-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.19
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
After setting up a Gitlab webhook for a BuildConfig, I ping it and get a 200 response, but nothing happens (heavily redacted just to illustrate)
curl -v -H "X-GitLab-Event: Push Hook" -H "Content-Type: application/json" -k -X POST --data '{}' '<ENDPOINT>/gitlab' > User-Agent: curl/8.11.1 > Accept: */* > X-GitLab-Event: Push Hook > Content-Type: application/json > Content-Length: 2 > < HTTP/2 200
However, hitting a generic endpoint in the same BuildConfig I get a 403 unauthenticated error
$ curl -vX -v '<ENDPOINT>/generic' > User-Agent: curl/8.11.1 > Accept: */* > * Request completely sent off < HTTP/2 403 { "kind": "Status", "apiVersion": "v1", "metadata": {}, "status": "Failure", "message": "buildconfigs.build.openshift.io \"seqe-mcp\" is forbidden: User \"system:anonymous\" cannot resource \"buildconfigs/webhooks\" in API group \"build.openshift.io\" in the namespace \"se-kernel--runtime-int\"", "reason": "Forbidden", "details": { "name": "seqe-mcp", "group": "build.openshift.io", "kind": "buildconfigs" }, "code": 403
Now this error is described in https://access.redhat.com/solutions/7105930 and it is explained you have to send an auth header or have permissions setup by the admin. Which is OK (well, the secret in the webhook seems to be so that you don't have to figure out auth for your CI to ping it, but anyway, it's a solution...).
What is very confusing is that the gitlab endpoint gives the 200 response but does nothing. So you feel like it's setup, you test it from the gitlab "test this" button on it's webhook interface and it works ... but a build never starts.
It would be really great if the gitlab endpoint behaved the same as the generic one.