moxley

moxley

Troubleshooting authorization error through ash_graphql

After updating ash from version 2.17.11 to 2.17.12, 9 test failures showed up in my test suite. All the failures were on API tests that use ash_graphql. I’m on ash_graphql 0.25.13. All the failures are the same: the response contains the "message": "forbidden" error, the kind you get when the actor doesn’t have permission to access something. The logs did not contain any policy breakdown (it seems never to work during ash_graphql tests).

These are all the log entries that are logged for a failing test:

20:00:26.004 request_id=F8qg_y1LnSpDpzwAAA2B [info] POST /api/gql
20:00:26.029 request_id=F8qg_y1LnSpDpzwAAA2B [info] GF.Carts.PaymentMethodInput.create
20:00:26.029 request_id=F8qg_y1LnSpDpzwAAA2B [info] Sent 200 in 24ms

My config/test.exs contains this :ash, :policies entry:

config :ash, :policies,
  show_policy_breakdowns?: true,
  log_policy_breakdowns: :info,
  log_successful_policy_breakdowns: :debug

When changing it to log_policy_breakdowns: :warning, this log entry changes from an info to a warning level:

20:00:26.029 request_id=F8qg_y1LnSpDpzwAAA2B [warning] GF.Carts.PaymentMethodInput.create

I tried bypassing ash_graphql, writing a test that only calls Ash.Changeset and my Ash API module, but there was no authorization error, and I’m not sure I’m setting it up the same way that ash_graphql is.

Without a policy breakdown, and no details in the logs, how does one go about troubleshooting this issue?

Marked As Solved

zachdaniel

zachdaniel

Creator of Ash

Yeah, that is some low hanging fruit DX that should have been addressed a long time ago. Will look into it today :slight_smile:

Also Liked

moxley

moxley

I figured it out. It was related to that log entry I mentioned before, for GF.Carts.PaymentMethodInput.create. GF.Carts.PaymentMethodInput is an embedded resource. It had Ash.Policy.Authorizer configured as the authorizer, but there were no policies configured in that resource, nor should there be. By removing Ash.Policy.Authorizer from the resource configuration, the errors went away.

I would have been helpful if the logs indicated that no policies were set.

Where Next?

Popular in Questions Top

_russellb
I want to try my hand at web scraping. What tools/libraries do I need to use. I’m hoping to turn this into something professional so don’...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
chrisalley
ExUnit now has describe blocks which is a welcome addition coming from RSpec. In the docs, it states that nested hierarchies of describe ...
New
myronmarston
The Elixir Typespec docs show the following syntax for keyword lists in typespecs: # ... | [key: type] # keyword lists...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
fireproofsocks
Forgive me if this is obvious, but how does one delete a database record WITHOUT selecting it first? Ecto.Repo — Ecto v3.14.0 has exampl...
New
hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
jaysoifer
Is there a way to rollback a specific migration and only that one (“skipping” all the other ones)? Would mix ecto.rollback -v 200809061...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New

Other popular topics Top

New
Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
JorisKok
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New

We're in Beta

About us Mission Statement