search

artefactual-labs / am

Development environment for Archivematica
https://archivematica.org
GNU Affero General Public License v3.0
10 stars 20 forks source link

Problem: bootstrap-storage-service make rule does not create a superuser #56

Closed jrwdunham closed 6 years ago

jrwdunham commented 6 years ago

The user created by 

bootstrap-storage-service:  ## Boostrap Storage Service (new database).
    ...
    docker-compose run \
        --rm \
        --entrypoint /src/storage_service/manage.py \
            archivematica-storage-service \
                create_user \
                    --username="test" \
                    --password="test" \
                    --email="test@test.com" \
                    --api-key="test"

Is not a Django superuser. As a result, the following call later on in make bootstrap will raise an exception:

docker-compose run \
    --rm \
    --entrypoint /src/dashboard/src/manage.py \
        archivematica-dashboard \
            install \
                --username="test" \
                --password="test" \
                --email="test@test.com" \
                --org-name="test" \
                --org-id="test" \
                --api-key="test" \
                --ss-url="http://archivematica-storage-service:8000" \
                --ss-user="test" \
                --ss-api-key="test"

archivematica.common:storageService:create_pipeline:107:  Creating pipeline in storage service with {'api_key': u'test', 'uuid': u'8eb5ee06-c39a-4180-8f42-fb9575d9f4e4', 'shared_path': '/var/archivematica/sharedDirectory/', 'api_username': u'test', 'create_default_locations': True, 'description': 'Archivematica on c38ce120ab79'}
WARNING   2018-06-20 04:03:15  archivematica.common:storageService:create_pipeline:113:  Unable to create Archivematica pipeline in storage service from {'api_key': u'test', 'uuid': u'8eb5ee06-c39a-4180-8f42-fb9575d9f4e4', 'shared_path': '/var/archivematica/sharedDirectory/', 'api_username': u'test', 'create_default_locations': True, 'description': 'Archivematica on c38ce120ab79'} because 401 Client Error: UNAUTHORIZED for url: http://archivematica-storage-service:8000/api/v2/pipeline/
Traceback (most recent call last):
  File "/src/archivematicaCommon/lib/storageService.py", line 111, in create_pipeline
    response.raise_for_status()
  File "/usr/local/lib/python2.7/site-packages/requests/models.py", line 935, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
HTTPError: 401 Client Error: UNAUTHORIZED for url: http://archivematica-storage-service:8000/api/v2/pipeline/
Traceback (most recent call last):
  File "/src/dashboard/src/manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 354, in execute_from_command_line
    utility.execute()
  File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 346, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 394, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 445, in execute
    output = self.handle(*args, **options)
  File "/src/dashboard/src/installer/management/commands/install.py", line 58, in handle
    setup_pipeline_in_ss(use_default_config=True)
  File "/src/dashboard/src/installer/steps.py", line 78, in setup_pipeline_in_ss
    api_key=api_key.key,
  File "/src/archivematicaCommon/lib/storageService.py", line 111, in create_pipeline
    response.raise_for_status()
  File "/usr/local/lib/python2.7/site-packages/requests/models.py", line 935, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: UNAUTHORIZED for url: http://archivematica-storage-service:8000/api/v2/pipeline/

The same type of error will happen when a pipeline makes an API call to the Storage Service to store an AIP using the async/ endpoint: the is_authenticated() call will pass, but the later call to super(PackageResource, self).obj_create(bundle, **kwargs) will raise an exception because the non-superuser will lack authorization to create a package resource.

jrwdunham commented 6 years ago

Fixed by merge of https://github.com/artefactual-labs/am/pull/57.