-
Notifications
You must be signed in to change notification settings - Fork 19
Bug: 500 server error when creating a policy #475
Comments
As a followup to this - the policy has been saved - which is then causing the
|
Hi Shaun, I found this bug, essentially our Joi statement object isn't limiting effect to allow|deny on input, however it is on output rule... The error occurred on response validation, which does have the limitation, both the post and the get perform validation on the response and that's why the error is showing in both situations above... Once the validation rule is in, this will become a 400 error. |
I'm currently updating all of our Joi validation objects with labels so the swagger doc becomes more consistent so I'll check this in with the rest of those fixes today |
here is the output after retesting with rules in place... { |
Fixed in this commit: 534787f Will be included in next release... |
* Split code into 4 packages using lerna. * Reconsiled master merge out to wprl:lerna-ize (#439) * feat: get user teams, no inheritance * fix: get user teams functionality, tests * chore: changes feedback review * chore: release 3.1.0 preps * fix: allow empty results when the user is in no teams * volume data insertion and autocannon bench tests * database migration to 6, added index to team_members, fixed bug in volumeRunner starting server * updated NUM_TEAMs in config to 500 * Forking child process for UDARU server in volumeRunner * tidy ups and upgraded lodash to 4.17.5 * added chalk to volume load/test, using IPC when forking server, updated changes.md * updated intermittently failing user policies test cases * updated pbac version, iam.js also changed as the param order is important and needed to be reversed * support for optional metadata field, team, user, org read only * get, post and put updated for optional metadata field * test cases on core added for create, update, read * #450 solved: authorization pre-check required on teams payload object * version 3.2.0 not 3.2.1 * updates to validatation models for better swagger definitions, enforcement of allow/deny on policies * added test for issue #475 (invalid effect data) * added a note to pagedteamslist to state policies and users not populated * updates to all entities to throw 409 conflict instead of 400 for db insert/update conflict constraints * fix migrate 7 uninstall script * pre-merge issues addressed * fix: add request id for the resource builder * chore: bump package, update changes * update to changes.md summary for 4.0.0 * chore: package lock update * removing public schema from migration scripts * updated version number in package.json and added 4.0.1 entry to changes * support search teams in udaru core * search team endpoint and search logic updates * add total to team search response * update search response validation to match actual response data * Nested Teams Endpoint (#477) * add nested teams to udaru core * add nested endpoint * add e2e test for nested team limit * updating version and changes.md, updated pbac to 0.3.0 * use the buildParams directly to create base resource for user requests * return 404 if nested team is not found * Reset version to 4.0.1, it had accidently been set to 4.2.0 * check if team exists before returning users, check if user exist before return teams * fix typo * Example extended to demonstrate teams (#483) * Support in udaru core for searching users (#463) * Support in udaru core for searching users * Linting fix * Added some sanity check sql injection tests * Linting fix (again) * Linting fix (again again) * expose public user search route * add search users in a team * Updated end to end testing for teams search and team users search * updated version and changes * updated changes.md 4.1.0 date * Migration to nearForm SQL module * Removed postgrator * Removed postgrator * Split code into 4 packages using lerna. * packages/udaru/ -> packages/udaru-core/ * update version in changes.md, packages and static swagger docs
The following request:
Produces the following response:
Internally the logs are showing:
This should not be a 500 error - but a 400 Bad Request which communicates the error.
The text was updated successfully, but these errors were encountered: