Added FIREWALL_SSO for "/firewall_sso/" api endpoint and retry reauth on

403 error code

Author: fdurand

go/api-frontend/aaa/authorization.go

@@ -61,6 +61,7 @@ var pathAdminRolesMap = []adminRoleMapping{
 	adminRoleMapping{prefix: apiPrefix + "/services", role: "SERVICES"},
 
 	adminRoleMapping{prefix: apiPrefix + "/reports/", role: "REPORTS"},
+	adminRoleMapping{prefix: apiPrefix + "/firewall_sso/", role: "FIREWALL_SSO"},
 	adminRoleMapping{prefix: apiPrefix + "/monitoring/", role: "SYSTEM"},
 	adminRoleMapping{prefix: apiPrefix + "/grafana/", role: "SYSTEM"},
 

lib/pf/api/unifiedapiclient.pm

@@ -213,6 +213,12 @@ sub call {
             $self->login();
             return $self->call($method,$path,$args,1);
         }
+        elsif(!$retrying && $response_code == 403 && $path ne $pf::constants::api::LOGIN_PATH) {
+            get_logger->info("Request to $path is forbidden, will perform a login and retry");
+            $self->connection($self->curl);
+            $self->login();
+            return $self->call($method,$path,$args,1);
+        }
         else {
             $response = decode_json($response_body);
             die $response_code . " " . $response->{message};