[BUILD-1138] Can't delete files because of misconfigured public instance for the nightly Created: 11/Sep/23  Updated: 26/Sep/23  Resolved: 26/Sep/23

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Dominik Maslanka Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File Screen Recording 2023-09-11 at 15.24.49.mov    
Issue Links:
causality
duplicate
is duplicated by PUBLISHING-298 Use passing default for receiversWhit... Closed
Template:
Acceptance criteria:
Empty
Date of First Response:
Team: Nucleus
Work Started:

 Description   

Steps to reproduce:
1. create a file in resource files or page in Pages app
2. delete it
3. Publish deletion

Screen Recording 2023-09-11 at 15.24.49.mov

expected result:
item is deleted
**

actual result:

in Case of pages apps page reloads but item do not change it's status or it stay untouched
in case of resource files - error occurs.

There is not correctly configured public instance for the nightly instance, see here  so there is no possibility to publish item.



 Comments   
Comment by Maxime Michel [ 13/Sep/23 ]

dmaslanka The exact error is:

ERROR info.magnolia.publishing.command.PublicationCommand 11.09.2023 12:44:53 -- Receiver: null, error: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist 

Could you please check with your team what the appropriate configuration for that should be? This is a publishing matter and it's weird, I can't find any reference to this property either in docs or in the code.

Comment by Adam Siska [ 15/Sep/23 ]

Ok. So this is the situation that receiver is configured via yaml. In that case we need to update config under /server/activation/receiversWhitelist with it. See this DOCu PR: https://git.magnolia-cms.com/projects/DOCUMENTATION/repos/product-docs/pull-requests/1721/diff#modules/ROOT/pages/Administration/Security/Publishing-security.adoc

If you are using light module to configure receivers, you need to provide a list of trusted receiver URLs, as shown below. Or you can use a URL prefix if your receivers are on the same domain or have the same beginning. 

We would have RN pointing to this ^

Comment by Maxime Michel [ 18/Sep/23 ]

Hey asiska, thanks for the analysis. You made me realise there is some publishing configuration done in the nightly by the magnolia-base Helm chart, for instance: https://git.magnolia-cms.com/projects/SRE-PLATFORM/repos/cloud-helm-charts/browse/magnolia-base/files/microprofile-config.yaml.tpl

I'm not sure how to move forward, though. Is the receiversWhitelist configurable via Microprofile? What value should it have? ATM it extends '/modules/publishing-core/config/receivers', so why isn't that working? Thanks.

Comment by Adam Siska [ 19/Sep/23 ]

Hi mmichel,

it isn't working with extends because it takes only JCR nodes, not yaml decorations. In fact I have no idea how to apply microprofile config to /server/activation, maybe with some java code.. But we have also this note in docu

When there are no security concerns regarding light module development, or you have configured firewall rules that prevent outgoing connections to unknown servers, you can use some prefix instead for the `url` property, e.g. `http://`, `http` or even an empty string. 

So the solution/workaround for nightly could be using this by creating url property, /server/activation/receiversWhitelist/public/url, with value 'http://' (this could be bootstrapped on the webapp level).

Comment by Maxime Michel [ 20/Sep/23 ]

Thanks. While that would work for the nightly, what concerns me is that any project that relies on that Helm chart will run into the same issue. Hence, it would be easier to open up this configuration via Microprofile so that the fix or workaround could be applied to all deployments.

Comment by Adam Siska [ 20/Sep/23 ]

Hey Maxime,

I hope that the nightly is bit of a special case. This whitelist logic is integrated to 6.2 only. Actually we weren’t aware that 6.2 project could use microprofile config at all. Not sure if there is any way to expose this JCR /server/ config to decorations.. config here could be modified only by bootstraps or programatically (and that's also purpose of this fix, see this comment)

Comment by Andres Garcia [ 20/Sep/23 ]

This whitelisting config seems a bit suspicious, if the receivers need to be fixed (for example at build or deployment time), then do that instead of requiring another set of properties that seem redundant in contrast with the old config. This config shouldn't be tamperable by anyone so the whitelisting seems to be a very self-hosted-with-plain-old-vm solution that is now mandatory everywhere.

As a general note: Helm charts should provide basic means to deliver configuration and at the same time restraint as much as possible from delivering the actual configuration unless it needs to be computed at deployment time and/or it is critical to well functioning of the app. For example: If a config needs to be computed and is mandatory for the app, it should be added IMHO; if it doesn't need to be computed at deployment time, then it can simply be provided as config.

Comment by Richard Gange [ 21/Sep/23 ]

FYI: we also have a similar problem with the demo: https://demo.magnolia-cms.com

INFO  info.magnolia.module.scheduler.CommandJob 21.09.2023 10:26:04 -- Starting job [asyncCommand1695291964400]... 
WARN  info.magnolia.publishing.sender.AbstractSender 21.09.2023 10:26:04 -- Unable to initiate content transfer to public nodes due to Receiver public0 is not whitelisted in /server/activation/receiversWhitelist.
info.magnolia.publishing.exception.PublicationException: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist
	at info.magnolia.publishing.sender.AbstractSender.checkAllReceiversAreWhitelisted(AbstractSender.java:383) ~[magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.publishing.sender.AbstractSender.send(AbstractSender.java:219) [magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.publishing.sender.AbstractSender.publish(AbstractSender.java:148) [magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.publishing.transactional.sender.TransactionalSender.publish(TransactionalSender.java:92) [magnolia-publishing-transactional-sender-1.2.4.jar:?]
	at info.magnolia.publishing.command.PublicationCommand.execute(PublicationCommand.java:168) [magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.personalization.command.PersonalizationPublicationCommand.execute(PersonalizationPublicationCommand.java:46) [magnolia-personalization-core-2.1.9.jar:?]
	at info.magnolia.commands.MgnlCommand.executeSynchronized(MgnlCommand.java:80) [magnolia-core-6.2.39.jar:?]
	at info.magnolia.commands.MgnlCommand.execute(MgnlCommand.java:69) [magnolia-core-6.2.39.jar:?]
	at info.magnolia.commands.chain.ChainBase.execute(ChainBase.java:101) [magnolia-core-6.2.39.jar:?]
	at info.magnolia.module.scheduler.CommandJob.execute(CommandJob.java:110) [magnolia-module-scheduler-2.3.6.jar:?]
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
ERROR info.magnolia.publishing.command.PublicationCommand 21.09.2023 10:26:04 -- Receiver: null, error: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist
info.magnolia.publishing.exception.PublicationException: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist
	at info.magnolia.publishing.sender.AbstractSender.checkAllReceiversAreWhitelisted(AbstractSender.java:383) ~[magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.publishing.sender.AbstractSender.send(AbstractSender.java:219) ~[magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.publishing.sender.AbstractSender.publish(AbstractSender.java:148) ~[magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.publishing.transactional.sender.TransactionalSender.publish(TransactionalSender.java:92) ~[magnolia-publishing-transactional-sender-1.2.4.jar:?]
	at info.magnolia.publishing.command.PublicationCommand.execute(PublicationCommand.java:168) [magnolia-publishing-core-1.3.12.jar:?]
	at info.magnolia.personalization.command.PersonalizationPublicationCommand.execute(PersonalizationPublicationCommand.java:46) [magnolia-personalization-core-2.1.9.jar:?]
	at info.magnolia.commands.MgnlCommand.executeSynchronized(MgnlCommand.java:80) [magnolia-core-6.2.39.jar:?]
	at info.magnolia.commands.MgnlCommand.execute(MgnlCommand.java:69) [magnolia-core-6.2.39.jar:?]
	at info.magnolia.commands.chain.ChainBase.execute(ChainBase.java:101) [magnolia-core-6.2.39.jar:?]
	at info.magnolia.module.scheduler.CommandJob.execute(CommandJob.java:110) [magnolia-module-scheduler-2.3.6.jar:?]
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?]
	at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?]
ERROR info.magnolia.module.scheduler.CommandJob 21.09.2023 10:26:04 -- Cannot execute command [personalizationActivation] for job [asyncCommand1695291964400] in catalog [null]
INFO  info.magnolia.module.workflow.jbpm.workitem.handler.AsyncWorkItemHandler 21.09.2023 10:26:04 -- WorkItem [asyncCommand] was aborted.
Generated at Sun Feb 11 23:48:30 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.