Cannot download some arb apps during review

I've seen this inconsistently, usually you can close the browser tab and start a new one. Trying this download worked for me the first time so the problem is inconsistent. Seems to be a openid/myapps handoff issue?

This problem has been fairly persistent for me, the error message I usually see is "Either you have not been granted access to this resource or your entitlement has timed out. Please try again.". While I've been able to download some apps for review, there are a number where I haven't been able to get at the submitted tarball.

Right - for apps that begin their life as a non-arb app, but are later switched, they currently don't have the package upload copied over from private->public. Other apps that are arb from the start (ie. from when the dev initially submits the app) will already have public package uploads.

Let me know if this doesn't fit the scenario you're seeing Andrew and John. I'll put a branch together to fix it now, in the hope that it matches. My one concern is that if a developer uploads something that they want to be private, that a reviewer can potentially send the app to the arb queue, which will make the package upload public.

Related to that concern mentioned in comment #3, rather than making the package upload public, would it be ok to leave it private but ensure it is accessible to arb reviewers when it is an arb app? That would be safer for the moment, IMO, until some decision is made on whether it should always be public once switched to arb (or has that been decided?)

I believe there are two threads here then. While ARB apps are one thing. I see it on the proprietary app side as well, albeit inconsistently. I think it may affect all apps and possibly related to auth timeouts?

@jpugh - Right - yes, your original error message does indeed look like an openid/sso issue - do you see an oops id at all in the response? I'd focused on ajmitch's issue, which is was something different, but something I could actually fix.

We have experienced a number of openid/sso issues lately with our services - I've been logging them at:
https://bugs.launchpad.net/canonical-identity-provider/+bug/873228

and would be keen to be able to find out more details about the issue that you see. In particular, if next time you experience this you can check for an oops id, and if there is non displayed, write down the exact time that you experienced the issue and I'll go through the logs.

Thanks!

No oops id so I'll log the time and post it next time I run into the issue.

Just got the issue then on "Patricia's Quest for Sun"

From jpugh:

Just had 404 whilst trying to download a file...
https://myapps.developer.ubuntu.com/site_media/packages/2011/10/JavaTest1.jar

Error msg:
The requested URL /site_media/packages/openid/ was not found on this server.

15 Nov 1729 ET or 2230 GMT

Trying to download the app that corresponds to:
https://myapps.developer.ubuntu.com/dev/apps/279/

The second time I tried I got: The server reported an error

The third time was a success.

Hope that helps some...

For what its worth, this bug is preventing me from doing much ARB review. Only about half the applications I try to download will actually download; the rest encounter this bug :(

On Fri, Dec 2, 2011 at 4:48 PM, Luke Faraone <email address hidden> wrote:
> For what its worth, this bug is preventing me from doing much ARB
> review.  Only about half the applications I try to download will
> actually download; the rest encounter this bug :(

Hi Luke,

Assuming that the reason you can't download them is the one that's
fix-committed (ie. the upload was uploaded to the private area before
the app was marked as arb - which will be the case for most arb apps),
it'll be fixed with the next rollout.

In the mean time, the best I can suggest is that someone with normal
(non-arb) review access (jpugh?) download them all and put them
somewhere private where you can access them.

I think Luke is running into the same issue I am. He has access, but something in between the openid auth and fetching the file via http is failing preventing access (all I get is "server error").

I think eventually Luke can download, but I don't know if the fix that Anthony submitted fixes the intermittent download issue unrelated to rights.

Luke, you want to confirm your issue (there are two issues discussed in this thread, but I don't know which one was addressed by the fix)?

On Fri, Dec 2, 2011 at 6:26 PM, John Pugh <email address hidden> wrote:
> I think Luke is running into the same issue I am. He has access, but
> something in between the openid auth and fetching the file via http is
> failing preventing access (all I get is "server error").

Hi John - I'm just trying to clear up some confusion on this bug. I
could be missing something, but AFAIK, Luke has access to the ARB part
of the devportal, but he won't (or shouldn't) have access to private
package uploads which are for commercial applications (the ones which
require openid access). Only commercial reviewers should be able to
access those [1], so the fact that Luke was being even asked for any
authentication when downloading a package for an ARB app is the bug
that was fixed here.

>
> I think eventually Luke can download, but I don't know if the fix that
> Anthony submitted fixes the intermittent download issue unrelated to
> rights.

The branch attached to this bug (and the reason it was marked
fix-committed by achuni) fixes an issue where applications that were
switched from commercial->ARB have their packages left in the private
area, and not made available publicly. So when this fix is released,
Luke (and all other ARB reviewers) should be able to download all new
ARB application packages without requiring any authentication. (Note
to achuni: For existing ARB applications, we'll need to run a script
once this fix is released [2])

It doesn't address the openid issue that you experienced (as a person
with commercial access trying to access private package uploads) -
that will require further investigation, and so I've created a
separate bug 900185 for the openid issue (referring back to this one)
so that you and achuni can discuss that.

In the mean time, if luke can currently download any private packages
(as you mentioned above), then please let us know (as something is
mis-configured), but otherwise, it would be great if those ARB apps
that are still private due to the bug could be made available
elsewhere so he's not blocked. I don't have ARB access to devportal,
otherwise I'd do it now. I can help out if given access.

Hope that helps!

[1] https://launchpad.net/~myapps-reviewers/+members
[2] JFTR, basically:
{{{
arb_apps = Application.objects.filter(arb_reviewable=True)
for app in arb_apps:
    app.ensure_access_to_upload()
}}}

Anthony just had the script (from comment 13) run on production just now so all previously created arb apps will now have public packages available for download.

Yes, confirmed. I couldn't find any that was not downloadable. :-)