Hi,
I can't create stream anymore: XML-RPC error 403: Only a member of group 'linaro' could create this stream
ps: used to work, I'm creating streams on a weekly basis....most likely a recent change.
Cheers,
On 30/07/2013, Fathi Boudra fathi.boudra@linaro.org wrote:
Hi,
I can't create stream anymore: XML-RPC error 403: Only a member of group 'linaro' could create this stream
ps: used to work, I'm creating streams on a weekly basis....most likely a recent change.
We did change the XML-RPC URL for validation. Both validation.linaro.org/RPC2/ and validation.linaro.org/lava-server/RPC2/ were supposed to work but I noticed some issues today with validation.linaro.org/lava-server/RPC2/.
If you have not already tried, auth-add using the new URL and try to create a stream?
Cheers,
Fathi Boudra Builds and Baselines Manager | Release Manager Linaro.org | Open source software for ARM SoCs
linaro-validation mailing list linaro-validation@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-validation
This is an issue, I was able to reproduce this locally.
On 30/07/2013, Tyler Baker tyler.baker@linaro.org wrote:
On 30/07/2013, Fathi Boudra fathi.boudra@linaro.org wrote:
Hi,
I can't create stream anymore: XML-RPC error 403: Only a member of group 'linaro' could create this stream
ps: used to work, I'm creating streams on a weekly basis....most likely a recent change.
We did change the XML-RPC URL for validation. Both validation.linaro.org/RPC2/ and validation.linaro.org/lava-server/RPC2/ were supposed to work but I noticed some issues today with validation.linaro.org/lava-server/RPC2/.
If you have not already tried, auth-add using the new URL and try to create a stream?
Cheers,
Fathi Boudra Builds and Baselines Manager | Release Manager Linaro.org | Open source software for ARM SoCs
linaro-validation mailing list linaro-validation@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-validation
-- Tyler Baker Technical Architect, LAVA Linaro.org | Open source software for ARM SoCs Follow Linaro: http://www.facebook.com/pages/Linaro http://twitter.com/#%21/linaroorg - http://www.linaro.org/linaro-blog
Hello,
On Tue, 30 Jul 2013 23:33:42 -0700 Tyler Baker tyler.baker@linaro.org wrote:
This is an issue, I was able to reproduce this locally.
Well, this looks
Aha, so it seems that Antonio didn't revert change
+ "OPENID_LAUNCHPAD_TEAMS_MAPPING": { + "linaro-lava-access": "linaro-lava-access" + },
On 30/07/2013, Tyler Baker tyler.baker@linaro.org wrote:
On 30/07/2013, Fathi Boudra fathi.boudra@linaro.org wrote:
Hi,
I can't create stream anymore: XML-RPC error 403: Only a member of group 'linaro' could create this stream
Well, this looks either related to getting rid of groups mapping we deployed yesterday, or to Antonio's possibly incomplete revert of it yesterday. But for revert, the message doesn't make sense, so it's probably due to original "getting rid of".
But whatever it is, please pay attention to the error message: we don't have group "linaro" any more, so the proper fix would be to fix ACLs or whatever control that to reference proper group (which should be "linaro-lava-access"). So let's fix it properly, applying another round of "mapping" workarounds will just make it more and more confusing.
ps: used to work, I'm creating streams on a weekly basis....most likely a recent change.
We did change the XML-RPC URL for validation. Both validation.linaro.org/RPC2/ and validation.linaro.org/lava-server/RPC2/ were supposed to work but I noticed some issues today with validation.linaro.org/lava-server/RPC2/.
If you have not already tried, auth-add using the new URL and try to create a stream?
Cheers,
Fathi Boudra Builds and Baselines Manager | Release Manager Linaro.org | Open source software for ARM SoCs
linaro-validation mailing list linaro-validation@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-validation
-- Tyler Baker Technical Architect, LAVA Linaro.org | Open source software for ARM SoCs Follow Linaro: http://www.facebook.com/pages/Linaro http://twitter.com/#%21/linaroorg - http://www.linaro.org/linaro-blog
On Wed, 31 Jul 2013 13:19:57 +0300 Paul Sokolovsky Paul.Sokolovsky@linaro.org wrote:
Hello,
On Tue, 30 Jul 2013 23:33:42 -0700 Tyler Baker tyler.baker@linaro.org wrote:
This is an issue, I was able to reproduce this locally.
Well, this looks
Aha, so it seems that Antonio didn't revert change
- "OPENID_LAUNCHPAD_TEAMS_MAPPING": {
"linaro-lava-access": "linaro-lava-access"- },
Please disregard this part of message, part of initial draft ;-)
On Wed, 31 Jul 2013 13:19:57 +0300 Paul Sokolovsky Paul.Sokolovsky@linaro.org wrote:
[]
I can't create stream anymore: XML-RPC error 403: Only a member of group 'linaro' could create this stream
Well, this looks either related to getting rid of groups mapping we deployed yesterday, or to Antonio's possibly incomplete revert of it yesterday. But for revert, the message doesn't make sense, so it's probably due to original "getting rid of".
But whatever it is, please pay attention to the error message: we don't have group "linaro" any more, so the proper fix would be to fix ACLs or whatever control that to reference proper group (which should be "linaro-lava-access"). So let's fix it properly, applying another round of "mapping" workarounds will just make it more and more confusing.
Argh:
user_name, group_name, slug, is_public, is_anonymous = BundleStream.parse_pathname(pathname)
So, it takes group_name from bundle path, and then expects user to be member of that group. And we don't have "linaro" group for LAVA usage any more, but kinda still want to create bundle streams with that in the path.
Fairly speaking, I don't know what to do. My stance would be to avoid any exceptions to the general rule - if bundle stream path requires inclusion of name of the group, then it always should be name of real group, not something else (because something else can be anything, and this negates original rule and leads to confusion). Otherwise, it shows that applying ACLs based on the path of stream wasn't exactly the brightest choice - names and access restrictions tend to change independently in the real world.
ps: used to work, I'm creating streams on a weekly basis....most likely a recent change.
We did change the XML-RPC URL for validation. Both validation.linaro.org/RPC2/ and validation.linaro.org/lava-server/RPC2/ were supposed to work but I noticed some issues today with validation.linaro.org/lava-server/RPC2/.
If you have not already tried, auth-add using the new URL and try to create a stream?
Cheers,
Fathi Boudra Builds and Baselines Manager | Release Manager Linaro.org | Open source software for ARM SoCs
linaro-validation mailing list linaro-validation@lists.linaro.org http://lists.linaro.org/mailman/listinfo/linaro-validation
-- Tyler Baker Technical Architect, LAVA Linaro.org | Open source software for ARM SoCs Follow Linaro: http://www.facebook.com/pages/Linaro http://twitter.com/#%21/linaroorg - http://www.linaro.org/linaro-blog
On Wed, 31 Jul 2013 13:34:45 +0300 Paul Sokolovsky Paul.Sokolovsky@linaro.org wrote:
[]
Argh:
user_name, group_name, slug, is_public, is_anonymous = BundleStream.parse_pathname(pathname)
So, it takes group_name from bundle path, and then expects user to be member of that group. And we don't have "linaro" group for LAVA usage any more, but kinda still want to create bundle streams with that in the path.
Fairly speaking, I don't know what to do. My stance would be to avoid any exceptions to the general rule - if bundle stream path requires inclusion of name of the group, then it always should be name of real group, not something else (because something else can be anything, and this negates original rule and leads to confusion). Otherwise, it shows that applying ACLs based on the path of stream wasn't exactly the brightest choice - names and access restrictions tend to change independently in the real world.
We discussed this situation with Dave and Antonio and concluded that the solution of the least resistance is to reinstate and keep supporting linaro-lava-access (real group) -> linaro (viertual group) group mapping. Other alternative is to analyze impact of switching everyone to the real linaro-lava-access group, possibly migrating bundle streams, and making sure everyone used new bundle streams - something we didn't plan for and have lot of other useful work instead.
So, group mapping was reinstated and Fathi confirmed success with creating the stream. I'm going to work to add group mapping support to django-crowd-rest-backend, so Crowd switchover for LAVA is delayed a bit.
linaro-validation@lists.linaro.org
-
Fathi Boudra -
Paul Sokolovsky -
Tyler Baker