Uploaded image for project: 'mod-remote-storage'
  1. mod-remote-storage
  2. MODRS-114

mod-remote-storage fails to recover from invalid token

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • P2
    • Resolution: Done
    • 1.3.4
    • 1.5.0
    • None
    • Firebird Sprint 133
    • 2
    • Firebird
    • Lotus R1 2022
    • University of Chicago
    • Requirements change

    Description

      Overview:
      If the Okapi authentication token for the system-user for mod-remote-storage is invalidated, the module does not recover and the token apparently needs to be manually updated in the system_user_parameters table. This is obviously extremely brittle, as the authentication token is not guaranteed to remain valid indefinitely (and indeed it would be a security risk if it was never invalidated).

      Steps to Reproduce:
      On a running system with mod-remote-storage, restart mod-authtoken with a new signing key to force invalidation of all tokens.

      Expected Results:
      Changing the location of an item to a remote storage location should add the item to the accession queue.

      Actual Results:
      The item is not added to the accession queue, and the following error appears in the log:

      19:54:27 [] [] [] [] INFO  ccessionQueueService isEffectiveLocationChanged: true
19:54:27 [] [] [] [] ERROR KafkaConfiguration   Error in process with Exception org.springframework.kafka.listener.ListenerExecutionFailedException: Listener method 'public void org.folio.rs.integration.KafkaMessageListener.handleEvents(java.util.List<org.folio.rs.domain.dto.DomainEvent>)' threw exception; nested exception is feign.FeignException$Unauthorized: status 401 reading InventoryClient#getInstancesByQuery(String); nested exception is feign.FeignException$Unauthorized: status 401 reading InventoryClient#getInstancesByQuery(String) and the record is org.apache.kafka.clients.consumer.ConsumerRecords@677547a9

      Additional Information:
      Restarting mod-remote-storage does not allow it to recover, nor does it help to set the okapi_token column in system_user_parameters to NULL. The only workaround I found was to log in to the FOLIO environment as the system-user and manually update the entry in system_user_parameters with the new token.

      Interested parties:
      dbottorff arnt@uchicago.edu

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Task - A task that needs to be done. FAT-1180 EDGDEMATIC: fix api karate tests failures for edge-dematic module

            • TBD - To be determined
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. MODRS-104 Accessioning holdings & items to remote storage fails when no order record is present

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            defines

            New Feature - New feature requests UXPROD-3340 Firebird - Lotus R1 2022 Enhancements/Bugfixes/Tech Debt

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            is blocked by

            New Feature - New feature requests OKAPI-1061 Okapi creating tenant level module users

            • TBD - To be determined
            • Draft

            Activity

              People

                khandramai Viachaslau Khandramai
                wayne Wayne Schneider
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases