-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
-
Slack: https://redhat-internal.slack.com/archives/CB53T9ZHQ/p1712192294761459
2nd Slack: https://redhat-internal.slack.com/archives/CB53T9ZHQ/p1712957935295239?thread_ts=1712192294.761459&cid=CB53T9ZHQ
following snippets are copied from 1st thread:
Hello Team, IHAC try to create ROSA Cluster but failed to get the API token * Current Status:
- Unable to generate a token for creating a ROSA Cluster in AWS.
- Actions so Far :
- Verifying ROSA prerequisites
- all Green
- Follow KCS https://access.redhat.com/solutions/6068211, but not working.
- login/logout not working
- no remove button
- There was a bug awhile ago where some url with query parameters was causing this same symptom
- Try directly to: https://console.redhat.com/openshift/token/rosa/show no works too
- Collect the SSO token error payload and response
- Create a SNOW ticket for the RH IT User team to request checking the customer RH account “vineetha.kajuluri@cat.com” by sending email to it-user-request@redhat.com.
- Then was told the issue was belongs to OCM
========================
Hello. I am a lead engineer on the RH Advanced Cluster Management (RHACM) team, and we have functionality that makes use of RHOCM as a data source of clusters that a customer may want to import into RHACM to manage them. I was recently referred to this thread by @Tyler Golden when I reached out to him re problems I was having getting OCM/ROSA offline tokens. I have since found a resolution to my issue, and maybe my experience provides info on the issues discussed here.Last week, I set up a series of new RH accounts (in the prod environment) for use in testing our ACM functionality. I had created accounts to act as org administrators vs. users. After getting them set up, I found that I was unable to get OCM offline tokens for any of these new accounts. The symptoms I saw matched what has been reported here, eg. the symptoms captured by @judzhu in his thread-originating post: * Attempt to get a token from the openshift/token endpoint yielded the not-really-helpful error about maybe having too many tokens already (which couldn't be true since this happened on first attempt to get offline tokens).
- Navigating to the suggested page to see/revoke the token, I found now revoke butting, which based on browsing other related Slack threads indicates these ids didn't really have tokens already (no surprise, they were new ids)
- Using browser developer tools on one of the load-token requests, I could see the failed token requests with input payload included "code: undefined" as described above.
- Trying the suggested logging out workarounds, none worked for me.
So I think I was experiencing/reproducing everything reported here.Then, on one of the log out/re-login attempts, I guess I did something different. Not sure what, exactly. But when re-logging in under one of my new RH accounts I was presented with a redirect to a page to accept the Enterprise Agreement, which I guess I had not previously did for that account. And after doing the redirected agreement thing, the RH account I was using was then able to get an offline token.I managed to recreate this for each of the RH account ids I was having trouble with, and after having the Enterprise Agreement redirect accepted, each of my new RH accounts was able to get a OCM/ROSA offline token successfully the https://console.redhat.com/openshift/token endpoint.I thought I had captured the Enterprise Agreement page I was redirected to to be able to post it here for reference, but I now can't find my capture of it. Sorry about that.I am now a happily unblocked user, but I thought it useful to capture my resolution here since my original symptoms so closely matched those being reported from customers etc.