(python-gvm) Error in RESOURCE when creating permission

Using GMPv7

Code

res = gmp.create_permission(
name=‘delete_target’,
subject_id=‘2cc11ffc-5544-484a-9edf-9c6ece33b4d2’,
subject_type=‘group’,
resource_id=‘c3ec0403-aa10-4a9a-90c2-45970e2cf579’,
resource_type=‘target’
)
print(res.xpath(’@status’))
print(res.xpath(’@status_text’))

Result

[‘400’]
[‘Error in RESOURCE’]

I guess that problem is with resource_type that should be EntityType , but honestly I don’t understand what it means. Sorry if it’s basic knowledge. I’m not a dev :confounded: Could you provide some example, please? Tried to find one in gvm-tools/scripts on gh but didn’t succeed.

With the current releases you need to pass an EntityType enum for resource_type argument and a PermissionSubjectType enum for subject_type.

res = gmp.create_permission(
    name=‘delete_target’,
    subject_id=GROUP_UUID,
    subject_type=gmp.types.PermissionSubjectType.GROUP,
    resource_id=TARGET_UUID,
    resource_type=gmp.types.EntityType.TARGET
)
3 Likes

I’ve updated gvm-tools and python-gvm to latest release via pip, and switched to enums, using code you provided 1:1 but still getting 400 Error in RESOURCE.

pip3 list | grep gvm

gvm-tools (2.0.0, /home/…/.local/lib/python3.6/site-packages)
python-gvm (1.0.0)

Code
    res = gmp.get_version()
    print(res.xpath('version/text()'))
    res = gmp.create_permission(
        name='delete_target',
        subject_id='2cc11ffc-5544-484a-9edf-9c6ece33b4d2',
        subject_type=gmp.types.PermissionSubjectType.GROUP,
        resource_id='c3ec0403-aa10-4a9a-90c2-45970e2cf579',
        resource_type=gmp.types.EntityType.TARGET
    )
    print(res.xpath('@status'))
    print(res.xpath('@status_text'))
Result

[‘7.0’]
[‘400’]
[‘Error in RESOURCE’]

It works if I remove resource_id and resource_type from payload. Target with this UUID exists in Targets tab in GUI. Weird…

The code looks correct from my side. You have to ensure that both entities - the target and the group - are accessible by the user (gmp-username) running the script.

1 Like

I’m running the script via admin user so that shouldn’t be the issue.

I’ve also checked logs, but there’s literally nothing except
event permission:MESSAGE:2019-09-26 11h28.17 UTC:9625: Permission could not be created by admin
I can create such permission via gui without any problem. Do you have any ideas?