[FOLIO-3385] Adjust Automation to mod-permission 6.0 Created: 12/Jan/22  Updated: 17/Jan/22  Resolved: 17/Jan/22

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: TBD
Reporter: Aleh Litasau Assignee: Aleh Litasau
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Attachments: PNG File screenshot-1.png    
Sprint: DevOps Sprint 131
Story Points: 3
Development Team: Kitfox

 Description   

At current stage automation has the following issue if deployed from snapshot env:

failed: [localhost] (item=ui-organizations.create) => {"changed": false, "connection": "close", "content": "Cannot add immutable permission ui-organizations.create not owned by operating user 253816bd-6a09-5c29-8ce0-3d48d69bee3a", "content_type": "text/plain", "date": "Tue, 11 Jan 2022 17:32:40 GMT", "item": "ui-organizations.create", "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "status": 403, "transfer_encoding": "chunked", "url": "https://cypress-okapi.ci.folio.org/perms/users/1363a5da-9e2b-498f-b9de-3bc18c78d286/permissions", "vary": "origin"}
failed: [localhost] (item=users.all) => {"changed": false, "connection": "close", "content": "Cannot add immutable permission users.all not owned by operating user 253816bd-6a09-5c29-8ce0-3d48d69bee3a", "content_type": "text/plain", "date": "Tue, 11 Jan 2022 17:32:41 GMT", "item": "users.all", "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "status": 403, "transfer_encoding": "chunked", "url": "https://cypress-okapi.ci.folio.org/perms/users/1363a5da-9e2b-498f-b9de-3bc18c78d286/permissions", "vary": "origin"}


 Comments   
Comment by Jakub Skoczen [ 12/Jan/22 ]

Wayne Schneider is there something here that Aleh is doing wrong?

Comment by Wayne Schneider [ 12/Jan/22 ]

Jakub Skoczen Aleh Litasau it's hard to tell without a link to the code that is generating the error, but it looks to me like the user that is trying to grant the permissions does not have the perms.users.assign.immutable permission. When you create an administrative user for a tenant, you must create the permissions user record with the perms.users.assign.immutable and perms.users.assign.mutable permissions (and optionally perms.users.assign.okapi if the user should be able to grant access to the Okapi API) before enabling the authtoken interface. See the create-tenant-admin role in folio-ansible and the bootstrap-superuser.pl script in folio-install for examples.

Comment by Aleh Litasau [ 14/Jan/22 ]

Jakub Skoczen Wayne Schneider Sorry, didn't notice that task will  created under FOLIO project. I reviewed automation and it looks like ansible roles for scratch env. were copied from snapshot ansible roles.

The problem connected with mod-permission 6.0 and looks like Wayne already solved it within FOLIO-3343 Closed , the next is to compare roles and try to add the same adjustment.

Why roles are not taken from main ansible repo is another question for the future.

Special thanks for support to Adam Dickmeiss!

 

Comment by Aleh Litasau [ 17/Jan/22 ]

Permissions were added:

{% if perms_users_assign %}

"perms.users.assign.immutable",
"perms.users.assign.mutable",
"perms.users.assign.okapi",

{% endif %}

Group var is set perms_users_assign. As mentioned permissions are all in the 5.14.4 it can be merged now.

Comment by Aleh Litasau [ 17/Jan/22 ]


Was successfully verified on RANCHER-125 Closed .

Comment by Aleh Litasau [ 17/Jan/22 ]

created branch and separate jenkins job were deleted.

Generated at Thu Feb 08 23:27:43 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.