Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-33041

Anonymous Users Cannot Trigger BuildConfig Webhooks

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • 4.16.0
    • 4.16
    • Build
    • None
    • Important
    • Yes
    • 3
    • Builds Sprint #2261, Builds Sprint #3
    • 2
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required
    • In Progress

      Description of problem:

      When triggering a build from a webhook (HTTP POST request), it fails with 403 - FORBIDDEN if the request does not have an OpenShift authorization token.
          

      Version-Release number of selected component (if applicable):

      4.16
          

      How reproducible:

      Always
          

      Steps to Reproduce:

          1. Create a BuildConfig with a webhook trigger and configured secret
          2. Make appropriate cURL call to trigger the build via webhook
          

      Actual results:

      Webhook call refused with 403 Forbidden:      "message": "buildconfigs.build.openshift.io \"sample-build\" is forbidden: User \"system:anonymous\" cannot create resource \"buildconfigs/webhooks\" in API group \"build.openshift.io\" in the namespace \"e2e-test-cli-start-build-dxxkx\"",
          

      Expected results:

      Builds can be triggered via webhook
          

      Additional info:

      https://docs.openshift.com/container-platform/4.15/cicd/builds/triggering-builds-build-hooks.html#builds-webhook-triggers_triggering-builds-build-hooks
          

            adkaplan@redhat.com Adam Kaplan
            adkaplan@redhat.com Adam Kaplan
            Sayan Biswas Sayan Biswas
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: