[FOLIO-2632] Request to configure diku_admin user with a default patron group Created: 03/Jun/20 Updated: 17/Jun/20 Resolved: 17/Jun/20 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Story | Priority: | P3 |
| Reporter: | Carole Godfrey | Assignee: | David Crossley |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | DevOps: sprint 90 | ||||||||
| Development Team: | FOLIO DevOps | ||||||||
| Description |
|
A new feature is being introduced with Goldenrod release (single tenant - multiple kb libraries) To configure a user to use this functionality, we have found that the user needs to have a patron group assigned. We would like to request that the diku_admin user (in reference sites) be assigned a default patron group. (for example - staff, although the Patron group assigned is not significant – only the fact that the user is assigned a Patron Group) Sample request (as observed from network traffic) to assign a Patron Group to user diku_admin PUT https://folio-snapshot-okapi.aws.indexdata.com/users/bedf4435-e0f9-5cdc-808f-5ad36663e5fd {"username":"diku_admin","id":"bedf4435-e0f9-5cdc-808f-5ad36663e5fd","active":true,"proxyFor":[],"personal":{"lastName":"ADMINISTRATOR","firstName":"DIKU","email":"admin@diku.example.org","preferredContactTypeId":"002"},"createdDate":"2020-06-03T03:38:16.216+0000","updatedDate":"2020-06-03T03:38:16.216+0000","metadata":{"createdDate":"2020-06-03T03:38:16.213+0000","updatedDate":"2020-06-03T03:38:16.213+0000"},"patronGroup":"3684a786-6671-4268-8ed0-9db82ebca60b"}
|
| Comments |
| Comment by David Crossley [ 11/Jun/20 ] |
|
Done |
| Comment by David Crossley [ 11/Jun/20 ] |
|
Re-opened. The folio-release-core Jenkins build 435 broken: TASK [folio-ansible/roles/set-patron-group : Get patron groups] ****************
fatal: [10.36.1.158]: FAILED! =>
{"changed": false, "connection": "close",
"content": "Access requires permission: usergroups.collection.get",
"content_type": "text/plain", "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "status": 403, "transfer_encoding": "chunked", "url": "http://10.36.1.158:9130/groups", "x_okapi_trace": "GET mod-authtoken-2.5.0 http://10.36.1.158:9152/groups : 403 3431us"}
|
| Comment by David Crossley [ 11/Jun/20 ] |
|
Yet the folio-release build was okay for this "set-patron-group" role. |
| Comment by David Crossley [ 17/Jun/20 ] |
|
With folio-ansible/pull/359 we (well mostly Wayne) finally determined that the tenant-admin-permissions role needed to wait at the end, to ensure that the permissions cache is cleared. Then the set-patron-group role can proceed. So now all of the "core" Jenkins builds will be back, e.g. folio-testing-core and folio-release-core etc. Why were the "complete" builds okay before this? Perhaps because they have more permissions to deal with, so had time for the cache to be renewed. |