.k.a. non-admin user and generated a token to access the metrics to use in Prometheus.
But I constantly get an “Access denied”. When I use an admin user everything works as I want.
Am I thinking wrong or am I running into a bug?
So, what we’re trying to accomplish is to have a token which is permitted to access a single URI in AWX/AAP.
Currently this occurs:
$ curl -sSf -H "Authorization: Bearer jFGD1eQHXTF8M0F1z8Cl5UHoe265Iv" https://awx.example/api/v2/metrics/
curl: (56) The requested URL returned error: 403
I’ve toyed with giving the user whom the token belongs to all manner of roles, but I can’t get it to work for a non-admin user.
And if the token does belong to a user with admin rights, it (the token) can access any URL, e.g. list jobs, etc.