Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
Sign upWhile watching a job, we get a " You are not authorized to view the details of this pipeline" error #3745
Comments
This comment has been minimized.
This comment has been minimized.
cc @gordcorp |
This comment has been minimized.
This comment has been minimized.
I'll note a few more observations - the time appears a little random. This morning I watched a job and it gave me the error after 2.5 minutes, then after page refresh, 1.45. Not that I'd expect it to make a difference, but quite some time ago we moved our Concourse instance off the public internet, and only accessible via a SOCKS5 proxy. At about that time we also noticed that sometimes when watching a job, the output streaming from the server (if not changing frequently) would appear to stall and we wouldn't get any updates. A page refresh would fix. I'm wondering if the now "401 Unauthorized" message is perhaps a different manifestation of an issue that previously failed a bit more silently? |
This comment has been minimized.
This comment has been minimized.
Hmm, at the same time the error appears on screen, Chrome console shows:
|
This comment has been minimized.
This comment has been minimized.
We're getting the same error |
This comment has been minimized.
This comment has been minimized.
Same here... |
This comment has been minimized.
This comment has been minimized.
@vito for visibility - looks like a bunch of us are seeing this issue since the v5.1.0 release last week. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
I'm marking this as |
This comment has been minimized.
This comment has been minimized.
I wonder if it's related to the HAProxy we have in front. I note it has the following timeouts:
I wonder if 30 seconds of inactivity (e.g. long running job with no new log lines in that period) is causing HAProxy to kill the connection? I wonder if we could convince HAProxy that this connection is a tunnel (and thus apply the longer timeout): https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-timeout%20tunnel |
This comment has been minimized.
This comment has been minimized.
we are hitting the same problem. |
This comment has been minimized.
This comment has been minimized.
we have noticed the same problem viewing logs of a running pipeline job...timing of the error is fluctuates b/w 1-2 mins |
This comment has been minimized.
This comment has been minimized.
By way of update, we changed the |
This comment has been minimized.
This comment has been minimized.
Yeah, we're getting the same issue over here. Our cc @Typositoire |
This comment has been minimized.
This comment has been minimized.
Great, how do we do that. Is there a new docker image in the works to address this? |
This comment has been minimized.
This comment has been minimized.
In our case our HAProxy config was fairly custom to begin with, so no shared Docker image to update. My feeling is that a more correct fix would be make the stream look more like a tunnel (e.g. websocket is hinted at in the HAProxy documentation, which by default attracts a much higher timeout) - and/or put some kind of heartbeat in so that large periods of expected inactivity don't drop the connection... (and/or try reconnecting if it drops). |
This comment has been minimized.
This comment has been minimized.
Adding on to this, same here, bumped from 4.2.2 to 5.1.0, when looking at a specific build in a job, after some time of being idle the screen changes to "401 unauthorized" - I haven't poked into it much to see when the time occurs. A simple page refresh goes back to watching the build for another set of time. Appears to only happen while idle. As per request below: |
This comment has been minimized.
This comment has been minimized.
Saw this myself a couple times just now when viewing PR builds. The console logs showed We don't have any HAProxy and for me the error happened pretty much immediately after opening the page, so my scenario sounds slightly different. If anyone can get this down to a reliable repro case that'd help a lot! Also everyone please report your exact browser version just in case there's been some behavior change in recent Chrome versions or something. |
This comment has been minimized.
This comment has been minimized.
I'm reporting from :
|
This comment has been minimized.
This comment has been minimized.
@pivotal-jamie-klassen Looks like it might be this bit of code?: concourse/web/elm/src/Build/Build.elm Lines 357 to 365 in 6261dbd Maybe it needs to be made conditional on concourse/web/elm/src/Build/Build.elm Lines 380 to 388 in 6261dbd |
This comment has been minimized.
This comment has been minimized.
Chrome Version 74.0.3729.131 (Official Build) (64-bit) |
This comment has been minimized.
This comment has been minimized.
@vito In our case I'm always getting And it happens when trying to get |
Bug Report
After updating from 5.0.1 to 5.1.0 we've observed that when using the UI to watch a running job, then after waiting a period of time (one user reported 30 seconds, I just observed 180 seconds) s the UI shows a
401 Unauthorized - You are not authorized to view the details of this pipeline
error message.Steps to Reproduce
View a running job and watch it.
Expected Results
To watch it uninterrupted by error messages.
Actual Results
Error message appears after 180 seconds (though we'd had varying reports of this time length).
Additional Context
We login to our Concourse with UAA.
We have an HAProxy in front of our Concourse.
Version Info