Details
-
Bug
-
Status: Closed (View Workflow)
-
P3
-
Resolution: Done
-
None
-
None
-
-
Falcon Sprint 128, Falcon Sprint 129
-
0
-
Falcon
Description
This bug crosses modules, sorry about that. Please feel free to move if needed.
In the mod-search module descriptor, the /search/index/inventory/reindex endpoint is given the module permissions:
"modulePermissions": [
"inventory-storage.instance.reindex.post",
"inventory-storage.authority.reindex.post"
]
And the /_/tenant endpoint is given the permissions:
"modulePermissions": [
"users.collection.get",
"users.item.post",
"login.item.post",
"perms.users.item.post",
"perms.users.get",
"inventory-storage.instance.reindex.post"
]
Apparently missing from the tenant API is the permission for authority reindexing.
In mod-inventory-storage, the /authority-storage/reindex endpoints require permissions with the names authority-storage.authority.reindex.post, authority-storage.authority.reindex.item.get, and authority-storage.authority.reindex.item.delete (so not matching the module permissions granted in mod-search).
To further complicate matters, those permissions are not defined in the permissionsSets section of the module descriptor, instead, there are permissionSets named inventory-storage.authority.reindex.post, inventory-storage.authority.reindex.item.get, and inventory-storage.authority.reindex.item.delete.
This all results in what is probably not expected behavior; in particular the mod-search tenant init fails if runReindex=true is set as a tenant parameter with the following error:
14:11:05 [375883/proxy] [supertenant] [] [] WARN ProxyService POST request for mod-search-1.6.0-SNAPSHOT.160 /_/tenant failed with 500: {"errors":[{"message":"[403 Forbidden] during [POST] to [http://authority-storage/reindex] [ResourceReindexClient#submitReindex(URI)]: [Access requires permission: authority-storage.authority.reindex.post]","type":"Forbidden","code":"unknown_error"}],"total_records":1} org.folio.okapi.common.ErrorTypeException: 500: {"errors":[{"message":"[403 Forbidden] during [POST] to [http://authority-storage/reindex] [ResourceReindexClient#submitReindex(URI)]: [Access requires permission: authority-storage.authority.reindex.post]","type":"Forbidden","code":"unknown_error"}],"total_records":1} 14:11:05 [375883/proxy] [supertenant] [] [] INFO TenantManager job complete 14:11:05 [375883/proxy] [supertenant] [] [] WARN TenantManager job failed org.folio.okapi.util.OkapiError: POST request for mod-search-1.6.0-SNAPSHOT.160 /_/tenant failed with 500: {"errors":[{"message":"[403 Forbidden] during [POST] to [http://authority-storage/reindex] [ResourceReindexClient#submitReindex(URI)]: [Access requires permission: authority-storage.authority.reindex.post]","type":"Forbidden","code":"unknown_error"}],"total_records":1} 14:11:05 [375883/proxy] [supertenant] [] [] INFO ProxyContext 375883/proxy RES 400 509538181us okapi POST request for mod-search-1.6.0-SNAPSHOT.160 /_/tenant failed with 500: {"errors":[{"message":"[403 Forbidden] during [POST] to [http://authority-storage/reindex] [ResourceReindexClient#submitReindex(URI)]: [Access requires permission: authority-storage.authority.reindex.post]","type":"Forbidden","code":"unknown_error"}],"total_records":1} 14:11:05 [375883/proxy] [supertenant] [] [] ERROR HttpResponse HTTP response code=400 msg=POST request for mod-search-1.6.0-SNAPSHOT.160 /_/tenant failed with 500: {"errors":[{"message":"[403 Forbidden] during [POST] to [http://authority-storage/reindex] [ResourceReindexClient#submitReindex(URI)]: [Access requires permission: authority-storage.authority.reindex.post]","type":"Forbidden","code":"unknown_error"}],"total_records":1}
See also FOLIO-3354.
TestRail: Results
Attachments
Issue Links
- blocks
-
-
- Closed
-
- defines
-
UXPROD-3364 Falcon - Lotus R1 2022 Enhancements/Bugfixes/Tech Debt
-
- Closed
-