Open vjrj opened 2 years ago
Maybe it's an authorization error in userdetails, @jloomisVCE can you check if your image-service IP is allowed to get user details?
I ask myself, in my test environment, is allowed and still fails with 403:
If helps, reindexImages
works:
https://github.com/AtlasOfLivingAustralia/image-service/blob/b1481e3b18e63147f7979f3a9cfcee080e96a3e8/grails-app/controllers/au/org/ala/images/AdminController.groovy#L358
but scheduleArtifactGeneration
and other admin tools (like scheduleKeywordRegeneration
) fails with 403:
https://github.com/AtlasOfLivingAustralia/image-service/blob/b1481e3b18e63147f7979f3a9cfcee080e96a3e8/grails-app/controllers/au/org/ala/images/ImageController.groovy#L515
Maybe the key is a collision between the api calls that require an apikey
and the /admin
UI calls https://github.com/AtlasOfLivingAustralia/image-service/blob/b1481e3b18e63147f7979f3a9cfcee080e96a3e8/grails-app/controllers/au/org/ala/images/WebServiceController.groovy#L156
sorry for the verbosity.
PS: curl calls with an ApiKey works:
curl -X POST https://images.vtatlasoflife.org/ws/scheduleArtifactGeneration/0b2af3c3-3c8c-4e49-8014-ffa367cb266c -H "apiKey: SOME-VALID-API-KEY"
{"success":true,"message":"Image artifact generation scheduled for image 862245"}%
@jloomisVCE and me just discovered that many admin tools fails with a 403 error and some error like:
See screenshot:
Adding the IP to the whitelist variable did not solve the issue. The user has the
ROLE_ADMIN
role and theROLE_IMAGE_ADMIN
Tested with
image-service
1.1.5.1
and1.1.7.1
.Sounds like a bug more than a config issue? Any tip?