/jobs Tenancy check erroneously fails #7245
Description
This Bug Report affects these Traffic Control components:
- Traffic Ops
Current behavior:
When a user in the root Tenant (possibly any Tenant, untested) attempts to create a new "Job" via a POST request to /jobs (APIv4.0 verified), the endpoint responds with a 404 Not Found response with an accompanying error-level Alert saying that the user was rejected access on the basis of Tenancy.
Expected behavior:
Rejecting a request due to insufficient permissions should be a 403 Forbidden response, not 404 Not Found. Also, Tenancy checks should work.
It's possible, though, that the Tenancy check isn't actually failing, and the error message is just incorrect due to copypasta. Further research needs to be done.
Steps to reproduce:
Request (done in developer environment)
Note that both the user and the "dev" Delivery Service are in the root Tenant.
POST /api/4.0/jobs HTTP/1.1
User-Agent: python-requests/2.25.1
Accept-Encoding: gzip, deflate
Accept: */*
Connection: keep-alive
Cookie: ...
Content-Length: 125
{"deliveryService": "dev", "invalidationType": "REFRESH", "regex": "/.*", "startTime": "2022-12-14T00:00:00Z", "ttlHours": 5}(replace the startTime date with whatever "tomorrow" is when you're reading this)
Response
HTTP/1.1 404 Not Found
Content-Encoding: gzip
Content-Type: application/json
Permissions-Policy: interest-cohort=()
Set-Cookie: ...
Vary: Accept-Encoding
Whole-Content-Sha512: ...
X-Server-Name: traffic_ops_golang/
Date: Tue, 13 Dec 2022 21:16:02 GMT
Content-Length: 97
{
"alerts": [
{
"text": "failed to authorize based on tenancy",
"level": "error"
}
]
}