Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.1.0.GA
Affects Version/s: 1.0.0.GA, 1.0.1.GA
Component/s: controller: dashboard, factory/dashboard, ts-workspace-client
Labels:
None

Steps to Reproduce:

Hide

1. Install CRW from server image brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/codeready-workspaces/server-container:1.0-19 with TLS and OpenShift oAuth support
2. Go to CRW login page
3. Click on "Openshift oAuth" button and login as admin/admin
4. Try to start workspace.

Show
1. Install CRW from server image brew-pulp-docker01.web.prod.ext.phx2.redhat.com:8888/codeready-workspaces/server-container:1.0-19 with TLS and OpenShift oAuth support 2. Go to CRW login page 3. Click on "Openshift oAuth" button and login as admin/admin 4. Try to start workspace.

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

It was impossible to start workspace being logged into CRW with OCP oAuth identity provider as OCP admin user:

Che server error

2019-01-30 17:08:39,587[aceSharedPool-0]  [WARN ] [.i.k.KubernetesInternalRuntime 249]  - Failed to start Kubernetes runtime of workspace workspaceqvw5fftktj5r8y6c. Cause: Waiting for Kubernetes environment 'default' of the workspace'workspaceqvw5fftktj5r8y6c' reached timeout
2019-01-30 17:08:44,632[aceSharedPool-0]  [ERROR] [.IdentityProviderConfigFactory 148]  - cannot retrieve User Openshift token from the 'openshift-v3' identity provider
org.eclipse.che.api.core.BadRequestException: Invalid token.
	at org.eclipse.che.multiuser.keycloak.server.KeycloakServiceClient.doRequest(KeycloakServiceClient.java:196)
	at org.eclipse.che.multiuser.keycloak.server.KeycloakServiceClient.getIdentityProviderToken(KeycloakServiceClient.java:134)
	at org.eclipse.che.workspace.infrastructure.openshift.multiuser.oauth.IdentityProviderConfigFactory.buildConfig(IdentityProviderConfigFactory.java:131)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftClientFactory.buildConfig(OpenShiftClientFactory.java:139)
	at org.eclipse.che.workspace.infrastructure.openshift.OpenShiftClientFactory.createOC(OpenShiftClientFactory.java:93)
	at org.eclipse.che.workspace.infrastructure.openshift.project.OpenShiftRoutes.delete(OpenShiftRoutes.java:84)
	at org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace.doRemove(KubernetesNamespace.java:178)
	at org.eclipse.che.workspace.infrastructure.openshift.project.OpenShiftProject.cleanUp(OpenShiftProject.java:100)
	at org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesInternalRuntime.internalStart(KubernetesInternalRuntime.java:260)
	at org.eclipse.che.api.workspace.server.spi.InternalRuntime.start(InternalRuntime.java:141)
	at org.eclipse.che.api.workspace.server.WorkspaceRuntimes$StartRuntimeTask.run(WorkspaceRuntimes.java:393)
	at org.eclipse.che.commons.lang.concurrent.CopyThreadLocalRunnable.run(CopyThreadLocalRunnable.java:38)
	at java.util.concurrent.CompletableFuture$AsyncRun.run(CompletableFuture.java:1626)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

Regular non-admin OpenShift user was able to start workspace being logged using OpenShift oAuth without problem.