New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1989055: logins to the web console fail with custom oauth cert #571
Bug 1989055: logins to the web console fail with custom oauth cert #571
Conversation
/hold need to investigate if this breaks non-oauth logins and if there are any potential RBAC issues |
f81d0d3
to
59e0ca0
Compare
@florkbr: An error was encountered querying GitHub for users with public email (yapei@redhat.com) for bug 1989055 on the Bugzilla server at https://bugzilla.redhat.com. No known errors were detected, please see the full error message for details. Full error message.
non-200 OK status code: 403 Forbidden body: "{\n \"documentation_url\": \"https://docs.github.com/en/free-pro-team@latest/rest/overview/resources-in-the-rest-api#abuse-rate-limits\",\n \"message\": \"You have triggered an abuse detection mechanism. Please wait a few minutes before you try again.\"\n}\n"
Please contact an administrator to resolve this issue, then request a bug refresh with In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
59e0ca0
to
46e1797
Compare
/cc @stlaz |
4fcb0aa
to
ab2f46e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Thanks @florkbr
ab2f46e
to
6bad965
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
The cluster-authentication-operator was recently updated to publish custom certs to a managed config map `oauth-serving-cert`. The console needs to trust this new cert before logins will work propertly with custom certs. See openshift/cluster-authentication-operator#464 https://bugzilla.redhat.com/show_bug.cgi?id=1989055
6bad965
to
8a5ee89
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Test image pushed to: |
Upgrade test failed. I wonder if the console operator goes to unavailable if it rolls out before the new We should check our handling of available status... I believe if any replicas are available the console should be considered available. cc @jhadvig |
/retest-required |
/bugzilla refresh |
@florkbr: This pull request references Bugzilla bug 1989055, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/retest-required |
Flakes around cluster deployment/availability. Retesting. |
/retest-required |
/retest |
2 similar comments
/retest |
/retest |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest |
/retest |
/retest |
@jhadvig wondering if I should spend some time investigating these flakes or if we should disable the tests? |
/retest |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
5 similar comments
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
Similar errors seem to be affecting a lot of jobs: |
/retest-required Please review the full test history for this PR and help us cut down flakes. |
1 similar comment
/retest-required Please review the full test history for this PR and help us cut down flakes. |
@florkbr: All pull requests linked via external trackers have merged: Bugzilla bug 1989055 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
The cluster-authentication-operator was recently updated to publish
custom certs to a managed config map
oauth-serving-cert
. The consoleneeds to trust this new cert before logins will work propertly with
custom certs.
See openshift/cluster-authentication-operator#464
https://bugzilla.redhat.com/show_bug.cgi?id=1989055