Bug 1538488

Summary: When token expired and command uses short name type, it prompts server doesn't have a resource type
Product: OpenShift Container Platform Reporter: Xingxing Xia <xxia>
Component: ocAssignee: Maciej Szulik <maszulik>
Status: CLOSED ERRATA QA Contact: Xingxing Xia <xxia>
Severity: low Docs Contact:
Priority: medium    
Version: 3.9.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: 3.10.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-09 23:40:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Xingxing Xia 2018-01-25 08:14:25 UTC 
Description of problem:
When token expired and command uses short name type, it prompts server doesn't have a resource type

Version-Release number of selected component (if applicable):
v3.9.0-0.24.0

How reproducible:
Always

Steps to Reproduce:
1. oc logins to server
2. After a day token expired or make token expired by:
$ oc config view --minify > mylogin.config
$ oc logout
Logged "xxia" out on "https://MASTER:8443"
$ cp mylogin.config ~/.kube/config

Then run:
$ oc get po # short name
the server doesn't have a resource type "po"

$ oc get pod
error: You must be logged in to the server (Unauthorized)

Actual results:
1. Check ~/.kube/, there is ~/.kube/MASTER_CONTEXT_NAME/v1/serverresources.json which shows:
{"name":"pods","singularName":"","namespaced":true,"kind":"Pod","verbs":["create","delete","deletecollection","get","list","patch","proxy","update","watch"],"shortNames":["po"],"categories":["all"]}

2. More log info:
$ oc get po --loglevel 6
I0125 15:14:04.566929   30695 loader.go:357] Config loaded from file /home/tester/.kube/config
I0125 15:14:05.646002   30695 round_trippers.go:436] GET https://MASTER:8443/api 401 Unauthorized in 1078 milliseconds
I0125 15:14:05.646832   30695 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0125 15:14:05.916845   30695 round_trippers.go:436] GET https://MASTER:8443/api 401 Unauthorized in 269 milliseconds
I0125 15:14:05.917500   30695 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0125 15:14:06.828112   30695 round_trippers.go:436] GET https://MASTER:8443/api 401 Unauthorized in 909 milliseconds
I0125 15:14:06.829007   30695 cached_discovery.go:124] skipped caching discovery info due to Unauthorized
I0125 15:14:06.829271   30695 factory_object_mapping.go:93] Unable to retrieve API resources, falling back to hardcoded types: Unauthorized
F0125 15:14:06.830405   30695 helpers.go:119] the server doesn't have a resource type "po"

It knows 'unauthorized' but it does not prompt 'unauthorized' without '--loglevel'

Expected results:
2. No matter command uses short name or full name, it should prompt 'unauthorized' when user does not specify --loglevel in command
Additional info:
Comment 1 Juan Vallejo 2018-01-26 16:12:27 UTC 
This will be addressed by [1].

The error after applying [1] is:
```
$ KUBECONFIG=mylogin.config oc get po
error: You must be logged in to the server (the server has asked for the client to provide credentials (get pods))
```


1. https://github.com/openshift/origin/pull/18137
Comment 3 Maciej Szulik 2019-02-26 16:11:23 UTC 
The fix landed in 3.10, moving to qa.
Comment 4 Xingxing Xia 2019-02-27 13:26:02 UTC 
Verified in OCP c/s v3.10.118, oc get po(d) both can show error: You must be logged in to the server (Unauthorized)
Comment 6 errata-xmlrpc 2019-04-09 23:40:43 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0620