Bug 1419792

Summary: Kibana login fails when kibana URL contains hyphen
Product: OpenShift Container Platform Reporter: Kenjiro Nakayama <knakayam>
Component: LoggingAssignee: Jeff Cantrill <jcantril>
Status: CLOSED NOTABUG QA Contact: Xia Zhao <xiazhao>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.3.1CC: aos-bugs, jcantril, knakayam
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-10 04:27:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
kibana with dash in url none

Description Kenjiro Nakayama 2017-02-07 04:19:04 UTC 
Description of problem:
---
- Kibana passes the OpenShift Master's authentication. And if they contains hyphen in the URL, the OpenShift doesn't handle the redirection correctly.

Version-Release number of selected component (if applicable):
---
- OCP 3.3 & 3.4

Steps to Reproduce:
---
1. Deploy logging service with route contains "hyphen".

e.g)
  [root@knakayam-ose34-master1 ~]# oc get route
  NAME                 HOST/PORT                 PATH      SERVICES             PORT      TERMINATION
  logging-kibana       kibana-test.example.com             logging-kibana       <all>     reencrypt

2. Configure /etc/origin/master/master-config.yaml

3. Try to login to kibana-test.example.com

Actual results:
---
- Browser retunrs "Unable to connect" with following URL:

  https://knakayam-ose34-master1:8443/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Fkibana-test.example.com%2Fauth%2Fopenshift%2Fcallback&scope=user%3Ainfo%20user%3Acheck-access%20user%3Alist-projects&client_id=kibana-proxy

Expected results:
---
- Login successfully

Additional info:
---
- Although it can be fixed by using non-hyphen domain, but if wildcard domain contains hyphen, there are no workaround.
Comment 4 Jeff Cantrill 2017-02-07 21:12:14 UTC 
Created attachment 1248501 [details]
kibana with dash in url
Comment 5 Jeff Cantrill 2017-02-07 21:15:04 UTC 
I was unable to reproduce as attachment shows.  To be fair, I had some issues setting up my local deployment:

* openshift v3.3.1.13
kubernetes v1.3.0+52492b4

* router version: v3.4

Confirmed the oauthclient is correct: oc get oauthclient kibana-proxy -o yaml:

apiVersion: v1
kind: OAuthClient
metadata:
  annotations:
    openshift.io/generated-by: OpenShiftNewApp
  creationTimestamp: 2017-02-07T19:52:18Z
  labels:
    app: logging-support-template
    component: support
    logging-infra: support
    provider: openshift
  name: kibana-proxy
  resourceVersion: "2744"
  selfLink: /oapi/v1/oauthclients/kibana-proxy
  uid: ee957272-ed6e-11e6-a81c-5254007ced34
redirectURIs:
- https://kibana-test.192.168.121.200.xip.io
scopeRestrictions:
- literals:
  - user:info
  - user:check-access
  - user:list-projects
secret

Aside from those struggles, I am unable to reproduce
Comment 7 Jeff Cantrill 2017-02-08 14:28:09 UTC 
Can you confirm the oauthclient has the correct redirecturi?