You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
DSS Forbidden Exceptions look like this, we should have a way to identify the service account that was being used with the request, otherwise it can get difficult to trace down issues with service accounts...
This issue might need to be transfered to Fusillade, to have them return the service account that was used for the evaluation.
2019-11-28 04:24:22,529 - receiver.CreateBundleReceiver - ERROR in receiver.py:74 on_message(): ERROR: An error occurred while putting bundle in DSS: Forbidden: User is not authorized to access this resource:
{'evaluation_results': [{'EvalActionName': 'dss:PutBundle', 'EvalDecision': 'implicitDeny', 'EvalResourceName': 'arn:hca:dss:staging:*:bundle/acb70dc2-8fb5-402b-890e-811e252941e0/2019-11-28T040452.013060Z', 'MatchedStatements': [], 'MissingContextValues': ['fus:user', 'fus:group_id']}], 'reason': 'Permission was implicitly denied.', 'result': False} (HTTP 403). Details:
Traceback (most recent call last):
File "/var/task/chalicelib/dss/error.py", line 72, in wrapper
return func(*args, **kwargs)
File "/var/task/chalicelib/dss/api/bundles/__init__.py", line 196, in put
[f'arn:hca:dss:{Config.deployment_stage()}:*:bundle/{uuid}/{version}'])
File "/var/task/chalicelib/dss/util/security.py", line 131, in assert_authorized
raise DSSForbiddenException(title=f"User is not authorized to access this resource:\n{resp_json}")
dss.error.DSSForbiddenException
Traceback (most recent call last):
File "/app/src/hca-ingest/ingest/api/dssapi.py", line 142, in put_bundle
creator_uid=self.creator_uid
File "/usr/local/lib/python3.7/site-packages/hca/util/__init__.py", line 197, in __call__
return self._consume_response(self._request(kwargs))
File "/usr/local/lib/python3.7/site-packages/hca/util/__init__.py", line 185, in _request
raise SwaggerAPIException(response=res)
hca.util.exceptions.SwaggerAPIException: Forbidden: User is not authorized to access this resource:
{'evaluation_results': [{'EvalActionName': 'dss:PutBundle', 'EvalDecision': 'implicitDeny', 'EvalResourceName': 'arn:hca:dss:staging:*:bundle/acb70dc2-8fb5-402b-890e-811e252941e0/2019-11-28T040452.013060Z', 'MatchedStatements': [], 'MissingContextValues': ['fus:user', 'fus:group_id']}], 'reason': 'Permission was implicitly denied.', 'result': False} (HTTP 403). Details:
Traceback (most recent call last):
File "/var/task/chalicelib/dss/error.py", line 72, in wrapper
return func(*args, **kwargs)
File "/var/task/chalicelib/dss/api/bundles/__init__.py", line 196, in put
[f'arn:hca:dss:{Config.deployment_stage()}:*:bundle/{uuid}/{version}'])
File "/var/task/chalicelib/dss/util/security.py", line 131, in assert_authorized
raise DSSForbiddenException(title=f"User is not authorized to access this resource:\n{resp_json}")
dss.error.DSSForbiddenException
The text was updated successfully, but these errors were encountered:
DSS Forbidden Exceptions look like this, we should have a way to identify the service account that was being used with the request, otherwise it can get difficult to trace down issues with service accounts...
This issue might need to be transfered to Fusillade, to have them return the service account that was used for the evaluation.
The text was updated successfully, but these errors were encountered: