[FOLIO-2631] Update folio-ansible to work with breaking changes in mod-login Created: 03/Jun/20  Updated: 11/Jun/20  Resolved: 11/Jun/20

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P1
Reporter: Craig McNally Assignee: Craig McNally
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks MODLOGIN-128 It is possible to fetch password hash... Closed
Sprint:
Development Team: FOLIO DevOps

 Description   

Overview

For security reasons the following endpoints were removed from mod-login (login v7.0):

  • GET /authn/credentials
  • GET /authn/credentials/<id>

folio-ansible uses GET /authn/credentials to check whether credentials already exists. It only creates it if it doesn't. One can run the folio-ansible script multiple times (idempotent). It only uses "totalRecords" and does not check the password hash:

folio-ansible can use the `/authn/credentials-existence` endpoint instead.

See MODLOGIN-128 Closed for details.

Acceptance Criteria

  • folio-ansible is updated to use /authn/credentials-existence instead of the endpoints being removed


 Comments   
Comment by Craig McNally [ 09/Jun/20 ]

JFYI the core platform team is looking to release mod-login with these breaking changes very soon. These scripts will be broken when using head of master or Goldenrod once that happens. If devops requires guidance/assistance please let me know.

John Malconian Ian Hardy Jakub Skoczen

Comment by Ian Hardy [ 09/Jun/20 ]

-off the top of my head I know the create-tenant-admin role and the okapi-secure role both check for the existence of admin credentials using a GET to /authn/credentials: https://github.com/folio-org/folio-ansible/blob/master/roles/create-tenant-admin/tasks/main.yml#L79-

This is to make the role idempotent (don't create credentials if they already exist). I guess we could delete the credentials record and re-create it every time.

ignore me.

Comment by Craig McNally [ 11/Jun/20 ]

verified via folio-testing-backend build:

https://jenkins-aws.indexdata.com/job/Automation/job/folio-testing-backend/491/

Generated at Thu Feb 08 23:22:05 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.