Uploaded image for project: 'Red Hat Internal Developer Platform'
  1. Red Hat Internal Developer Platform
  2. RHIDP-3115

{product-very-short} helm chart deployment throws `NotAllowedError`

Prepare for Y ReleasePrepare for Z ReleaseRemove QuarterXMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.4
    • 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.2, 1.3, 1.3.1
    • Helm Chart
    • None
    • 3
    • False
    • Hide

      None

      Show
      None
    • False
    • Hide
      Previously, when deploying with the Helm Chart, there could be a mismatch between the Route hostname and the `baseUrl` fields added to the generated app-config ConfigMap. This could sometimes cause failure to authenticate against some providers due to an origin mismatch.

      This update fixes this issue by ensuring no mismatch between those values.
      Show
      Previously, when deploying with the Helm Chart, there could be a mismatch between the Route hostname and the `baseUrl` fields added to the generated app-config ConfigMap. This could sometimes cause failure to authenticate against some providers due to an origin mismatch. This update fixes this issue by ensuring no mismatch between those values.
    • Bug Fix
    • Done
    • RHDH Core Team 3263, RHDH Install 3265, RHDH Install 3266

      Description of problem:

      The frontend `app.baseUrl` mismatches the backend route address, e.g. `app.baseUrl = https://rhdh-developer-hub-rhdh.<base_domain>` while route ingress is 'https://rhdh-redhat-developer-hub-rhdh.<base_domain>' for deployment name 'rhdh' and namespace 'rhdh'.

      Version-Release number of selected component (if applicable):

      1.2-105.1719294777
      helm chart 1.2.1

      How reproducible:

      always, with given setup

      Steps to Reproduce:

      1. Create `rhdh` namespace
      1. Create configmap:
      ~~~
      kind: ConfigMap
      apiVersion: v1
      metadata:
        name: app-config-rhdh
        namespace: rhdh
      data:
          app-config.extra.yaml: |
            app:
              title: Red Hat Developer Hub
            integrations:
              github:
                - host: github.com
                  apps:
                    - appId: ${GITHUB_APP_APP_ID}
                      clientId: ${GITHUB_APP_CLIENT_ID}
                      clientSecret: ${GITHUB_APP_CLIENT_SECRET}
                      webhookUrl: ${GITHUB_APP_WEBHOOK_URL}
                      webhookSecret: ${GITHUB_APP_WEBHOOK_SECRET}
                      privateKey: |
                        ${GITHUB_APP_PRIVATE_KEY}
            auth:
              # see https://backstage.io/docs/auth/ to learn about auth providers
              environment: development
              providers:
                github:
                  development:
                    clientId: ${GITHUB_APP_CLIENT_ID}
                    clientSecret: ${GITHUB_APP_CLIENT_SECRET}
            enabled:
              github: true
            proxy:
              endpoints:
                '/quay/api':
                  target: 'https://quay.io'
                  headers:
                    X-Requested-With: 'XMLHttpRequest'
                    Authorization: 'Bearer ${QUAY_API_TOKEN}'
                  changeOrigin: true
                  # Change to "false" in case of using self hosted quay instance with a self-signed certificate
                  secure: true
            quay:
              # The UI url for Quay, used to generate the link to Quay
              uiUrl: 'https://quay.io'
            techdocs:
              builder: 'local'
              generator:
                runIn: 'local'
              publisher:
                type: 'local'
      ~~~
      2. Create secret `rhdh-secret` under `rhdh` namespace with env vars used under `app-config-rhdh` configmap
      3. `helm repo add openshift-helm-charts https://charts.openshift.io/`
      4. `helm show values openshift-helm-charts/redhat-developer-hub > values.yaml`
      5. Update `.global.clusterRouterBase` under `values.yaml` to the base domain of the active cluster
      6. Update `.upstream.backstage.extraEnvVarsSecrets` under `values.yaml` to include `rhdh-secret`
      7. Update `.upstream.backstage.extraAppConfig` under `values.yaml` to include `app-config-rhdh` configmap with `app-config.extra.yaml` reference
      8. `helm upgrade -i rhdh --namespace rhdh -f values.yaml openshift-helm-charts/redhat-developer-hub`
      

      Actual results:

      app.baseUrl is set to 'https://rhdh-developer-hub-rhdh.<base_domain>'
      
      error message:
        Login failed; caused by NotAllowedError: Origin 'https://rhdh-redhat-developer-hub-rhdh.<base_domain>' is not allowed

      Expected results:

      app.baseUrl is set to 'https://rhdh-redhat-developer-hub-rhdh.<base_domain>'
      
      Should login successfully.

      Additional info:

      **Workaround**: Overriding with `.global.host` produces expected results and the bug only seems to effect deployments when using default values such as setting the base domain with `.global.clusterRouterBase`.

              rh-ee-asoro Armel Soro
              mvaldron Michael Valdron
              RHIDP - Install
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: