Server autostart fails with coco server security connector

[planetf1]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

Using the coco pharma server configuration documents, server autostart fails:

jonesn:egeria/ (master*) $ chassis                                                                                                                      [13:10:13]
Picked up JAVA_TOOL_OPTIONS: --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED
 Project Egeria - Open Metadata and Governance
    ____   __  ___ ___    ______   _____                                 ____   _         _     ___
   / __ \ /  |/  //   |  / ____/  / ___/ ___   ____ _   __ ___   ____   / _  \ / / __    / /  / _ /__   ____ _  _
  / / / // /|_/ // /| | / / __    \__ \ / _ \ / __/| | / // _ \ / __/  / /_/ // //   |  / _\ / /_ /  | /  _// || |
 / /_/ // /  / // ___ |/ /_/ /   ___/ //  __// /   | |/ //  __// /    /  __ // // /  \ / /_ /  _// / // /  / / / /
 \____//_/  /_//_/  |_|\____/   /____/ \___//_/    |___/ \___//_/    /_/    /_/ \__/\//___//_/   \__//_/  /_/ /_/

 :: Powered by Spring Boot (v2.5.5) ::

2021-10-15 13:10:22.448  INFO 24329 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat initialized with port(s): 9443 (https)
Fri Oct 15 13:10:25 BST 2021 OMag Server Platform shutdown requested. Temporarily deactivating the following auto-started servers: [cocoMDS2, cocoMDS3, cocoMDS5, cocoMDS6]
2021-10-15 13:10:29.489  INFO 24329 --- [           main] o.s.b.w.embedded.tomcat.TomcatWebServer  : Tomcat started on port(s): 9443 (https) with context path ''

OMAG-PLATFORM-SECURITY-403-003  User system is not authorized to issue configuration requests

Expected Behavior

In this case, all the servers configured for this platform should be auto started

Steps To Reproduce

• Use coco pharma config documents
• set export STARTUP_SERVER_LIST="cocoMDS2,cocoMDS3,cocoMDS5,cocoMDS6,"
• launch chassis

Environment

- Egeria:3.3-SNAPSHOT

Any Further Information?

The hardcoded user 'system' is used by the autostart capability
This should be permitted to startup servers when using the coco security plugin
Documentation should also be added to clarify what this userid is used for

Also the error message is confusing - we only see the shutdown (since something has gone wrong?). Plus a capitalisation typo. Finally the action being reported as barred is 'configuration', but we are not doing configuration here really, it is an operation command to START the server, distinct from configuration

[mandy-chessell]

I have done some investigation:

• The validation and error message is from the platform security connector. This is set up by the platform owner and does not come from the server configurations as describe above.
• The userId that is passed when servers are auto-started is controlled by the environment variable "startup.user". This is documented very clearly in the server chassis documentation that describes how to set up the startup.server.list. It does mean that the setting of the environment variable needs to match the implementation of the platform security connector (and the documentation for the platform security connector needs to include the name of the userId to set in "startup.user").
• The validation check is coming from the method that retrieves the configuration file. This is used by both the administration and operations commands. Currently it assumes it is an admin call and so needs a flag to call the correct verification method just before retrieving the config doc. With this in place the message will change to OMAG-PLATFORM-SECURITY-403-003 User system is not authorized to issue operations requests.
• When the server startup fails, the error message from the admin commands is output. This can be prepended with a message such as "Server startup failed with error: " which would give the result of:

Server startup failed with error: OMAG-PLATFORM-SECURITY-403-003 User {startup.user} is not authorized to issue operations requests

Questions (@planetf1) :

• What is the captialization typo? The message begins with a capital letter and there are no other capitals. Are you expecting more capital letters?

[planetf1]

Thanks for investigating @mandy-chessell

The capitalization typo was in the text

OMag Server Platform shutdown requested.

• The reference to server docs was just to clarify the configuration being run - not to imply it was specific to this configuration
• I missed the reference in the doc - my error, but getting this into our new docs would improve findability (admin/operations?)
• The improved error looks more appropriate
• The prefix tweak could improve usability

[mandy-chessell]

Thanks, I completely miss the "OMag" :)

I actually discovered that my assertion that this message comes from the platform security connector is wrong. If the server is not configured then the error comes from the platform security connector. However, if the server is configured, the validation switches to the server security connector. This means that each server can have different administrators.

[mandy-chessell]

The ordering of the messages is driven by Spring event handling and is difficult to change so I have modified the shutdown message slightly ...

OMAG Server Platform shutdown requested. Shutting down auto-started servers (if running): [cocoMDS2, cocoMDS3, cocoMDS5, cocoMDS6]

I have also noticed that the method retrieveAllServerConfigs bypasses all server security checks. It is validating the request as an "investigator" role and it should be "operator" role since "investigator" is for diagnostic requests.

[mandy-chessell]

The coco security connectors currently expect startup.user to be set to "garygeeke". I have also added an NPA userId called "autoStart01npa" for testing the autostart capability.