[BUG] [ws-sbom-generator] unable to get orgName?

[pritidesai]

Bug Description

ws_sbom_generator fails with an error message saying user token has insufficient permissions:

ws_sbom_generator -u  $WS_USERKEY \
    -s $WS_PROJECT_TOKEN \
    -k $WS_APIKEY \
    -a <my-whitesource> \
    -t json \
    -e sbom_extra.json
INFO 2022-01-20 21:06:54,441 4621884928 sbom_generator: Creating SBOM report per project in product: My Product
INFO 2022-01-20 21:06:55,075 4621884928 sbom_generator: Creating SBOM Document from WhiteSource project: 'MyProject'
Traceback (most recent call last):
  File "/usr/local/bin/ws_sbom_generator", line 8, in <module>
    sys.exit(main())
  File "/usr/local/lib/python3.8/site-packages/ws_sbom_generator/sbom_generator.py", line 400, in main
    file_paths = create_sbom_doc(scope['token'])
  File "/usr/local/lib/python3.8/site-packages/ws_sbom_generator/sbom_generator.py", line 48, in create_sbom_doc
    doc.creation_info = create_creation_info(args.ws_conn.get_name(),
  File "/usr/local/lib/python3.8/site-packages/ws_sdk/web.py", line 646, in get_name
    return self.get_organization_details()['orgName']
  File "/usr/local/lib/python3.8/site-packages/ws_sdk/web.py", line 50, in wrapper
    return function.__call__(*args, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/ws_sdk/web.py", line 632, in get_organization_details
    org_details = self._generic_get(get_type='Details')
  File "/usr/local/lib/python3.8/site-packages/ws_sdk/web.py", line 259, in _generic_get
    return self.call_ws_api(request_type=f"get{token_type.capitalize()}{get_type}", kv_dict=kv_dict)
  File "/usr/local/lib/python3.8/site-packages/ws_sdk/web.py", line 227, in call_ws_api
    __handle_ws_server_errors(resp.text)
  File "/usr/local/lib/python3.8/site-packages/ws_sdk/web.py", line 193, in __handle_ws_server_errors
    raise WsSdkServerInsufficientPermissions(body[token])
ws_sdk.ws_errors.WsSdkServerInsufficientPermissions: User token: xxxx has insufficient permissions

The API Key provided with -k is a valid api key but I am seeing error where it says the User Token has insufficient permissions. I have been able to successfully generate reports until December of last year. Sorry for ambiguity, but has anything changed where its trying to get orgName. I am investigating whitesource settings at my end as well. Thanks!

[tamari-oz]

Hi, It probably means the the passed user key (-u) has insufficient permission to generate the report. In the current GA version of the tool in order to get the organization name dynamically, "Organization Administrator" permission is mandatory.

I just released version v0.3.9a1 that allows using "Product Administrators" permission (on the product or project you want to generate report on). To install it: pip install ws-sbom-generator==0.3.9a1

Let me know if this clarifies this.

[pritidesai]

thank you @tamari-oz I was able to work with the latest version 0.3.9.a1 and generate SBOM with the same configuration and API Key.

The report is produced but I am seeing this kind of warning:

White Source Unified Agent does not exist in path: '/tmp/sdk/wss-unified-agent.jar'

Is this by design and expected to have the agent exist at this location? or will be fixed in future?

[tamari-oz]

Yes. For now you can ignore the error. GA version 0.3.9 is out.

[pritidesai]

Ran into the same permission issue with 0.3.9, 0.3.9a1 works fine.

[tamari-oz]

Thanks. Just release GA 0.3.10.

[NatalyaDalid]

Hey @pritidesai, Please let us know if the issue is solved and can be closed.

Thanks, WhiteSource PS Team

[rammatzkvosky]

Hi @pritidesai ,

Was this issue solved and the can be closed ?

Thanks, WhiteSource PS Team

[pritidesai]

@NatalyaDalid @rammatzkvosky I haven't been able to verify. Do you cover this in your internal testing such that its tested well without anyone verifying it manually?

I am happy to reopen this issue if I am still running into it.

/close

[rammatzkvosky]

Hi @pritidesai , yes it was tested internally. See also Permissions to run the tool section.