Uploaded image for project: 'Red Hat Developer Hub Bugs'
  1. Red Hat Developer Hub Bugs
  2. RHDHBUGS-856

{product-very-short} helm chart deployment throws `NotAllowedError`

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.4.0
    • 1.2, 1.3.0, 1.3.1
    • Helm Chart
    • None
    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      Previously, when deploying with the Helm Chart, there could be a mismatch between the Route hostname and the `baseUrl` fields added to the generated app-config ConfigMap. This could sometimes cause failure to authenticate against some providers due to an origin mismatch.

      This update fixes this issue by ensuring no mismatch between those values.
      Show
      Previously, when deploying with the Helm Chart, there could be a mismatch between the Route hostname and the `baseUrl` fields added to the generated app-config ConfigMap. This could sometimes cause failure to authenticate against some providers due to an origin mismatch. This update fixes this issue by ensuring no mismatch between those values.
    • Bug Fix
    • Done
    • RHDH Core Team 3263, RHDH Install 3265, RHDH Install 3266

      Description of problem:

      The frontend `app.baseUrl` mismatches the backend route address, e.g. `app.baseUrl = https://rhdh-developer-hub-rhdh.<base_domain>` while route ingress is 'https://rhdh-redhat-developer-hub-rhdh.<base_domain>' for deployment name 'rhdh' and namespace 'rhdh'.

      Version-Release number of selected component (if applicable):

      1.2-105.1719294777
helm chart 1.2.1

      How reproducible:

      always, with given setup

      Steps to Reproduce:

      1. Create `rhdh` namespace
1. Create configmap:
~~~
kind: ConfigMap
apiVersion: v1
metadata:
  name: app-config-rhdh
  namespace: rhdh
data:
    app-config.extra.yaml: |
      app:
        title: Red Hat Developer Hub
      integrations:
        github:
          - host: github.com
            apps:
              - appId: ${GITHUB_APP_APP_ID}
                clientId: ${GITHUB_APP_CLIENT_ID}
                clientSecret: ${GITHUB_APP_CLIENT_SECRET}
                webhookUrl: ${GITHUB_APP_WEBHOOK_URL}
                webhookSecret: ${GITHUB_APP_WEBHOOK_SECRET}
                privateKey: |
                  ${GITHUB_APP_PRIVATE_KEY}
      auth:
        # see https://backstage.io/docs/auth/ to learn about auth providers
        environment: development
        providers:
          github:
            development:
              clientId: ${GITHUB_APP_CLIENT_ID}
              clientSecret: ${GITHUB_APP_CLIENT_SECRET}
      enabled:
        github: true
      proxy:
        endpoints:
          '/quay/api':
            target: 'https://quay.io'
            headers:
              X-Requested-With: 'XMLHttpRequest'
              Authorization: 'Bearer ${QUAY_API_TOKEN}'
            changeOrigin: true
            # Change to "false" in case of using self hosted quay instance with a self-signed certificate
            secure: true
      quay:
        # The UI url for Quay, used to generate the link to Quay
        uiUrl: 'https://quay.io'
      techdocs:
        builder: 'local'
        generator:
          runIn: 'local'
        publisher:
          type: 'local'
~~~
2. Create secret `rhdh-secret` under `rhdh` namespace with env vars used under `app-config-rhdh` configmap
3. `helm repo add openshift-helm-charts https://charts.openshift.io/`
4. `helm show values openshift-helm-charts/redhat-developer-hub > values.yaml`
5. Update `.global.clusterRouterBase` under `values.yaml` to the base domain of the active cluster
6. Update `.upstream.backstage.extraEnvVarsSecrets` under `values.yaml` to include `rhdh-secret`
7. Update `.upstream.backstage.extraAppConfig` under `values.yaml` to include `app-config-rhdh` configmap with `app-config.extra.yaml` reference
8. `helm upgrade -i rhdh --namespace rhdh -f values.yaml openshift-helm-charts/redhat-developer-hub`

      Actual results:

      app.baseUrl is set to 'https://rhdh-developer-hub-rhdh.<base_domain>'

error message:
  Login failed; caused by NotAllowedError: Origin 'https://rhdh-redhat-developer-hub-rhdh.<base_domain>' is not allowed

      Expected results:

      app.baseUrl is set to 'https://rhdh-redhat-developer-hub-rhdh.<base_domain>'

Should login successfully.

      Additional info:

      **Workaround**: Overriding with `.global.host` produces expected results and the bug only seems to effect deployments when using default values such as setting the base domain with `.global.clusterRouterBase`.

              rh-ee-asoro Armel Soro
              mvaldron Michael Valdron
              RHIDP - Install
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: