Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: None
Affects Version/s: 4.16.z
Component/s: HyperShift
Labels:

Severity:
Critical
Regression:
Yes
Sprint:
Hypershift Sprint 262
sprint_count:
1
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
Before this fix, HyperShift-based ROKS clusters were unable to authenticate via `oc login`. The web browser would show there was an error getting the token after selecting "Display Token". Now, with the fix, `cloud.ibm.com` and other cloud-based endpoints are no longer proxied and enables successful authentication.

Show
Before this fix, HyperShift-based ROKS clusters were unable to authenticate via `oc login`. The web browser would show there was an error getting the token after selecting "Display Token". Now, with the fix, `cloud.ibm.com` and other cloud-based endpoints are no longer proxied and enables successful authentication.
Release Note Type:
Bug Fix
Release Note Status:
In Progress
Target Version:

4.18.0
Target Backport Versions:

4.14.z, 4.15.z, 4.17.z, 4.16.z

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Description of problem:

We identified a regression where we can no longer get oauth tokens for HyperShift v4.16 clusters via the OpenShift web console. v4.16.10 works fine, but once clusters are patched to v4.16.16 (or are created at that version) they fail to get the oauth token. 

This is due to this faulty PR: https://github.com/openshift/hypershift/pull/4496.

The oauth openshift deployment was changed and affected the IBM Cloud code path.  We need this endpoint to change back to using `socks5`.

Bug:
<           value: socks5://127.0.0.1:8090
---
>           value: http://127.0.0.1:8092
98c98
<           value: socks5://127.0.0.1:8090
---
>           value: http://127.0.0.1:80924:53
Fix:
Change http://127.0.0.1:8092 to socks5://127.0.0.1:8090

Version-Release number of selected component (if applicable):

4.16.16

How reproducible:

Every time.

Steps to Reproduce:

    1. Create ROKS v4.16.16 HyperShift-based cluster. 
    2. Navigate to the OpenShift web console.
    2. Click IAM#<username> menu in the top right.
    3. Click 'Copy login command'.
    4. Click 'Display token'.

Actual results:

Error getting token: Post "https://example.com:31335/oauth/token": http: server gave HTTP response to HTTPS client

Expected results:

The oauth token should be successfully displayed.

Additional info:

blocks

OCPBUGS-44276 ROKS v4.16.16 HyperShift-based clusters fail to get oauth token in the OpenShift web console

Verified

is cloned by

OCPBUGS-44276 ROKS v4.16.16 HyperShift-based clusters fail to get oauth token in the OpenShift web console

Verified

links to

openshift/hypershift#5057: OCPBUGS-44163: Configure OAuth https proxy to dial cloud endpoints directly

Assignee:: Cesar Wong

Reporter:: Evan Reilly

QA Contact:: Evan Reilly

Votes:: 4 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2024/11/01 10:05 PM

Updated:: 2024/11/13 8:48 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates