[FOLIO-3385] Adjust Automation to mod-permission 6.0 Created: 12/Jan/22 Updated: 17/Jan/22 Resolved: 17/Jan/22 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | TBD |
| Reporter: | Aleh Litasau | Assignee: | Aleh Litasau |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Attachments: |
|
| Sprint: | DevOps Sprint 131 |
| Story Points: | 3 |
| Development Team: | Kitfox |
| Description |
|
At current stage automation has the following issue if deployed from snapshot env:
failed: [localhost] (item=ui-organizations.create) => {"changed": false, "connection": "close", "content": "Cannot add immutable permission ui-organizations.create not owned by operating user 253816bd-6a09-5c29-8ce0-3d48d69bee3a", "content_type": "text/plain", "date": "Tue, 11 Jan 2022 17:32:40 GMT", "item": "ui-organizations.create", "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "status": 403, "transfer_encoding": "chunked", "url": "https://cypress-okapi.ci.folio.org/perms/users/1363a5da-9e2b-498f-b9de-3bc18c78d286/permissions", "vary": "origin"}
failed: [localhost] (item=users.all) => {"changed": false, "connection": "close", "content": "Cannot add immutable permission users.all not owned by operating user 253816bd-6a09-5c29-8ce0-3d48d69bee3a", "content_type": "text/plain", "date": "Tue, 11 Jan 2022 17:32:41 GMT", "item": "users.all", "msg": "Status code was 403 and not [200]: HTTP Error 403: Forbidden", "redirected": false, "status": 403, "transfer_encoding": "chunked", "url": "https://cypress-okapi.ci.folio.org/perms/users/1363a5da-9e2b-498f-b9de-3bc18c78d286/permissions", "vary": "origin"}
|
| Comments |
| Comment by Jakub Skoczen [ 12/Jan/22 ] |
|
Wayne Schneider is there something here that Aleh is doing wrong? |
| Comment by Wayne Schneider [ 12/Jan/22 ] |
|
Jakub Skoczen Aleh Litasau it's hard to tell without a link to the code that is generating the error, but it looks to me like the user that is trying to grant the permissions does not have the perms.users.assign.immutable permission. When you create an administrative user for a tenant, you must create the permissions user record with the perms.users.assign.immutable and perms.users.assign.mutable permissions (and optionally perms.users.assign.okapi if the user should be able to grant access to the Okapi API) before enabling the authtoken interface. See the create-tenant-admin role in folio-ansible and the bootstrap-superuser.pl script in folio-install for examples. |
| Comment by Aleh Litasau [ 14/Jan/22 ] |
|
Jakub Skoczen Wayne Schneider Sorry, didn't notice that task will created under FOLIO project. I reviewed automation and it looks like ansible roles for scratch env. were copied from snapshot ansible roles. The problem connected with mod-permission 6.0 and looks like Wayne already solved it within
Why roles are not taken from main ansible repo is another question for the future. Special thanks for support to Adam Dickmeiss!
|
| Comment by Aleh Litasau [ 17/Jan/22 ] |
|
Permissions were added: {% if perms_users_assign %} "perms.users.assign.immutable", Group var is set perms_users_assign. As mentioned permissions are all in the 5.14.4 it can be merged now. |
| Comment by Aleh Litasau [ 17/Jan/22 ] |
|
|
| Comment by Aleh Litasau [ 17/Jan/22 ] |
|
created branch and separate jenkins job were deleted. |