Hi Avoka Community,
I'm trying to set up our CI server to deploy using the app-deploy ant task, however I am being thwarted by a HTTP 403 error.
I've read the documentation on app-deploy in the Transact SDK docs, however I must be missing something. What's the minimum set of permissions and configuration required to allow a user to call the services that underpin app-deploy?
Ideally I would have a build server user with only the permissions required to test, build, deploy - and not access any UI... not sure if this is possible though.
Thanks in advance,
Hi Sean. I think you should be fine with the following permissions on the Transact Manager module:
I also have
but you dont really need that if you dont use TPacs
Also mind the user organisation assignment so the CI Tools user is allowed to deploy/execute service under the organisation configured in your build.properties file.
See more at: Setup Transact SDK > Configuring Transact Manager Permissions
The correct answer to the original post is that http 403 in most scenarios will reflect missing IP whitelisting on the TM server. Sean used a build server which wasnt allowed to chat with the TM server.
Fixing whitelisting on the TM server resolved the issue for Sean.
While playing further with miss-configuration of other involved assets the following error messages are present:
Thanks for your advice. I've tried that configuration but it doesn't work for me. Here's an extract from the error message I receive:
[app-deploy] Http client: created.
[app-deploy] Request: POST https://<server>/manager/secure/rest/application-package/v1/<client_code> HTTP/1.1
[app-deploy] Response: HTTP/1.1 403 Forbidden
[app-deploy] Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
[app-deploy] <title>403 Forbidden</title>[app-deploy] </head><body>
[app-deploy] <p>You don't have permission to access /manager/secure/rest/application-package/v1/<client_code>
[app-deploy] on this server.</p>
As part of the debugging try
I've enabled global org access. It doesn't fix the issue.
How do I assign the user to the Transact Manager module?
User Account details > spaces > Add Transact Manager to the list of spaces on the right side
sorry it is a bit confusing, Transact Manager is just "another space" re this sort of config even though in the menu its under the System > Modules Config
btw this is how I configured the transact-auth.properties file (try to use the same URL patter - no end backslash)
Thanks Miro. I didn't have that space configured, but adding it still doesn't resolve the 403 error.