You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@airavata.apache.org by "Eroma (JIRA)" <ji...@apache.org> on 2018/01/30 21:57:00 UTC

[jira] [Comment Edited] (AIRAVATA-2594) ssh account auto-provisioning fails for "gateway-user"?

    [ https://issues.apache.org/jira/browse/AIRAVATA-2594?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16336423#comment-16336423 ] 

Eroma edited comment on AIRAVATA-2594 at 1/30/18 9:56 PM:
----------------------------------------------------------

Tested in dev.seagrid.org

Test Cases
 # New user using campus credentials logged in from CILogon after been given gateway-user role. No authorization exception thrown. User logs in to Dashboard - PASS
 # New user using campus credentials logged in from CILogon after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - PASS
 # New user using campus credentials logged in from CILogon after been given admin role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user using google logged in from CILogon after been given gateway-user role. No authorization exception thrown. User logs in to Dashboard -
 # New user using google logged in from CILogon after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user using google logged in from CILogon after been given admin role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user creates an account and logs in after been given gateway-user role. No authorization exception thrown. User logs in to Dashboard - 
 # New user creates an account and logs in after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user creates an account and logs in after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # A New user using campus credentials through CILogon having gateway-user role given user-pending role. When logs in again sees the screen intended for pending user, no exceptions -
 # A New user using google through CILogon having admin-read-only role given user-pending role. When logs in again sees the screen intended for pending user, no exceptions -
 # A New user using created account having admin role given user-pending role. When logs in again sees the screen intended for pending user, no exceptions -


was (Author: eroma_a):
Tested in dev.seagrid.org

Test Cases
 # New user using campus credentials logged in from CILogon after been given gateway-user role. No authorization exception thrown. User logs in to Dashboard - PASS
 # New user using campus credentials logged in from CILogon after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user using campus credentials logged in from CILogon after been given admin role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user using google logged in from CILogon after been given gateway-user role. No authorization exception thrown. User logs in to Dashboard -
 # New user using google logged in from CILogon after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user using google logged in from CILogon after been given admin role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user creates an account and logs in after been given gateway-user role. No authorization exception thrown. User logs in to Dashboard - 
 # New user creates an account and logs in after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # New user creates an account and logs in after been given admin-read-only role. No authorization exception thrown. User logs in to Admin Dashboard - 
 # A New user using campus credentials through CILogon having gateway-user role given user-pending role. When logs in again sees the screen intended for pending user, no exceptions -
 # A New user using google through CILogon having admin-read-only role given user-pending role. When logs in again sees the screen intended for pending user, no exceptions -
 # A New user using created account having admin role given user-pending role. When logs in again sees the screen intended for pending user, no exceptions -

> ssh account auto-provisioning fails for "gateway-user"?
> -------------------------------------------------------
>
>                 Key: AIRAVATA-2594
>                 URL: https://issues.apache.org/jira/browse/AIRAVATA-2594
>             Project: Airavata
>          Issue Type: Bug
>            Reporter: Marcus Christie
>            Assignee: Marcus Christie
>            Priority: Major
>
> Seeing this error in the logs when Stephen logged in to dev.seagrid.org shortly after getting the gateway-user role:
> {noformat}
> [2017-11-16 01:54:20] production.ERROR: exception 'Airavata\API\Error\AuthorizationException' with message 'User is not
>  authenticated or authorized.' in /var/www/portals/dev-seagrid/app/libraries/Airavata/API/Airavata.php:51978
> Stack trace:
> #0 /var/www/portals/dev-seagrid/app/libraries/Airavata/API/Airavata.php(11933): Airavata\API\Airavata_getGatewayResourc
> eProfile_result->read(Object(Thrift\Protocol\TBinaryProtocol))
> #1 /var/www/portals/dev-seagrid/app/libraries/Airavata/API/Airavata.php(11893): Airavata\API\AiravataClient->recv_getGa
> tewayResourceProfile()
> #2 /var/www/portals/dev-seagrid/bootstrap/compiled.php(1452): Airavata\API\AiravataClient->getGatewayResourceProfile(Ob
> ject(Airavata\Model\Security\AuthzToken), 'seagrid')
> #3 /var/www/portals/dev-seagrid/app/libraries/CRUtilities.php(549): Illuminate\Support\Facades\Facade::__callStatic('ge
> tGatewayResou...', Array)
> #4 /var/www/portals/dev-seagrid/app/libraries/CRUtilities.php(549): Airavata\Facades\Airavata::getGatewayResourceProfil
> e(Object(Airavata\Model\Security\AuthzToken), 'seagrid')
> #5 /var/www/portals/dev-seagrid/app/libraries/URPUtilities.php(187): CRUtilities::getGatewayResourceProfile()
> #6 /var/www/portals/dev-seagrid/app/controllers/AccountController.php(310): URPUtilities::setup_auto_provisioned_accoun
> ts()
> #7 /var/www/portals/dev-seagrid/app/controllers/AccountController.php(178): AccountController->initializeWithAiravata('
> stephenpaul2727', 'stephenpaul2727...', 'Stephen', 'Adithela', 'eyJhbGciOiJSUzI...', 'eyJhbGciOiJSUzI...', 1510798758)
> #8 [internal function]: AccountController->loginSubmit()
> #9 /var/www/portals/dev-seagrid/vendor/laravel/framework/src/Illuminate/Routing/Controller.php(231): call_user_func_arr
> ay(Array, Array)
> #10 /var/www/portals/dev-seagrid/bootstrap/compiled.php(3819): Illuminate\Routing\Controller->callAction('loginSubmit',
>  Array)
> #11 /var/www/portals/dev-seagrid/bootstrap/compiled.php(3807): Illuminate\Routing\ControllerDispatcher->call(Object(Acc
> ountController), Object(Illuminate\Routing\Route), 'loginSubmit')
> #12 /var/www/portals/dev-seagrid/bootstrap/compiled.php(3012): Illuminate\Routing\ControllerDispatcher->dispatch(Object
> (Illuminate\Routing\Route), Object(Illuminate\Http\Request), 'AccountControll...', 'loginSubmit')
> #13 [internal function]: Illuminate\Routing\Router->Illuminate\Routing\{closure}()
> #14 /var/www/portals/dev-seagrid/bootstrap/compiled.php(3370): call_user_func_array(Object(Closure), Array)
> #15 /var/www/portals/dev-seagrid/bootstrap/compiled.php(3037): Illuminate\Routing\Route->run(Object(Illuminate\Http\Req
> uest))
> #16 /var/www/portals/dev-seagrid/bootstrap/compiled.php(3025): Illuminate\Routing\Router->dispatchToRoute(Object(Illumi
> nate\Http\Request))
> #17 /var/www/portals/dev-seagrid/bootstrap/compiled.php(702): Illuminate\Routing\Router->dispatch(Object(Illuminate\Htt
> p\Request))
> #18 /var/www/portals/dev-seagrid/bootstrap/compiled.php(678): Illuminate\Foundation\Application->dispatch(Object(Illumi
> nate\Http\Request))
> #19 /var/www/portals/dev-seagrid/bootstrap/compiled.php(5797): Illuminate\Foundation\Application->handle(Object(Illumin
> ate\Http\Request), 1, true)
> #20 /var/www/portals/dev-seagrid/bootstrap/compiled.php(6404): Illuminate\Session\Middleware->handle(Object(Illuminate\
> Http\Request), 1, true)
> #21 /var/www/portals/dev-seagrid/bootstrap/compiled.php(6351): Illuminate\Cookie\Queue->handle(Object(Illuminate\Http\R
> equest), 1, true)
> #22 /var/www/portals/dev-seagrid/bootstrap/compiled.php(8367): Illuminate\Cookie\Guard->handle(Object(Illuminate\Http\R
> equest), 1, true)
> #23 /var/www/portals/dev-seagrid/bootstrap/compiled.php(639): Stack\StackedHttpKernel->handle(Object(Illuminate\Http\Re
> quest))
> {noformat}
> Possibly gateway-user isn't authorized to make the getGatewayResourceProfile method call.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)