vjrj
commented
2 years ago Maybe it's an authorization error in userdetails, @jloomisVCE can you check if your image-service IP is allowed to get user details?
Open vjrj opened 2 years ago
vjrj
commented
2 years ago Maybe it's an authorization error in userdetails, @jloomisVCE can you check if your image-service IP is allowed to get user details?
vjrj
commented
2 years ago I ask myself, in my test environment, is allowed and still fails with 403:
vjrj
commented
2 years ago If helps, reindexImages works:
https://github.com/AtlasOfLivingAustralia/image-service/blob/b1481e3b18e63147f7979f3a9cfcee080e96a3e8/grails-app/controllers/au/org/ala/images/AdminController.groovy#L358
but scheduleArtifactGeneration and other admin tools (like scheduleKeywordRegeneration) fails with 403:
https://github.com/AtlasOfLivingAustralia/image-service/blob/b1481e3b18e63147f7979f3a9cfcee080e96a3e8/grails-app/controllers/au/org/ala/images/ImageController.groovy#L515
vjrj
commented
2 years ago Maybe the key is a collision between the api calls that require an apikey and the /admin UI calls https://github.com/AtlasOfLivingAustralia/image-service/blob/b1481e3b18e63147f7979f3a9cfcee080e96a3e8/grails-app/controllers/au/org/ala/images/WebServiceController.groovy#L156
sorry for the verbosity.
PS: curl calls with an ApiKey works:
curl -X POST https://images.vtatlasoflife.org/ws/scheduleArtifactGeneration/0b2af3c3-3c8c-4e49-8014-ffa367cb266c -H "apiKey: SOME-VALID-API-KEY"
{"success":true,"message":"Image artifact generation scheduled for image 862245"}%
@jloomisVCE and me just discovered that many admin tools fails with a 403 error and some error like:
See screenshot:
Adding the IP to the whitelist variable did not solve the issue. The user has the
ROLE_ADMINrole and theROLE_IMAGE_ADMINTested with
image-service1.1.5.1and1.1.7.1.Sounds like a bug more than a config issue? Any tip?