You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2022/12/13 21:21:37 UTC

[GitHub] [trafficcontrol] ocket8888 opened a new issue, #7245: /jobs Tenancy check erroneously fails

ocket8888 opened a new issue, #7245:
URL: https://github.com/apache/trafficcontrol/issues/7245

   ## This Bug Report affects these Traffic Control components:
   - Traffic Ops
   
   ## Current behavior:
   When a user in the root Tenant (possibly any Tenant, untested) attempts to create a new "Job" via a POST request to `/jobs` (APIv4.0 verified), the endpoint responds with a `404 Not Found` response with an accompanying error-level Alert saying that the user was rejected access on the basis of Tenancy.
   
   ## Expected behavior:
   Rejecting a request due to insufficient permissions should be a `403 Forbidden` response, not `404 Not Found`. Also, Tenancy checks should work.
   
   It's possible, though, that the Tenancy check isn't actually failing, and the error message is just incorrect due to copypasta. Further research needs to be done.
   
   ## Steps to reproduce:
   <details><summary>Request (done in developer environment)</summary>
   
   Note that both the user and the "dev" Delivery Service are in the root Tenant.
   
   ```http
   POST /api/4.0/jobs HTTP/1.1
   User-Agent: python-requests/2.25.1
   Accept-Encoding: gzip, deflate
   Accept: */*
   Connection: keep-alive
   Cookie:  ...
   Content-Length: 125
   
   {"deliveryService": "dev", "invalidationType": "REFRESH", "regex": "/.*", "startTime": "2022-12-14T00:00:00Z", "ttlHours": 5}
   ```
   
   (replace the startTime date with whatever "tomorrow" is when you're reading this)
   
   </details>
   
   <details><summary>Response</summary>
   
   ```http
   HTTP/1.1 404 Not Found
   Content-Encoding: gzip
   Content-Type: application/json
   Permissions-Policy: interest-cohort=()
   Set-Cookie: ...
   Vary: Accept-Encoding
   Whole-Content-Sha512: ...
   X-Server-Name: traffic_ops_golang/
   Date: Tue, 13 Dec 2022 21:16:02 GMT
   Content-Length: 97
   
   {
   	"alerts": [
   		{
   			"text": "failed to authorize based on tenancy",
   			"level": "error"
   		}
   	]
   }
   ```
   
   </details>
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficcontrol.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org