USACE / cwms-data-api

Corps Water Management System RESTful Data Service
MIT License
13 stars 14 forks source link

CWBI-test time series get endpoint is not working user not authorized error. #822

Open Enovotny opened 3 months ago

Enovotny commented 3 months ago

getting a user not authorized for getting time series values in CWBI-test. I have tried multiple offices and getting the same error. It might be an issue with the schema update since after I updated the schema I had to give CWMS permissions to office 'HQ' for CWMS_A2W to work again. I am not sure if this is a similar issue with CDA.

image

image

krowvin commented 3 months ago

I attempted to deploy the latest release of CDA to cwms-data earlier this week and failed due to this same error.

I reverted back and am awaiting a resolution to this issue to proceed.

Enovotny commented 3 months ago

good to know then it isn't a database schema issue it is a CDA issue since the new schema wasn't rolled out to the DMZ.

MikeNeilson commented 3 months ago

Could be the HQ office issue, that's the office it likely defaults to for the session for read, the office provide in that case is just used for lookup in the tables, not permissions.

Enovotny commented 3 months ago

what user would I need to give HQ permissions to? Also would we need to add that to every district database as well? is this a database schema thing or a change in CDA? seems to be CDA since the database Charles was looking at was not updated to the latest schema.

MikeNeilson commented 3 months ago

i think it's called "radar user", but the name will be the secrets you can lookup.

For the districts. no, those default to the office in the context name (e.g. spk-data) for the session.

Enovotny commented 3 months ago

@MikeNeilson so I had to give RADAR permissions to CWMS_USER for MVP to get data form MVP. Looks like we would need to do this for all offices? Writing seems to be fine since I am able to still write data from LRL. Also appears to only be an issues with timeseries data so far as I can tell. Should we assign permissions to all offices or should we make a fix on the CDA side?

MikeNeilson commented 3 months ago

do you mean you granted the role? It should also have web_user which should take care of that.

If you meant CWMS Users, then yeah, all of the weba users should already have it, not sure why it wouldn't gone away.

Enovotny commented 3 months ago

yeah CWMS Users to RADAR

BEGIN cwms_20.cwms_sec.create_user('RADAR',null,cwms_20.char_32_array_type('CWMS Users'),'MVP'); END;

MikeNeilson commented 3 months ago

Oh you had to add MVS, wow. Hmm, well, probably the easiest thing to do is just add them all. I'll look at it later. Was planning to revamp some of that design anyways so would rather not get too hung up on it right now.