Uploaded image for project: 'Repose'
  1. REP-5694

How does Repose react to the Valkyrie upgrade? (Functional Tests and Docs)

    Details

    • Type: Story
    • Status: Resolved (View workflow)
    • Priority: Medium
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 8.6.2.0
    • Component/s: None
    • Labels:
      None
    • Epic Link:
    • Sprint:
      Sprint 146
    • Story Points:
      2
    • Capitalizable:
      True

      Description

      So in Valkyrie filter, we perform the culling call, account verification... Valkyrie has some changes that will check sales force to make sure user isn't suspended on dedicated side. They will return 401. Valkyrie did an upgrade… How will Repose handle 401 that has nothing to do with buggared token? We think that we will just cascade out a 401.

      In Repose, is there a difference between unauth due to being suspended or having an unauth due to bad token.

      In an ideal world:

      Situation Should Return Notes
      Bad Token 401 We should be doing this already today.
      Suspended 403 Valkyrie is likely returning a 401 instead of a 403, so we are probably returning that 401 back to the client.

      Acceptance Criteria:

      • Ensure we already have these functional tests.
        • If we don't, write those functional tests.
      • Ensure the docs reflect this information.
      • We do not have to convert Valkyrie's 401 to a 403. That's up to Valkyrie to fix.

      Code is here:
      https://github.com/rackerlabs/repose/blob/master/repose-aggregator/components/filters/valkyrie-authorization-filter/src/main/scala/org/openrepose/filters/valkyrieauthorization/ValkyrieAuthorizationFilter.scala#L373-L374

      Background:

      From: Bryan Davidson <bryan.davidson@RACKSPACE.COM>
      Date: Thursday, June 15, 2017 at 8:03 AM
      To: Valkyrie_Stakeholders <Valkyrie_Stakeholders@rackspace.com>
      Subject: Re: Valkyrie Deployment Ready for Testing

      Reminder: We will be submitting the change request for this deployment today. If you haven't already done so and would like to provide feedback before this change, please do so today.

      Again, this is a significant change to Valkyrie's authentication flow so we ask each team to carefully validate these changes. This change will support a critical deadline for F5 LBS GA launch.

      Thanks,
           Bryan

      From: Bryan Davidson
      Sent: Tuesday, June 13, 2017 12:36:04 PM
      To: Valkyrie_Stakeholders
      Subject: Re: Valkyrie Deployment Ready for Testing
       
      All, we have yet to receive feedback from several stakeholders regarding this regression testing in Staging. Please verify you can complete this testing by the (extended!) date of June 15th.

      We will be deploying the week of June 19th to meet a critical deadline for F5 LBS GA launch. If you'd like an opportunity to provide feedback before the deployment, please do so before the 15th.

      Thanks,
           Bryan

      From: Bryan Davidson
      Sent: Friday, June 9, 2017 4:48 PM
      To: Valkyrie_Stakeholders
      Subject: Valkyrie Deployment Ready for Testing
       
      Hi Valkyrie Stakeholders,

      Our next release is ready for validation in the Staging environment (https://staging.api.valkyrie.rackspace.com). This release includes the following change:

      https://jira.rax.io/browse/VALK-86: Protect LBS API from deleted Salesforce entities

      While the stated goal was to protect just the LBS API, the actual implementation validates all non-Racker tokens used with Valkyrie against Salesforce to ensure the account and contact associated with the token are still active. This is a significant change to Valkyrie's authentication flow so we ask each team to carefully validate these changes. To facilitate a timely deployment the week of June 19th, we ask all validation be completed by June 14th.

      Thanks, and please don't hesitate to reach out with any questions.

           - Bryan

        Attachments

          Activity

            People

            • Assignee:
              wdschei Bill Scheidegger
              Reporter:
              kari.davis Kari Davis
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: