Cypress Test - Namespace Access ->Service Account Access

[nirajCITZ]

• Clarify the requirement

• Cypress Test Planning

• Cypress Test Creation

Blocker : Service account access throes error when existing namespace is assign to another namespace.The reason is Policy unique ID is the service account ID, so it will not allow a service account from one namespace to be assigned permissions in another namespace.

apsportal | debug: [uma2-token] [getPermittedResourcesUsingTicket] RESULT [{"scopes":["Namespace.Manage"],"rsid":"a47c6a6b-8c42-4efc-84dd-a3572cb02fb6","rsname":"newplatform"},{"scopes":["Namespace.Manage"],"rsid":"6d5e33c3-65df-4c6a-9f8a-8f646f025df5","rsname":"testnp"}]
apsportal | debug: [List.Ext.Common] [getResourceSets] (ResSvrBased) RETURN [{"scopes":["Namespace.Manage"],"rsid":"a47c6a6b-8c42-4efc-84dd-a3572cb02fb6","rsname":"newplatform"},{"scopes":["Namespace.Manage"],"rsid":"6d5e33c3-65df-4c6a-9f8a-8f646f025df5","rsname":"testnp"}]
apsportal | debug: [uma2-policy] Endpoint http://keycloak.localtest.me:9080/auth/realms/master/authz/protection/uma-policy
apsportal | debug: [uma2-policy] [createUmaPolicy] http://keycloak.localtest.me:9080/auth/realms/master/authz/protection/uma-policy/6d5e33c3-65df-4c6a-9f8a-8f646f025df5
apsportal | error: [general] Error - 409 Conflict
apsportal | error: [general] ERROR {"error":"Policy with name [sa-newplatform-e0000000-3b5f7c165cd1] already exists","error_description":"Conflicting policy"}
apsportal | error: [general] Added reason to error: {"reason":"Policy with name [sa-newplatform-e0000000-3b5f7c165cd1] already exists","status":"409 Conflict"}
apsportal | error: [general] GraphQL Error: {"reason":"Policy with name [sa-newplatform-e0000000-3b5f7c165cd1] already exists","status":"409 Conflict"}
apsportal |
apsportal | GraphQL request:7:5
apsportal | 6 | ) {
apsportal | 7 | createUmaPolicy(
apsportal | | ^
apsportal | 8 | prodEnvId: $prodEnvId
apsportal | {"level":50,"time":1664299261969,"pid":24,"hostname":"5a05491beb43","name":"graphql","message":"{"reason":"Policy with name [sa-newplatform-e0000000-3b5f7c165cd1] already exists","status":"409 Conflict"}","locations":[{"line":7,"column":5}],"path":["createUmaPolicy"],"uid":"cl8kgt5al000h0ont4njg5v2i","name":"GraphQLError","errors":[{"reason":"Policy with name [sa-newplatform-e0000000-3b5f7c165cd1] already exists","status":"409 Conflict"}],"stack":"dist/services/checkStatus.js:36:19\nGenerator.next ()\nfulfilled (dist/services/checkStatus.js:5:58)\n"}
oauth2-proxy | 172.21.0.1:57622 - c0631a03-2d96-479f-ab30-82c5c3b6035a - [email protected] [2022/09/27 17:21:01] oauth2proxy.localtest.me:4180 POST / "/gql/api" HTTP/1.1 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" 200 306 0.132
apsportal | {"level":30,"time":1664299261973,"pid":24,"hostname":"5a05491beb43","req":{"id":2034,"method":"POST","url":"/gql/api","headers":{"host":"oauth2proxy.localtest.me:4180","user-agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36","content-length":"404","accept":"application/json","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9","content-type":"application/json","cookie":"keystone.sid=s%3ATI1zWuurrjFwPObzad8v-IsAWfilaaCm.iXb3PP8v9%2FGO52CXH5RSarkrLnxfIg1UUlTUxEs9B7c; _oauth2_proxy=X29hdXRoMl9wcm94eS0xNjU0NjllOTgwYmVlNTU3YjJmOGU3MDJlZmI4YzIyMy5PVUM5UmdCaW9TSkN6YXV5NUMybXFB|1664299084|6yR2zxWt9XE2s1YARXCgdFQi6QjP5w3HSZD_HXR2J0Q=","origin":"http://oauth2proxy.localtest.me:4180","referer":"http://oauth2proxy.localtest.me:4180/manager/namespace-access","x-forwarded-access-token":"eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI4bWxJbUplOXhxUFphMlNEYVlGMTBLWjJjUUhKQ2t0OEN1TjhNYjd5YkhVIn0.eyJleHAiOjE2NjQyOTkzODQsImlhdCI6MTY2NDI5OTA4NCwiYXV0aF90aW1lIjoxNjY0Mjk1Mzk1LCJqdGkiOiIxNjYzOGQ0YS1kZTI4LTQ4MTktYmIyZi1jMGNlMGI0YTM5NGMiLCJpc3MiOiJodHRwOi8va2V5Y2xvYWsubG9jYWx0ZXN0Lm1lOjkwODAvYXV0aC9yZWFsbXMvbWFzdGVyIiwic3ViIjoiYmY0OThhN2ItYjZlMC00OWJiLTllYTgtMDI0MWQ3NzkyZmUyIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYXBzLXBvcnRhbCIsInNlc3Npb25fc3RhdGUiOiIwYTA2NzY3ZS03YzMxLTQwYzUtYTNkNC0wZWNiMTA1NmEyMDYiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbIioiXSwic2NvcGUiOiJvcGVuaWQgTmFtZXNwYWNlLkFkbWluIGVtYWlsIHByb2ZpbGUgTmFtZXNwYWNlLkNyZWF0ZSIsImlkZW50aXR5X3Byb3ZpZGVyIjoiaWRpciIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6IkphbmlzIFNtaXRoIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiamFuaXNAaWRpciIsImdpdmVuX25hbWUiOiJKYW5pcyIsImZhbWlseV9uYW1lIjoiU21pdGgiLCJlbWFpbCI6ImphbmlzQHRlc3RtYWlsLmNvbSJ9.mnZffQO_I0UqE_y72JrZKlrVKt5pHNJDSDwgwTnBeXWLHpQRBhqBII0Sm3zm1Losc6zExzwBgjmon0SxHYR5Hm_skpI37XA41zSx9fEIaB4g0LQBtaSJY-GilfEFnylspla04ZScMaxPYMZv5frUZAm1dR34LKaTC9aqd0VY74UZaeQyA5W6SgVT1IZhroIGgXTiscv2uGvZHA7uc0MLkGJkp-DQxvFjcAsVQrlEj3dgtI6D81_jJqbzaVgfhkSM4iZ0jVWOAxn59EYh7oVhlAC0aInV-H-q9FUzvIaA0DnoZqNj4BMKg6WhutL3OJNWrReR6c8cWbq0DeKGyILA8Q","x-forwarded-email":"[email protected]","x-forwarded-for":"172.21.0.1","x-forwarded-preferred-username":"janis@idir","x-forwarded-user":"bf498a7b-b6e0-49bb-9ea8-0241d7792fe2"},"remoteAddress":"::ffff:172.21.0.6","remotePort":37552},"res":{"statusCode":200,"headers":{"x-powered-by":"Express","x-keystone-app-version":"1.0.0","access-control-allow-origin":"http://oauth2proxy.localtest.me:4180","vary":"Origin","access-control-allow-credentials":"true","content-type":"application/json; charset=utf-8","content-length":"306","etag":"W/"132-oHBpntL0/j2NO9MmCj3SLmiqfZU""}},"responseTime":122,"msg":"request completed"}