Skip to content

fix(ci-lease): use dedicated ci-bot ISB user#392

Merged
chrisns merged 1 commit into
mainfrom
chore/ci-lease-lambda-timeout
May 22, 2026
Merged

fix(ci-lease): use dedicated ci-bot ISB user#392
chrisns merged 1 commit into
mainfrom
chore/ci-lease-lambda-timeout

Conversation

@chrisns
Copy link
Copy Markdown
Member

@chrisns chrisns commented May 22, 2026

POST /leases returns HTTP 500 when userEmail isn't a registered ISB user. Created ci-bot@ndx-try.local via isb create-user --preapproved. Switched scenario-ci.yml + janitor defaults.

@chrisns
fix(ci-lease): use dedicated ci-bot ISB user (was getting 500 on POST)
6681b93 
ISB API returned HTTP 500 "An unexpected error occurred" when the
JWT-claimed userEmail wasn't a registered ISB user. The Lambda relay
fix worked (no more 403 WAF block), and the JWT signature was valid,
but POST /leases failed at the user-resolution step inside the API.

Created a dedicated CI user via:

    isb create-user --firstname=NDX --lastname=CI-Bot \
        --email=ci-bot@ndx-try.local --preapproved

Member of ndx_IsbUsersGroup + ndx-IsbPreapprovedGroup. All CI leases
now attribute to this synthetic user — clean audit trail separation
from human operators.

Updated scenario-ci.yml default + janitor env to match.
@chrisns chrisns had a problem deploying to smoke-test-deploy May 22, 2026 08:00 — with GitHub Actions Failure
@chrisns chrisns added this pull request to the merge queue May 22, 2026
Merged via the queue into main with commit 3751761 May 22, 2026
4 of 5 checks passed
@chrisns chrisns deleted the chore/ci-lease-lambda-timeout branch May 22, 2026 08:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrisns