[BUILD-1138] Can't delete files because of misconfigured public instance for the nightly Created: 11/Sep/23 Updated: 26/Sep/23 Resolved: 26/Sep/23 |
|
| Status: | Closed |
| Project: | Build |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Neutral |
| Reporter: | Dominik Maslanka | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||||||
| Issue Links: |
|
||||||||||||
| Template: |
|
||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||
| Date of First Response: | |||||||||||||
| Team: | |||||||||||||
| Work Started: | |||||||||||||
| Description |
|
Steps to reproduce: Screen Recording 2023-09-11 at 15.24.49.mov expected result: actual result: in Case of pages apps page reloads but item do not change it's status or it stay untouched There is not correctly configured public instance for the nightly instance, see here so there is no possibility to publish item. |
| Comments |
| Comment by Maxime Michel [ 13/Sep/23 ] |
|
dmaslanka The exact error is:
ERROR info.magnolia.publishing.command.PublicationCommand 11.09.2023 12:44:53 -- Receiver: null, error: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist
Could you please check with your team what the appropriate configuration for that should be? This is a publishing matter and it's weird, I can't find any reference to this property either in docs or in the code. |
| Comment by Adam Siska [ 15/Sep/23 ] |
|
Ok. So this is the situation that receiver is configured via yaml. In that case we need to update config under /server/activation/receiversWhitelist with it. See this DOCu PR: https://git.magnolia-cms.com/projects/DOCUMENTATION/repos/product-docs/pull-requests/1721/diff#modules/ROOT/pages/Administration/Security/Publishing-security.adoc
If you are using light module to configure receivers, you need to provide a list of trusted receiver URLs, as shown below. Or you can use a URL prefix if your receivers are on the same domain or have the same beginning.
We would have RN pointing to this ^ |
| Comment by Maxime Michel [ 18/Sep/23 ] |
|
Hey asiska, thanks for the analysis. You made me realise there is some publishing configuration done in the nightly by the magnolia-base Helm chart, for instance: https://git.magnolia-cms.com/projects/SRE-PLATFORM/repos/cloud-helm-charts/browse/magnolia-base/files/microprofile-config.yaml.tpl I'm not sure how to move forward, though. Is the receiversWhitelist configurable via Microprofile? What value should it have? ATM it extends '/modules/publishing-core/config/receivers', so why isn't that working? Thanks. |
| Comment by Adam Siska [ 19/Sep/23 ] |
|
Hi mmichel, it isn't working with extends because it takes only JCR nodes, not yaml decorations. In fact I have no idea how to apply microprofile config to /server/activation, maybe with some java code.. But we have also this note in docu When there are no security concerns regarding light module development, or you have configured firewall rules that prevent outgoing connections to unknown servers, you can use some prefix instead for the `url` property, e.g. `http://`, `http` or even an empty string. So the solution/workaround for nightly could be using this by creating url property, /server/activation/receiversWhitelist/public/url, with value 'http://' (this could be bootstrapped on the webapp level). |
| Comment by Maxime Michel [ 20/Sep/23 ] |
|
Thanks. While that would work for the nightly, what concerns me is that any project that relies on that Helm chart will run into the same issue. Hence, it would be easier to open up this configuration via Microprofile so that the fix or workaround could be applied to all deployments. |
| Comment by Adam Siska [ 20/Sep/23 ] |
|
Hey Maxime, I hope that the nightly is bit of a special case. This whitelist logic is integrated to 6.2 only. Actually we weren’t aware that 6.2 project could use microprofile config at all. Not sure if there is any way to expose this JCR /server/ config to decorations.. config here could be modified only by bootstraps or programatically (and that's also purpose of this fix, see this comment) |
| Comment by Andres Garcia [ 20/Sep/23 ] |
|
This whitelisting config seems a bit suspicious, if the receivers need to be fixed (for example at build or deployment time), then do that instead of requiring another set of properties that seem redundant in contrast with the old config. This config shouldn't be tamperable by anyone so the whitelisting seems to be a very self-hosted-with-plain-old-vm solution that is now mandatory everywhere. As a general note: Helm charts should provide basic means to deliver configuration and at the same time restraint as much as possible from delivering the actual configuration unless it needs to be computed at deployment time and/or it is critical to well functioning of the app. For example: If a config needs to be computed and is mandatory for the app, it should be added IMHO; if it doesn't need to be computed at deployment time, then it can simply be provided as config. |
| Comment by Richard Gange [ 21/Sep/23 ] |
|
FYI: we also have a similar problem with the demo: https://demo.magnolia-cms.com INFO info.magnolia.module.scheduler.CommandJob 21.09.2023 10:26:04 -- Starting job [asyncCommand1695291964400]... WARN info.magnolia.publishing.sender.AbstractSender 21.09.2023 10:26:04 -- Unable to initiate content transfer to public nodes due to Receiver public0 is not whitelisted in /server/activation/receiversWhitelist. info.magnolia.publishing.exception.PublicationException: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist at info.magnolia.publishing.sender.AbstractSender.checkAllReceiversAreWhitelisted(AbstractSender.java:383) ~[magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.publishing.sender.AbstractSender.send(AbstractSender.java:219) [magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.publishing.sender.AbstractSender.publish(AbstractSender.java:148) [magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.publishing.transactional.sender.TransactionalSender.publish(TransactionalSender.java:92) [magnolia-publishing-transactional-sender-1.2.4.jar:?] at info.magnolia.publishing.command.PublicationCommand.execute(PublicationCommand.java:168) [magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.personalization.command.PersonalizationPublicationCommand.execute(PersonalizationPublicationCommand.java:46) [magnolia-personalization-core-2.1.9.jar:?] at info.magnolia.commands.MgnlCommand.executeSynchronized(MgnlCommand.java:80) [magnolia-core-6.2.39.jar:?] at info.magnolia.commands.MgnlCommand.execute(MgnlCommand.java:69) [magnolia-core-6.2.39.jar:?] at info.magnolia.commands.chain.ChainBase.execute(ChainBase.java:101) [magnolia-core-6.2.39.jar:?] at info.magnolia.module.scheduler.CommandJob.execute(CommandJob.java:110) [magnolia-module-scheduler-2.3.6.jar:?] at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?] at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?] ERROR info.magnolia.publishing.command.PublicationCommand 21.09.2023 10:26:04 -- Receiver: null, error: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist info.magnolia.publishing.exception.PublicationException: Receiver public0 is not whitelisted in /server/activation/receiversWhitelist at info.magnolia.publishing.sender.AbstractSender.checkAllReceiversAreWhitelisted(AbstractSender.java:383) ~[magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.publishing.sender.AbstractSender.send(AbstractSender.java:219) ~[magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.publishing.sender.AbstractSender.publish(AbstractSender.java:148) ~[magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.publishing.transactional.sender.TransactionalSender.publish(TransactionalSender.java:92) ~[magnolia-publishing-transactional-sender-1.2.4.jar:?] at info.magnolia.publishing.command.PublicationCommand.execute(PublicationCommand.java:168) [magnolia-publishing-core-1.3.12.jar:?] at info.magnolia.personalization.command.PersonalizationPublicationCommand.execute(PersonalizationPublicationCommand.java:46) [magnolia-personalization-core-2.1.9.jar:?] at info.magnolia.commands.MgnlCommand.executeSynchronized(MgnlCommand.java:80) [magnolia-core-6.2.39.jar:?] at info.magnolia.commands.MgnlCommand.execute(MgnlCommand.java:69) [magnolia-core-6.2.39.jar:?] at info.magnolia.commands.chain.ChainBase.execute(ChainBase.java:101) [magnolia-core-6.2.39.jar:?] at info.magnolia.module.scheduler.CommandJob.execute(CommandJob.java:110) [magnolia-module-scheduler-2.3.6.jar:?] at org.quartz.core.JobRunShell.run(JobRunShell.java:202) [quartz-2.3.2.jar:?] at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:573) [quartz-2.3.2.jar:?] ERROR info.magnolia.module.scheduler.CommandJob 21.09.2023 10:26:04 -- Cannot execute command [personalizationActivation] for job [asyncCommand1695291964400] in catalog [null] INFO info.magnolia.module.workflow.jbpm.workitem.handler.AsyncWorkItemHandler 21.09.2023 10:26:04 -- WorkItem [asyncCommand] was aborted. |