1
0
-1

Hi Avoka Community,

I'm trying to set up our CI server to deploy using the app-deploy ant task, however I am being thwarted by a HTTP 403 error.

I've read the documentation on app-deploy in the Transact SDK docs, however I must be missing something. What's the minimum set of permissions and configuration required to allow a user to call the services that underpin app-deploy?

Ideally I would have a build server user with only the permissions required to test, build, deploy - and not access any UI... not sure if this is possible though.

Thanks in advance,

Sean

    CommentAdd your comment...

    3 answers

    1.  
      2
      1
      0

      Hi Sean. I think you should be fine with the following permissions on the Transact Manager module:

      • Admin Directory
      • REST Application Package API
      • REST Service Definitions API
      • REST Test Center API

      I also have 

      • REST TPac API

      but you dont really need that if you dont use TPacs


      Also mind the user organisation assignment so the CI Tools user is allowed to deploy/execute service under the organisation configured in your build.properties file.


      See more at: Setup Transact SDK > Configuring Transact Manager Permissions

        CommentAdd your comment...
      1.  
        1
        0
        -1

        The correct answer to the original post is that http 403 in most scenarios will reflect missing IP whitelisting on the TM server. Sean used a build server which wasnt allowed to chat with the TM server.

        Fixing whitelisting on the TM server resolved the issue for Sean.

        While playing further with miss-configuration of other involved assets the following error messages are present:

        • CI user not linked with proper TM organisation access  >> HTTP 404 Not Found
        • CI user missing proper roles/permissions  >> HTTP 403 Forbidden
        • CI user not linked with Transact Manager form space/module >> HTTP 401 Unauthorized "Account not associated with portal"
        • miss-configured or missing manager.clientCode in local transact-auth.properties file >> HTTP 404 Not Found
        • miss-configured manager.username or manager.password > HTTP 401 Unathorized "Bad credentials"
          CommentAdd your comment...
        1.  
          1
          0
          -1

          Hi Miro,

          Thanks for your advice. I've tried that configuration but it doesn't work for me. Here's an extract from the error message I receive:

          app-deploy:
          [app-deploy] Http client: created.
          [app-deploy] Request: POST https://<server>/manager/secure/rest/application-package/v1/<client_code> HTTP/1.1
          [app-deploy] Response: HTTP/1.1 403 Forbidden
          [app-deploy] Response: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
          [app-deploy] <html><head>
          [app-deploy] <title>403 Forbidden</title>[app-deploy] </head><body>
          [app-deploy] <h1>Forbidden</h1>
          [app-deploy] <p>You don't have permission to access /manager/secure/rest/application-package/v1/<client_code>
          [app-deploy] on this server.</p>
          1. Miroslav Botka

            As part of the debugging try

            • to enable global org access on the CI user account. That will be required if you need to deploy global services.
            • assign the user to the Transact Manager module
          2. Sean Colyer

            I've enabled global org access. It doesn't fix the issue.

            How do I assign the user to the Transact Manager module?

          3. Miroslav Botka

            User Account details > spaces > Add Transact Manager to the list of spaces on the right side

            sorry it is a bit confusing, Transact Manager is just "another space" re this sort of config even though in the menu its under the System > Modules Config

          4. Miroslav Botka

            btw this is how I configured the transact-auth.properties file (try to use the same URL patter - no end backslash)

            manager.url=http://localhost:9080/manager
            manager.username=ci-mbotka
            manager.password=Pasword123
            manager.clientCode=TEST
          5. Sean Colyer

            Thanks Miro. I didn't have that space configured, but adding it still doesn't resolve the 403 error.

          CommentAdd your comment...