[GitHub] [trafficcontrol] ocket8888 opened a new issue, #7245: /jobs Tenancy check erroneously fails

Tue, 13 Dec 2022 13:21:41 -0800 


ocket8888 opened a new issue, #7245:
URL: https://github.com/apache/trafficcontrol/issues/7245

   ## This Bug Report affects these Traffic Control components:
   - Traffic Ops
   
   ## Current behavior:
   When a user in the root Tenant (possibly any Tenant, untested) attempts to 
create a new "Job" via a POST request to `/jobs` (APIv4.0 verified), the 
endpoint responds with a `404 Not Found` response with an accompanying 
error-level Alert saying that the user was rejected access on the basis of 
Tenancy.
   
   ## Expected behavior:
   Rejecting a request due to insufficient permissions should be a `403 
Forbidden` response, not `404 Not Found`. Also, Tenancy checks should work.
   
   It's possible, though, that the Tenancy check isn't actually failing, and 
the error message is just incorrect due to copypasta. Further research needs to 
be done.
   
   ## Steps to reproduce:
   <details><summary>Request (done in developer environment)</summary>
   
   Note that both the user and the "dev" Delivery Service are in the root 
Tenant.
   
   ```http
   POST /api/4.0/jobs HTTP/1.1
   User-Agent: python-requests/2.25.1
   Accept-Encoding: gzip, deflate
   Accept: */*
   Connection: keep-alive
   Cookie:  ...
   Content-Length: 125
   
   {"deliveryService": "dev", "invalidationType": "REFRESH", "regex": "/.*", 
"startTime": "2022-12-14T00:00:00Z", "ttlHours": 5}
   ```
   
   (replace the startTime date with whatever "tomorrow" is when you're reading 
this)
   
   </details>
   
   <details><summary>Response</summary>
   
   ```http
   HTTP/1.1 404 Not Found
   Content-Encoding: gzip
   Content-Type: application/json
   Permissions-Policy: interest-cohort=()
   Set-Cookie: ...
   Vary: Accept-Encoding
   Whole-Content-Sha512: ...
   X-Server-Name: traffic_ops_golang/
   Date: Tue, 13 Dec 2022 21:16:02 GMT
   Content-Length: 97
   
   {
        "alerts": [
                {
                        "text": "failed to authorize based on tenancy",
                        "level": "error"
                }
        ]
   }
   ```
   
   </details>
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to