permission errors during submitting jobs are not clear

Bug #917390 reported by Marcin Juszkiewicz on 2012-01-16
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
LAVA Scheduler (deprecated)
Won't Fix
High
Michael Hudson-Doyle
Linaro XML-RPC application for Django
Undecided
Michael Hudson-Doyle

Bug Description

I decided to submit job to lava (with not existing test) so I logged there, took a look and go:

20:48 hrw@puchatek:lava$ lava-tool submit-job https://validation.linaro.org/lava-server/RPC2/ lets-test-0116-job.json
EXPERIMENTAL - SUBJECT TO CHANGE (See --experimental-notice for more info)
ERROR: <Fault 401: 'Authentication required.'>

Ah, right - forgot token.

20:48 hrw@puchatek:lava$ lava-tool auth-add https://validation.linaro.org/lava-server/RPC2/
Paste token for https://<email address hidden>/lava-server/RPC2/:
Token added successfully for user hrw.

20:48 hrw@puchatek:lava$ lava-tool submit-job https://validation.linaro.org/lava-server/RPC2/ lets-test-0116-job.json
EXPERIMENTAL - SUBJECT TO CHANGE (See --experimental-notice for more info)
ERROR: <Fault 401: 'Authentication required.'>

Oops, username forgot.

20:48 hrw@puchatek:lava$ lava-tool submit-job https://<email address hidden>/lava-server/RPC2/ lets-test-0116-job.json EXPERIMENTAL - SUBJECT TO CHANGE (See --experimental-notice for more info)
ERROR: <Fault 403: 'Permission denied.'>

WTH?

Some time later Zygmunt arrived so we got a chat. He told me that under precise there can be a problem with keeping auth data (gnome keyring or kde wallet - I use second one). Checked kwallet manager and my token is stored there. Anyway workaround was to give token as password:

22:29 hrw@puchatek:lava$ lava-tool submit-job https://hrw:<email address hidden>/lava-server/RPC2/ ./lets-test-0116-job.json
EXPERIMENTAL - SUBJECT TO CHANGE (See --experimental-notice for more info)
ERROR: <Fault 403: 'Permission denied.'>

He said: "ah, you do not have bit : set. will do it now".

22:30 hrw@puchatek:lava$ lava-tool submit-job https://hrw:<email address hidden>/lava-server/RPC2/ ./lets-test-0116-job.json
EXPERIMENTAL - SUBJECT TO CHANGE (See --experimental-notice for more info)
ERROR: <Fault 400: 'Decoding JSON failed: Expecting object: line 32 column 9 (char 940).'>

Oops, fixed.

22:33 hrw@puchatek:lava$ lava-tool submit-job https://hrw:<email address hidden>/lava-server/RPC2/ ./lets-test-0116-job.json
EXPERIMENTAL - SUBJECT TO CHANGE (See --experimental-notice for more info)
submitted as job id: 9045

Yay!

But why lava-scheduler-tool (or rather lava-tool) had this problem? Why permission errors do not give any help? Would be nice to get "<Fault 401: 'Authentication required. Provide username'>" or "<Fault 403: 'Permission denied. Contact LAVA guys to set permissions for you.'>" in such moments.

Also JSON errors could be reported at any moment - would be nice.

Zygmunt Krynicki (zyga) on 2012-01-17
Changed in lava-scheduler-tool:
status: New → Confirmed
importance: Undecided → High
milestone: none → 2012.02
tags: added: ui-issue
affects: lava-scheduler-tool → lava-scheduler
Changed in lava-scheduler:
milestone: 2012.02 → none
Michael Hudson-Doyle (mwhudson) wrote :

I was sure there was a bug about reporting JSON errors immediately but I can't find it. Agree with the other points.

Changed in linaro-django-xmlrpc:
milestone: none → 2012.02
Changed in lava-scheduler:
milestone: none → 2012.02
assignee: nobody → Michael Hudson-Doyle (mwhudson)
Changed in linaro-django-xmlrpc:
assignee: nobody → Michael Hudson-Doyle (mwhudson)
Michael Hudson-Doyle (mwhudson) wrote :

Well hm, one case of this is going to be a bit more difficult than I thought it was going to be :/

It turns out that we already send vaguely meaningful messages in plain text in the response body when a token is invalid for some reason. But xmlrpclib doesn't look at the response body at all when the response code is != 200 (contrary to the http rfc's suggestion, it turns out).

We can certainly give better messages when there is token but should be and when the token is for a user that does not have the magic permission bit set though.

Changed in lava-scheduler:
status: Confirmed → Fix Committed
Changed in linaro-django-xmlrpc:
milestone: 2012.02 → none
Changed in lava-scheduler:
status: Fix Committed → Fix Released
Alan Bennett (akbennett) on 2013-06-11
Changed in linaro-django-xmlrpc:
status: New → Won't Fix
Changed in lava-scheduler:
status: Fix Released → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers