<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:27:24 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3343] folio-ansible tenant admin bootstrap script failure</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3343</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;We are seeing this error when building the tenant admin user:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
failed: [10.36.1.10] (item=perms.users.assign.okapi) =&amp;gt; {&#8220;ansible_loop_var&#8221;: &#8220;item&#8221;, &#8220;changed&#8221;: &lt;span class=&quot;code-keyword&quot;&gt;false&lt;/span&gt;, &#8220;connection&#8221;: &#8220;close&#8221;, &#8220;content&#8221;: &#8220;Cannot add okapi permission perms.users.assign.okapi not owned by operating user 88e0aa9e-6ce0-5410-a029-0cde5cf4f9b2&#8221;, &#8220;content_type&#8221;: &#8220;text/plain&#8221;, &#8220;elapsed&#8221;: 0, &#8220;item&#8221;: &#8220;perms.users.assign.okapi&#8221;, &#8220;msg&#8221;: &#8220;Status code was 403 and not [200]: HTTP Error 403: Forbidden&#8221;, &#8220;redirected&#8221;: &lt;span class=&quot;code-keyword&quot;&gt;false&lt;/span&gt;, &#8220;status&#8221;: 403, &#8220;transfer_encoding&#8221;: &#8220;chunked&#8221;, &#8220;url&#8221;: &#8220;http:&lt;span class=&quot;code-comment&quot;&gt;//10.36.1.10:9130/perms/users/89836a62-1255-44fd-b48e-035d2ae23633/permissions&#8221;, &#8220;vary&#8221;: &#8220;origin&#8221;, &#8220;x_okapi_trace&#8221;: &#8220;POST mod-permissions-6.0.0-SNAPSHOT.126 http://10.36.1.10:9137/perms/users/89836a62-1255-44fd-b48e-035d2ae23633/permissions : 403 13167us&#8221;}&lt;/span&gt;
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;
&lt;p&gt;This may be due to the changes introduced in 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODPERMS-161&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODPERMS-161&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;perms.users.assign.immutable can give okapi.all&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10309?size=medium&quot; /&gt;
            MODPERMS-161
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;

&lt;p&gt;See Slack conversation at &lt;a href=&quot;https://folio-project.slack.com/archives/CFQU1MF61/p1636984948069700?thread_ts=1636984118.069400&amp;amp;cid=CFQU1MF61&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://folio-project.slack.com/archives/CFQU1MF61/p1636984948069700?thread_ts=1636984118.069400&amp;amp;cid=CFQU1MF61&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="82118">FOLIO-3343</key>
            <summary>folio-ansible tenant admin bootstrap script failure</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10005" iconUrl="https://dev.folio.org/assets/jira-priority/tbd.svg">TBD</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5c706fbb47a54a6728e59df2">Wayne Schneider</assignee>
                                                                <reporter accountid="5c706fbb47a54a6728e59df2">Wayne Schneider</reporter>
                                    <labels>
                    </labels>
                <created>Mon, 15 Nov 2021 14:51:57 +0000</created>
                <updated>Tue, 18 Jan 2022 09:15:59 +0000</updated>
                            <resolved>Thu, 18 Nov 2021 00:44:07 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="196902" author="5c706fbb47a54a6728e59df2" created="Mon, 15 Nov 2021 15:51:38 +0000"  >&lt;p&gt;The issue is that that tenant-admin-permissions role was not excluding &lt;tt&gt;perms.assign.okapi&lt;/tt&gt;, as it should (since the tenant admin in the reference environments should not have special Okapi permissions).&lt;/p&gt;</comment>
                                                            <comment id="196904" author="5f8314dfbdef80006f6f572d" created="Mon, 15 Nov 2021 17:12:42 +0000"  >&lt;p&gt;Nice, so this makes it more secure than before.&lt;/p&gt;</comment>
                                                            <comment id="196906" author="5c706fbb47a54a6728e59df2" created="Wed, 17 Nov 2021 14:41:14 +0000"  >&lt;p&gt;Reopening. This change causes the Vagrant box builds to fail when creating the special &lt;tt&gt;testing_admin&lt;/tt&gt; user, which requires the &lt;tt&gt;okapi.all&lt;/tt&gt; permission set. See &lt;a href=&quot;https://jenkins-aws.indexdata.com/job/Automation/job/folio-blackbox/7241/consoleFull&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;log of failed build&lt;/a&gt;.&lt;/p&gt;</comment>
                                                            <comment id="196909" author="5c706fbb47a54a6728e59df2" created="Wed, 17 Nov 2021 22:15:54 +0000"  >&lt;p&gt;Probably the &quot;right&quot; thing to do is to disable mod-authtoken, grant &lt;tt&gt;diku_admin&lt;/tt&gt; the permission, create the &lt;tt&gt;testing_admin&lt;/tt&gt; user, revoke the permission from &lt;tt&gt;diku_admin&lt;/tt&gt;, and reenable mod-authtoken. I took the easy way out and just created &lt;tt&gt;diku_admin&lt;/tt&gt; with &lt;tt&gt;perms.users.assign.okapi&lt;/tt&gt; (and no other Okapi permissions), not ideal.&lt;/p&gt;</comment>
                                                            <comment id="196911" author="5f8314dfbdef80006f6f572d" created="Tue, 18 Jan 2022 09:15:59 +0000"  >&lt;p&gt;That testing_admin is a huge security risk with a known password and everything.. let&apos;s hope nobody creates that user for a production system.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="34334">MODPERMS-161</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i03oqv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="284">DevOps Sprint 127</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 15 Nov 2021 17:12:42 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>