Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-17118

Default May Act script missing from CDK overlay

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.1.0
    • Fix Version/s: 7.1.0
    • Component/s: scripting
    • Labels:
    • Target Version/s:
    • Story Points:
      2

      Description

      Bug description

      When upgrading the overlay FBC configuration files in the cdk the upgrade rules assume that there is a default May Act script available but this script might have been deleted e.g. with the Amster :import-config ... --clean option.

      How to reproduce the issue

      ran the FBC upgrade against the latest cdk config

      ./amupgrade \
          --inputConfig .../forgeops/config/7.0/cdk/am/config/services \
          --output .../forgeops/config/7.0/master/am/config/services \
          --fileBasedMode \
          --prettyArrays \
          --baseDn ou=am-config \
          --clean false \
          --secretsConfigFile .../openam/openam-config-upgrader/sampleconfig.properties \
          .../openam/openam-config-upgrader/src/main/rules/fbc/latest.groovy
      

      updated the Dockerfile to have this base image built today (the latest image built from master at the time of the test) - gcr.io/forgerock-io/am-base/docker-build@sha256:6fa7102878d979ee5563e484a11b20d126c834de31dba5b044e93d258dc753f2
      skaffold delete and removed the PVCs
      initialised config using the output folder from the upgrade - [./bin/config.sh init --profile master --component am --version 7.0]
      skaffold run

      Expected behaviour

      That OAuth2 still works

      Current behaviour

      And when we try to login to platform ui, we see a blank page with a 500 error on am/oauth2/access_token endpoint with the attached stacktrace
      stacktrace

      {"timestamp":"2020-11-25T12:04:50.309Z","level":"ERROR","thread":"http-nio-8080-exec-8","mdc":{"transactionId":"6777a430-52ff-47ca-af53-2d101abfd3b3-1744"},"logger":"org.forgerock.oauth2.restlet.ExceptionHandler","message":"Unhandled exception: ","context":"default","exception":"java.lang.NullPointerException: null
      
       org.forgerock.openam.sm.FileBasedSmsObject.lambda$subEntries$10(FileBasedSmsObject.java:496)
       java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:195)
       java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
       java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
      Click to expand inline (122 lines)
      

      Work around

      Copy the default may act script in to the directory

      {config/services/realm/root/scriptingservice/1.0/globalconfig/default/globalscripts}

      .

      Code analysis

      The fix is probably to not set the default script in the upgrade rule (setting it to empty) that way if the script is there it can be set manually.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                phillcunnington Phill Cunnington
                Reporter:
                jay.bowers Jay Bowers
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: