Details
-
Bug
-
Status: Closed (View Workflow)
-
P4
-
Resolution: Done
-
None
-
None
-
-
Prokopovych
Description
Overview
Two endpoints can be accessed w/o logging in because they don't have any required permisisons:
- codex-instances
- Returns a 500 because the call to inventory-storage requires a permission (inventory-storage.instances.collection.get). So you may also want to add that to permissionsDesired
for this endpoint
- Returns a 500 because the call to inventory-storage requires a permission (inventory-storage.instances.collection.get). So you may also want to add that to permissionsDesired
- codex-instances/id
- Also fails like above - consider adding (inventory-storage.instances.item.get) to permissionsDesired for this endpoint
I think we probably want the same permission required both here and in codex-mux (handled in a separate story). The desired permissions stuff mentioned above is extra that helps make it clear which permissions are really needed for this to work. If you actually makes these required permissions you'd also have to add them as module permissions in codex-mux, and I'm not sure that's what we want.
Reproducer
/codex-instances
$ curl $OKAPI/codex-instances -v -H "X-Okapi-Tenant: diku" -w '\n' -H "X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73" * Trying 52.0.23.15... * Connected to folio-testing-okapi.aws.indexdata.com (52.0.23.15) port 443 (#0) * found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 597 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.aws.indexdata.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=*.aws.indexdata.com * start date: Thu, 23 May 2019 00:00:00 GMT * expire date: Tue, 23 Jun 2020 12:00:00 GMT * issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon * compression: NULL * ALPN, server accepted to use http/1.1 > GET /codex-instances HTTP/1.1 > Host: folio-testing-okapi.aws.indexdata.com > User-Agent: curl/7.47.0 > Accept: */* > X-Okapi-Tenant: diku > X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73 > < HTTP/1.1 500 Internal Server Error < Date: Fri, 27 Sep 2019 17:42:06 GMT < Content-Type: text/plain < Transfer-Encoding: chunked < Connection: keep-alive < X-Okapi-Trace: GET mod-authtoken-2.4.0-SNAPSHOT.57 http://10.36.1.54:9132/codex-instances : 202 2853us < x-forwarded-for: 140.234.253.9 < x-forwarded-proto: https < x-forwarded-port: 443 < host: folio-testing-okapi.aws.indexdata.com < x-amzn-trace-id: Root=1-5d8e49ee-995b5632b1a891c1a3faeaa6 < user-agent: curl/7.47.0 < accept: */* < x-okapi-tenant: diku < x-okapi-request-id: 586797/codex-instances < x-okapi-url: http://10.36.1.54:9130 < x-okapi-request-ip: 10.36.10.9 < x-okapi-request-timestamp: 1569606126615 < x-okapi-request-method: GET < x-okapi-permissions: [] < x-okapi-match-path-pattern: /codex-instances < X-Okapi-Trace: GET mod-codex-inventory-1.6.0-SNAPSHOT.73 http://10.36.1.54:9154/codex-instances : 500 14527us < * Connection #0 to host folio-testing-okapi.aws.indexdata.com left intact Get url http://10.36.1.54:9130/instance-storage/instances?offset=0&limit=10 returned 403
/codex-instances/<id>
$ curl $OKAPI/codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 -v -H "X-Okapi-Tenant: diku" -w '\n' -H "X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73" * Trying 52.0.23.15... * Connected to folio-testing-okapi.aws.indexdata.com (52.0.23.15) port 443 (#0) * found 148 certificates in /etc/ssl/certs/ca-certificates.crt * found 597 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.aws.indexdata.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=*.aws.indexdata.com * start date: Thu, 23 May 2019 00:00:00 GMT * expire date: Tue, 23 Jun 2020 12:00:00 GMT * issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon * compression: NULL * ALPN, server accepted to use http/1.1 > GET /codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 HTTP/1.1 > Host: folio-testing-okapi.aws.indexdata.com > User-Agent: curl/7.47.0 > Accept: */* > X-Okapi-Tenant: diku > X-Okapi-Module-Id: mod-codex-inventory-1.6.0-SNAPSHOT.73 > < HTTP/1.1 500 Internal Server Error < Date: Fri, 27 Sep 2019 17:44:40 GMT < Content-Type: text/plain < Transfer-Encoding: chunked < Connection: keep-alive < X-Okapi-Trace: GET mod-authtoken-2.4.0-SNAPSHOT.57 http://10.36.1.54:9132/codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 : 202 2946us < x-forwarded-for: 140.234.253.9 < x-forwarded-proto: https < x-forwarded-port: 443 < host: folio-testing-okapi.aws.indexdata.com < x-amzn-trace-id: Root=1-5d8e4a88-f037576090e2b8b007716690 < user-agent: curl/7.47.0 < accept: */* < x-okapi-tenant: diku < x-okapi-request-id: 094607/codex-instances < x-okapi-url: http://10.36.1.54:9130 < x-okapi-request-ip: 10.36.10.9 < x-okapi-request-timestamp: 1569606280906 < x-okapi-request-method: GET < x-okapi-permissions: [] < x-okapi-match-path-pattern: /codex-instances/{id} < X-Okapi-Trace: GET mod-codex-inventory-1.6.0-SNAPSHOT.73 http://10.36.1.54:9154/codex-instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 : 500 13941us < * Connection #0 to host folio-testing-okapi.aws.indexdata.com left intact Get url http://10.36.1.54:9130/instance-storage/instances/04489a01-f3cd-4f9e-9be4-d9c198703f45 returned 403
TestRail: Results
Attachments
Issue Links
- has to be done after
-
-
- Closed
-
- relates to
-
-
- Closed
-