[FOLIO-2632] Request to configure diku_admin user with a default patron group Created: 03/Jun/20  Updated: 17/Jun/20  Resolved: 17/Jun/20

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P3
Reporter: Carole Godfrey Assignee: David Crossley
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Blocks
blocks FOLIO-2617 Request to Update ebsco-rmapi-config ... Closed
Sprint: DevOps: sprint 90
Development Team: FOLIO DevOps

 Description   

A new feature is being introduced with Goldenrod release (single tenant - multiple kb libraries)

To configure a user to use this functionality, we have found that the user needs to have a patron group assigned.

We would like to request that the diku_admin user (in reference sites) be assigned a default patron group. (for example - staff, although the Patron group assigned is not significant – only the fact that the user is assigned a Patron Group)

Sample request (as observed from network traffic) to assign a Patron Group to user diku_admin

PUT https://folio-snapshot-okapi.aws.indexdata.com/users/bedf4435-e0f9-5cdc-808f-5ad36663e5fd
{"username":"diku_admin","id":"bedf4435-e0f9-5cdc-808f-5ad36663e5fd","active":true,"proxyFor":[],"personal":{"lastName":"ADMINISTRATOR","firstName":"DIKU","email":"admin@diku.example.org","preferredContactTypeId":"002"},"createdDate":"2020-06-03T03:38:16.216+0000","updatedDate":"2020-06-03T03:38:16.216+0000","metadata":{"createdDate":"2020-06-03T03:38:16.213+0000","updatedDate":"2020-06-03T03:38:16.213+0000"},"patronGroup":"3684a786-6671-4268-8ed0-9db82ebca60b"}


 Comments   
Comment by David Crossley [ 11/Jun/20 ]

Done

Comment by David Crossley [ 11/Jun/20 ]

Re-opened. The folio-release-core Jenkins build 435 broken:

TASK [folio-ansible/roles/set-patron-group : Get patron groups] ****************
fatal: [10.36.1.158]: FAILED! =>
{"changed": false, "connection": "close",
"content": "Access requires permission: usergroups.collection.get",
"content_type": "text/plain", "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "status": 403, "transfer_encoding": "chunked", "url": "http://10.36.1.158:9130/groups", "x_okapi_trace": "GET mod-authtoken-2.5.0 http://10.36.1.158:9152/groups : 403 3431us"}
Comment by David Crossley [ 11/Jun/20 ]

Yet the folio-release build was okay for this "set-patron-group" role.

Comment by David Crossley [ 17/Jun/20 ]

With folio-ansible/pull/359 we (well mostly Wayne) finally determined that the tenant-admin-permissions role needed to wait at the end, to ensure that the permissions cache is cleared. Then the set-patron-group role can proceed.

So now all of the "core" Jenkins builds will be back, e.g. folio-testing-core and folio-release-core etc.

Why were the "complete" builds okay before this? Perhaps because they have more permissions to deal with, so had time for the cache to be renewed.

Generated at Thu Feb 08 23:22:06 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.