Description of problem:
When triggering a build from a webhook (HTTP POST request), it fails with 403 - FORBIDDEN if the request does not have an OpenShift authorization token.
Version-Release number of selected component (if applicable):
4.16
How reproducible:
Always
Steps to Reproduce:
1. Create a BuildConfig with a webhook trigger and configured secret
2. Make appropriate cURL call to trigger the build via webhook
Actual results:
Webhook call refused with 403 Forbidden: "message": "buildconfigs.build.openshift.io \"sample-build\" is forbidden: User \"system:anonymous\" cannot create resource \"buildconfigs/webhooks\" in API group \"build.openshift.io\" in the namespace \"e2e-test-cli-start-build-dxxkx\"",
Expected results:
Builds can be triggered via webhook
Additional info:
https://docs.openshift.com/container-platform/4.15/cicd/builds/triggering-builds-build-hooks.html#builds-webhook-triggers_triggering-builds-build-hooks
- blocks
-
OCPBUILD-9 Disable Build/Deployer/Image Registry RBAC Controllers with Capabilities
-
- Release Pending
-
- is blocked by
-
OCPBUGS-33378 Builds TestWebhook failed on step testing unauthenticated forbidden on upgrade
-
- Closed
-
- is depended on by
-
-
- Closed
-
- relates to
-
AUTH-509 Investigate reducing permissions for unauthenticated users for apiserver access
-
- Release Pending
-
- links to
-
RHEA-2024:0041
OpenShift Container Platform 4.16.z bug fix update