[FOLIO-2535] update pr preview pipeline to use authenticated requests to /_/discovery/interfaces Created: 25/Mar/20 Updated: 03/Jun/20 Resolved: 08/Apr/20 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P2 |
| Reporter: | Ian Hardy | Assignee: | John Malconian |
| Resolution: | Done | Votes: | 0 |
| Labels: | devops-backlog | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||
| Sprint: | DevOps: sprint 85 | ||||||||||||||||
| Development Team: | FOLIO DevOps | ||||||||||||||||
| Description |
|
Since we updated okpai, we also need to update any GET requests to /_/discovery/modules/... to use an x-okapi-tenant header for the supertenant user: example error [Pipeline] readJSON (hide) [Pipeline] echo Mod: mod-calendar-1.8.0 [Pipeline] httpRequest HttpMethod: GET URL: https://okapi-default.ci.folio.org/_/discovery/modules/mod-calendar-1.8.0 Content-Type: application/json; charset=UTF-8 Accept: application/json Sending request to url: https://okapi-default.ci.folio.org/_/discovery/modules/mod-calendar-1.8.0 Response Code: HTTP/1.1 403 Forbidden |
| Comments |
| Comment by Ian Hardy [ 26/Mar/20 ] |
|
Checked that x-okapi-token was getting passed in ansible role since okapi now requires a read permission for discovery/modules. Found that it was, and was still getting errors about missing okapi.discovery.get even when the super admin user has okapi.all. Found that disablling mod-authtoken and mod-permissions and then re-enabling them picked up the new permission and now we can successfully complete the failing call. |
| Comment by Bohdan Suprun (Inactive) [ 26/Mar/20 ] |
|
Hi Ian Hardy, Is it already resolved? I'm able to reproduce it again: Jenkins job: https://jenkins-aws.indexdata.com/blue/organizations/jenkins/folio-org%2Fplatform-core/detail/PR-554/4/pipeline Thank you, |
| Comment by Bohdan Suprun (Inactive) [ 26/Mar/20 ] |
|
Reopening while waiting for clarification. |
| Comment by Ian Hardy [ 26/Mar/20 ] |
|
You're right. User has required permissions now, but must not be including them in that request |
| Comment by John Malconian [ 26/Mar/20 ] |
|
The PR preview pipeline has been updated to include supertenant authentication to /_/discovery endpoints. PR-554 in platform-core, however, still fails because the versions of mod-inventory and mod-inventory-storage artifact specified in .pr-custom-deps are specifiied incorrectly. More info in the PR comments. We may need to have Jenkins update the Github comments with the version of the artifact deployed so that developers don't need to dig out the version from the build logs. Also fixed a bug where docker images tagged with PR preview versions were not cleaned up properly which left stray artifacts on Jenkins build nodes. |
| Comment by Bohdan Suprun (Inactive) [ 26/Mar/20 ] |
|
Thanks Ian Hardy, John Malconian! The authentication issue disappeared. However I'm getting No running instances for module mod-inventory-storage-19.2.0-SNAPSHOT.420.5. Can not invoke /_/tenant issue now. But `https://okapi-preview.ci.folio.org/_/proxy/modules/mod-inventory-storage-19.2.0-SNAPSHOT.420.5` returns the descriptor. So the versions and descriptor should be correct. Do I need to raise a separate issue for this? |
| Comment by John Malconian [ 26/Mar/20 ] |
|
No separate issues. Let's keep everything related to this PR in this Jira. I'll look into the last reported error. |
| Comment by John Malconian [ 26/Mar/20 ] |
|
There appears to be an issue with module deployment to the preview namespace. Working with Ian to resolve. |
| Comment by John Malconian [ 30/Mar/20 ] |
|
Bohdan Suprun Tenant: platform_core_554_9 |
| Comment by Bohdan Suprun (Inactive) [ 30/Mar/20 ] |
|
Hi John Malconian, Looks great, thank you! Could you please advice what username/password should I use to log in? |
| Comment by Ian Hardy [ 30/Mar/20 ] |
|
Hi Bohdan Suprun, Username will always be $SOMETENANT_admin and the password is just admin, so in this case: platform_core_554_9_admin / admin |
| Comment by Jakub Skoczen [ 01/Apr/20 ] |
|
|
| Comment by Bohdan Suprun (Inactive) [ 08/Apr/20 ] |
|
Hi Ian Hardy, John Malconian, Everything seems fine for now. Closing the issue. Will reopen if needed. Thank you! |