Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-60867

buildconfigs/webhooks: invalid method gives confusing error message

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 4.19
    • Build
    • None
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      After setting up a Gitlab webhook for a BuildConfig, I ping it and get a 200 response, but nothing happens (heavily redacted just to illustrate)

      curl -v  -H "X-GitLab-Event: Push Hook" -H "Content-Type: application/json" -k -X POST --data '{}' '<ENDPOINT>/gitlab'
      
      > User-Agent: curl/8.11.1
      > Accept: */*
      > X-GitLab-Event: Push Hook
      > Content-Type: application/json
      > Content-Length: 2
      > 
      < HTTP/2 200 
      

      However, hitting a generic endpoint in the same BuildConfig I get a 403 unauthenticated error

      $ curl -vX -v  '<ENDPOINT>/generic'
      > User-Agent: curl/8.11.1
      > Accept: */*
      > 
      * Request completely sent off
      < HTTP/2 403 
      {
        "kind": "Status",
        "apiVersion": "v1",
        "metadata": {},
        "status": "Failure",
        "message": "buildconfigs.build.openshift.io \"seqe-mcp\" is forbidden: User \"system:anonymous\" cannot  resource \"buildconfigs/webhooks\" in API group \"build.openshift.io\" in the namespace \"se-kernel--runtime-int\"",
        "reason": "Forbidden",
        "details": {
          "name": "seqe-mcp",
          "group": "build.openshift.io",
          "kind": "buildconfigs"
        },
        "code": 403
      

      Now this error is described in https://access.redhat.com/solutions/7105930 and it is explained you have to send an auth header or have permissions setup by the admin. Which is OK (well, the secret in the webhook seems to be so that you don't have to figure out auth for your CI to ping it, but anyway, it's a solution...).

      What is very confusing is that the gitlab endpoint gives the 200 response but does nothing. So you feel like it's setup, you test it from the gitlab "test this" button on it's webhook interface and it works ... but a build never starts.

      It would be really great if the gitlab endpoint behaved the same as the generic one.

              rhn-support-ppalepu Prabhakar Palepu
              rhn-engineering-iwienand Ian Wienand
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: