system user + cicd role problem

AudriusDai commented 2 years ago

The setup

There is a system user created with ci/cd role assigned. This user also is assigned to the team which has two applications linked (customer & provider). The team also has access to relevant environments.

The ci/cd role has these settings:

Record deployments and releases (unchecked)
Record deployments and releases for your team (checked)

Which means that this system user has to be able to mark the contracts for this team as deployed.

Problem

With the system user read/write token, I try to mark the provider's OAS contract as deployed. However the access is not granted - 403 is returned with the message:

status=403 Forbidden. Either you are using a read only token for a request that requires a write token (the most likely cause), or you do not have the required permissions.

Quick solution

I go to ci/cd role and change these settings:

Record deployments and releases (checked)
Record deployments and releases for your team (unchecked)

It starts to work after that.

Question

Is this expected behaviour? I've assumed that when the ci/cd role has just this Record deployments and releases for your team setting ticked, then you are limiting the system user to be able to act only on the team projects.

Thanks in advance!

bethesque commented 2 years ago

Hi Audrius,

I've been able to reproduce your issue and it looks like a bug to me. We'll get it fixed for you.

bethesque commented 2 years ago

Hi @AudriusDai. I've released this fix in the Pactflow SaaS platform.

pactflow / roadmap