Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Forbidden error from source-record-storage obtained for full harvesting request on ECS bugfest Eureka environment for SRS record source

Description

The issue is reproduced on ECS Eureka environment

  • on Member tenant (e.g. college) in Settings > OAI-PMH > Behavior set “Record source“ to “Source records storage“ or “Source records storage and Inventory“

  • send full harvesting OAI-PMH request via Postman (by edge-user) GET {{edge-url}}/oai/records?verb=ListRecords&metadataPrefix=marc21_withholdings&apiKey={{apiKey}}

  • check the response

Expected result: successful response is obtained, harvested records are included in the response

Actual result: <error code="noRecordsMatch">Got error response from source-record-storage, uri: '/source-storage/source-records' message: Forbidden</error>

2024-11-18_12h10_11.png

Additional information:

Environment

None

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Estimation Notes and Assumptions

None

RCA Group Details

None

Attachments

7
  • 03 Dec 2024, 01:34 PM
  • 03 Dec 2024, 01:34 PM
  • 03 Dec 2024, 01:11 PM
  • 18 Nov 2024, 03:13 PM
  • 18 Nov 2024, 03:13 PM
  • 18 Nov 2024, 03:13 PM
  • 18 Nov 2024, 07:21 AM

Checklist

hide

Activity

Show:

Tatsiana HryhoryevaDecember 3, 2024 at 1:34 PM

Verified on https://folio-etesting-snapshot-consortium.ci.folio.org/ environment, works as expected

  • response from College tenant (in Settings > OAI-PMH > Behavior set “Record source“ to “Source records storage“)

    image-20241203-133353.png

  • response from University tenant (in Settings > OAI-PMH > Behavior set “Record source“ to “Source records storage and Inventory“)

    image-20241203-133413.png

Tatsiana HryhoryevaDecember 3, 2024 at 1:11 PM

Verified on https://eureka-bugfest-ramsons-consortium.int.aws.folio.org/ environment, works as expected - for all 11 tenants (with different oai-pmh settings) successful response is obtained, harvested records are included in the response

2024-12-03_18h07_21.mp4

Oleksii PetrenkoDecember 3, 2024 at 9:42 AM

Issue related to Cross tenant requests

Please retest on Snapshot and Eureka BF ENV

Oleksii PetrenkoNovember 28, 2024 at 9:59 AM

Look like the same issue in sidecars related to integration of Congressional loans

Mikita SiadykhNovember 27, 2024 at 12:02 PM
Edited

some findings (thanks to ):
1. most likely issue comes from cross-tenant request from member tenant to central tenant to retrieve SRS record for shared instance
2. shadow user exists in central tenant and is active
3. capabilities from module permissions were assigned manually to the user role, but didn’t help

  1. tokens were fresh and not cached (FSE team restarted edge-oai-pmh and mod-oai-pmh)

  2. token is valid (logged it on dev rancher to see what is passed to SRS client: valid edge user token from member tenant to make a call in central tenant)

 

would be grateful for any other ideas to check, but for now it still looks like Eureka issue as cross-tenant requests (with permissions from module permissions) is must have functionality for ECS

 

cc as it blocks many test cases

Cannot Reproduce

Details

Assignee

Reporter

Labels

Development Team

Eureka

Release

Ramsons (R2 2024) Bug Fix

RCA Group

Not a bug anymore

Story Points

Sprint

Priority

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created November 18, 2024 at 7:21 AM
Updated January 28, 2025 at 1:51 PM
Resolved December 3, 2024 at 1:36 PM
TestRail: Cases
TestRail: Runs

Flag notifications