-
Bug
-
Resolution: Done
-
Undefined
-
premerge, 4.14
-
None
-
Critical
-
No
-
Rejected
-
False
-
Description of problem:
Using code https://github.com/openshift/cluster-image-registry-operator/pull/890 to create a azure manual workload identity cluster, then push data to image registry, will meet 403 AuthorizationPermissionMismatch error
Version-Release number of selected component (if applicable):
4.14.0-0.ci.test-2023-08-03-021157-ci-ln-vkqhrdb-latest
How reproducible:
always
Steps to Reproduce:
1.Using cluster-bot to launch a cluster workflow-launch openshift-e2e-azure-manual-oidc-workload-identity https://github.com/openshift/cluster-image-registry-operator/pull/890 2.Push image to internal registry 3.Check registry logs
Actual results:
time="2023-08-03T03:34:51.819735645Z" level=error msg="Background mirroring failed: error committing to storage: azure: POST https://imageregistrycilnvkn29rh.blob.core.windows.net\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 This request is not authorized to perform this operation using this permission.\nERROR CODE: AuthorizationPermissionMismatch\n--------------------------------------------------------------------------------\n\ufeff<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.\nRequestId:56bc7cbe-001e-000f-2cbb-c53bf8000000\nTime:2023-08-03T03:34:51.8196204Z</Message></Error>\n--------------------------------------------------------------------------------\n" go.version=go1.20.3 http.request.host="image-registry.openshift-image-registry.svc:5000" http.request.id=4ec18eea-366f-4be8-a7b7-359ad08c1095 http.request.method=GET http.request.remoteaddr="10.129.2.11:34968" http.request.uri="/v2/openshift/httpd/blobs/sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691" http.request.useragent="containers/5.26.1 (github.com/containers/image)" openshift.auth.user="system:serviceaccount:wxj:builder" vars.digest="sha256:6c53be4efe39270422e3e2f7ee1c15887955e3d5e378ea6577c622f358f87691" vars.name=openshift/httpd time="2023-08-03T03:35:20.160910795Z" level=error msg="unknown error completing upload: azure: POST https://imageregistrycilnvkn29rh.blob.core.windows.net\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 This request is not authorized to perform this operation using this permission.\nERROR CODE: AuthorizationPermissionMismatch\n--------------------------------------------------------------------------------\n\ufeff<?xml version=\"1.0\" encoding=\"utf-8\"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.\nRequestId:6a54636c-e01e-0017-2ebb-c5e49f000000\nTime:2023-08-03T03:35:20.1612059Z</Message></Error>\n--------------------------------------------------------------------------------\n" go.version=go1.20.3 http.request.contenttype=application/octet-stream http.request.host="image-registry.openshift-image-registry.svc:5000" http.request.id=972958bb-b0c0-4571-8f60-151c0651fce8 http.request.method=PUT http.request.remoteaddr="10.129.2.11:48602" http.request.uri="/v2/wxj/httpd-ex/blobs/uploads/f003a552-618d-477f-8cb6-26fb96f97ade?_state=pOuqFssVc-sFvs-PcsahNq4_dAh81c_yrm5K2QgGhod7Ik5hbWUiOiJ3eGovaHR0cGQtZXgiLCJVVUlEIjoiZjAwM2E1NTItNjE4ZC00NzdmLThjYjYtMjZmYjk2Zjk3YWRlIiwiT2Zmc2V0Ijo4MDU1OCwiU3RhcnRlZEF0IjoiMjAyMy0wOC0wM1QwMzozNToxOVoifQ%3D%3D&digest=sha256%3A997734fbd5956a984f43928239af0a66f9ca2d5512373ce63780301bb474619f" http.request.useragent="containers/5.26.1 (github.com/containers/image)" openshift.auth.user="system:serviceaccount:wxj:builder" vars.name=wxj/httpd-ex vars.uuid=f003a552-618d-477f-8cb6-26fb96f97ade
Expected results:
Should push data to internal registry
Additional info:
