[FOLIO-2631] Update folio-ansible to work with breaking changes in mod-login Created: 03/Jun/20 Updated: 11/Jun/20 Resolved: 11/Jun/20 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Story | Priority: | P1 |
| Reporter: | Craig McNally | Assignee: | Craig McNally |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | |||||||||
| Development Team: | FOLIO DevOps | ||||||||
| Description |
OverviewFor security reasons the following endpoints were removed from mod-login (login v7.0):
folio-ansible uses GET /authn/credentials to check whether credentials already exists. It only creates it if it doesn't. One can run the folio-ansible script multiple times (idempotent). It only uses "totalRecords" and does not check the password hash:
folio-ansible can use the `/authn/credentials-existence` endpoint instead. See
Acceptance Criteria
|
| Comments |
| Comment by Craig McNally [ 09/Jun/20 ] |
|
JFYI the core platform team is looking to release mod-login with these breaking changes very soon. These scripts will be broken when using head of master or Goldenrod once that happens. If devops requires guidance/assistance please let me know. |
| Comment by Ian Hardy [ 09/Jun/20 ] |
|
-off the top of my head I know the create-tenant-admin role and the okapi-secure role both check for the existence of admin credentials using a GET to /authn/credentials: https://github.com/folio-org/folio-ansible/blob/master/roles/create-tenant-admin/tasks/main.yml#L79-
ignore me. |
| Comment by Craig McNally [ 11/Jun/20 ] |
|
verified via folio-testing-backend build: https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-backend/491/ |