Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44163

ROKS v4.16.16 HyperShift-based clusters fail to get oauth token in the OpenShift web console

XMLWordPrintable

    • Critical
    • Yes
    • Hypershift Sprint 262
    • 1
    • False
    • Hide

      None

      Show
      None
    • Hide
      Before this fix, HyperShift-based ROKS clusters were unable to authenticate via `oc login`. The web browser would show there was an error getting the token after selecting "Display Token". Now, with the fix, `cloud.ibm.com` and other cloud-based endpoints are no longer proxied and enables successful authentication.
      Show
      Before this fix, HyperShift-based ROKS clusters were unable to authenticate via `oc login`. The web browser would show there was an error getting the token after selecting "Display Token". Now, with the fix, `cloud.ibm.com` and other cloud-based endpoints are no longer proxied and enables successful authentication.
    • Bug Fix
    • In Progress

      Description of problem:

      We identified a regression where we can no longer get oauth tokens for HyperShift v4.16 clusters via the OpenShift web console. v4.16.10 works fine, but once clusters are patched to v4.16.16 (or are created at that version) they fail to get the oauth token. 
      
      This is due to this faulty PR: https://github.com/openshift/hypershift/pull/4496.
      
      The oauth openshift deployment was changed and affected the IBM Cloud code path.  We need this endpoint to change back to using `socks5`.
      
      Bug:
      <           value: socks5://127.0.0.1:8090
      ---
      >           value: http://127.0.0.1:8092
      98c98
      <           value: socks5://127.0.0.1:8090
      ---
      >           value: http://127.0.0.1:80924:53
      Fix:
      Change http://127.0.0.1:8092 to socks5://127.0.0.1:8090
      
      

       

       

      Version-Release number of selected component (if applicable):

      4.16.16

      How reproducible:

      Every time.

      Steps to Reproduce:

          1. Create ROKS v4.16.16 HyperShift-based cluster. 
          2. Navigate to the OpenShift web console.
          2. Click IAM#<username> menu in the top right.
          3. Click 'Copy login command'.
          4. Click 'Display token'.
          

      Actual results:

      Error getting token: Post "https://example.com:31335/oauth/token": http: server gave HTTP response to HTTPS client    

      Expected results:

      The oauth token should be successfully displayed.

      Additional info:

          

              cewong@redhat.com Cesar Wong
              evan.reilly Evan Reilly
              Evan Reilly Evan Reilly
              Votes:
              4 Vote for this issue
              Watchers:
              10 Start watching this issue

                Created:
                Updated: