Page MenuHomeSoftware Heritage
Create Task
Maniphest T2057

Check and fix HAL-preprod `forbidden` error
Closed, MigratedEdits Locked
Actions

Description

When testing with hal-preprod, I get the following error on the interface page:

SWORD SWH response: Forbidden

Related Objects
Search...

Event Timeline

moranegg triaged this task as Normal priority.Nov 5 2019, 10:42 AM
moranegg created this task.
moranegg mentioned this in T2051: Fix loading process for deposits.Nov 5 2019, 10:56 AM
moranegg added a comment.Sep 17 2020, 11:29 AM

I have tested today at 11.20 with the same error on HAL's platform.
@ardumont : can you check what the logs say about that?
I think it's about the client credentials, they use the HAL prod credentials and they are listed as HAL preprod client.

ardumont added a comment.Sep 17 2020, 3:42 PM

logs confirm 403 responses (forbidden access) [1]. They are using the wrong credentials.

I did not remember exactly the detail so here is a quote [2]

HTTP 403 provides a distinct error case from HTTP 401; while HTTP 401 is returned when the client has not authenticated, and implies that a successful response may be returned following valid authentication, HTTP 403 is returned when the client is not permitted access to the resource despite providing authentication such as insufficient permissions of the authenticated account.

[1] Logs excerpt coming from kibana:

	Time	message
	2020-09-17T11:24:21.563	2020-09-17 09:24:21 [1015935] gunicorn.access:INFO 127.0.0.1 - hal-preprod [17/Sep/2020:09:24:21 +0000] "POST /1/hal/ HTTP/1.1" 403 285 "-" "-"
	2020-09-17T11:24:21.562	[17/Sep/2020 09:24:21] WARNING [django.request:228] Forbidden: /1/hal/
	2020-09-17T11:24:21.562	2020-09-17 09:24:21 [1015935] django.request:WARNING Forbidden: /1/hal/
	2020-09-17T11:24:21.239	2020-09-17 09:24:21 [1015935] swh.core.config:INFO Loading config file /etc/softwareheritage/deposit/server.yml
	2020-09-17T11:24:21.227	2020-09-17 09:24:21 [1015935] swh.core.config:INFO Loading config file /etc/softwareheritage/global.ini
	2020-09-17T11:20:17.808	2020-09-17 09:20:17 [1015933] gunicorn.access:INFO 127.0.0.1 - hal-preprod [17/Sep/2020:09:20:17 +0000] "POST /1/hal/ HTTP/1.1" 403 285 "-" "-"
	2020-09-17T11:20:17.806	2020-09-17 09:20:17 [1015933] django.request:WARNING Forbidden: /1/hal/
	2020-09-17T11:20:17.805	[17/Sep/2020 09:20:17] WARNING [django.request:228] Forbidden: /1/hal/
	2020-09-17T11:20:17.318	2020-09-17 09:20:17 [1015933] swh.core.config:INFO Loading config file /etc/softwareheritage/deposit/server.yml
	2020-09-17T11:20:17.302	2020-09-17 09:20:17 [1015933] swh.core.config:INFO Loading config file /etc/softwareheritage/global.ini

source: http://kibana0.internal.softwareheritage.org:5601/goto/ba9cdc6e272f0183549ddede406b4ac8

[2] https://en.wikipedia.org/wiki/HTTP_403#Specification

moranegg added a comment.Sep 17 2020, 4:33 PM

I've sent an email (@ardumont in CC) to Bruno and Yannick about this error and about T2611.

ardumont added a comment.EditedSep 22 2020, 3:59 PM

The hal-preprod credentials are correct, we double checked with @moranegg.

It hit me during the second pass... (but we can see it in the logs already /1/hal/)

They are using the hal-preprod user but they try to access the hal collection... That's forbidden.

hal-preprod user can access the hal-preprod collection, not another client collection.

The logs need to be improved so the error and the cause of the error are displayed because i'm pretty sure this behavior is coded in the deposit...

ardumont changed the task status from Open to Work in Progress.Sep 22 2020, 3:59 PM
moranegg closed subtask T2611: Check and fix HAL-prod `Application error` as Wontfix.Sep 22 2020, 10:47 PM
ardumont added a comment.Sep 23 2020, 10:35 AM

The logs need to be improved so the error and the cause of the error are displayed because i'm pretty sure this behavior is coded in the deposit...

T2626

moranegg raised the priority of this task from Normal to High.Sep 30 2020, 11:28 AM
moranegg moved this task from In progress to Landed/Tests/Validations (staging) on the SWORD deposit board.
ardumont added a comment.Oct 1 2020, 6:23 PM

heads up on this, we have nothing more to do on swh side.

And a priori, discussing with @moranegg yesterday about it, work has been done
on the hal side.

ardumont removed ardumont as the assignee of this task.Oct 1 2020, 6:23 PM
ardumont added a subscriber: ardumont.
moranegg closed this task as Resolved.Nov 3 2020, 10:13 AM
ardumont moved this task from Landed/Tests/Validations (staging) to Deployed on the SWORD deposit board.Nov 20 2020, 10:18 AM
gitlab-migration changed the task status from Resolved to Migrated.Jan 8 2023, 4:28 PM
gitlab-migration claimed this task.
gitlab-migration added a subscriber: gitlab-migration.

This task has been migrated to GitLab.

gitlab-migration changed the status of subtask T2611: Check and fix HAL-prod `Application error` from Wontfix to Migrated.Jan 8 2023, 4:31 PM
About · Developer information · Legal