Bug 1554138

Summary: [apb] cli tools ERROR: Attempt to list APBs in the broker returned status: 404
Product: OpenShift Container Platform Reporter: daniel <dmoessne>
Component: Service BrokerAssignee: Dylan Murray <dymurray>
Status: CLOSED ERRATA QA Contact: Jian Zhang <jiazha>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.7.0CC: aos-bugs, chezhang, dymurray, dzhukous, jmatthew, smunilla, zitang
Target Milestone: ---   
Target Release: 3.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The APB tooling was not looking in the `openshift-ansible-service-broker` namespace for the broker route and the --broker flag misbehaved with improper suffixes. Consequence: Commands like `apb list` did not behave as expected. Fix: Backported some newer fixes to 3.7 so that the tooling automatically tries to find the correct resources even if the user does not provide all of the information. Result: `apb list` should just work, --broker flag not even needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-27 07:59:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description daniel 2018-03-11 20:05:46 UTC 
Description of problem:
When using apb from rhel-7-server-ose-3.7-rpms and running apb list --broker <broker URL>
I do get:
Error: Attempt to list APBs in the broker returned status: 404
Unable to list APBs in Ansible Service Broker.
Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Install OCP 3.7 with APB deployed
2. # yum install apb -y 
3. # apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com

Actual results:
Error: Attempt to list APBs in the broker returned status: 404
Unable to list APBs in Ansible Service Broker.

Expected results:
shows list from ansible service broker 

Additional info:

trying one one master with apb from ose-3.7 repo:
[root@master-1 ~]#
[root@master-1 ~]# yum provides apb
Loaded plugins: search-disabled-repos, subscription-manager
apb-1.0.4-1.el7.noarch : Ansible Playbook Bundle (APB) is a lightweight application definition (meta-container).
Repo        : rhel-7-server-ose-3.7-rpms

apb-1.0.4-1.el7.noarch : Ansible Playbook Bundle (APB) is a lightweight application definition (meta-container).
Repo        : @rhel-7-server-ose-3.7-rpms

[root@master-1 ~]# 
[root@master-1 ~]# oc whoami
admin
[root@master-1 ~]#
[root@master-1 ~]# oc whoami -t
WUfqBhpy57wG3YU6xJAHu_xddBmI6XXa4POBYy4SDMk
[root@master-1 ~]#
[root@master-1 ~]# apb list
Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str'
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Error: Attempt to list APBs in the broker returned status: 404
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 

Doing the same with apb from EPEL repo : https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/blob/master/docs/apb_cli.md#rpm-installation
[root@master-0 ~]# rpm -qa apb
apb-1.1.15-1.20180305205029.el7.centos.noarch
[root@master-0 ~]#
[root@master-0 ~]# oc whoami
admin
[root@master-0 ~]# oc whoami -t
KPhzZc0u7TokgFwQuwJWAAr_67yk9IhIPPqCRQeEKPs
[root@master-0 ~]#
[root@master-0 ~]#
[root@master-0 ~]# apb list
Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker.                    Trying openshift-ansible-service-broker
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
ID                                NAME               DESCRIPTION
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation
[root@master-0 ~]#
[root@master-0 ~]#
[root@master-0 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
ID                                NAME               DESCRIPTION
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation
[root@master-0 ~]# 

note: even no need to set --broker
Comment 1 Dylan Murray 2018-03-14 13:12:03 UTC 
This issue appears to be due to the fact that the current oc user's permissions is causing the construction of the broker request to fail. At the very least we can patch a fix for 3.7 to print a proper error.
Comment 2 John Matthews 2018-03-14 20:29:54 UTC 
Plan for 3.7.z is to print the correct error for this case.
3.9 is already doing this.
Comment 3 Jian Zhang 2018-03-15 07:42:39 UTC 
Daniel,

I confirm the `apb list --broker` is worked on the OCP 3.7 cluster for the 1.0.4 version. The usage is that you should add the "ansible-service-broker" strings in the tail of the broker URL, like below:

[root@localhost hello-world-apb]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.0314-p5u.qe.rhcloud.com/ansible-service-broker
ID                                NAME                           DESCRIPTION                          
30ba0018270996447917c32b0d6c4e6b  localregistry-hello-world-apb  deploys hello-world web application  
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb                 Mariadb apb implementation           
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb               Mediawiki123 apb implementation      
73ead67495322cc462794387fa9884f5  rh-mysql-apb                   Software Collections MySQL APB       
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb              SCL PostgreSQL apb implementation    

[root@localhost hello-world-apb]# rpm -qa | grep apb
apb-1.0.4-1.el7.noarch

For the 1.1.15 version, the users no longer need to add the "ansible-service-broker" strings in the broker URL.

So, no matter the 1.0.4 or the 1.1.15 version, both of them are worked well on the OCP 3.7 cluster.
Comment 4 Zhang Cheng 2018-03-15 07:57:12 UTC 
QE tested both in ocp3.7 + apb 1.0.4 and ocp3.7 + apb 1.1.15, apb list function work well.

There are some usage difference in apb 1.0.4(ocp3.7 released version) and apb 1.1.15:
For apb 1.0.4(for ocp3.7):
You have to add the "ansible-service-broker" strings at the end of broker url, and apb list fail without "--broker" option by expected.

For apb 1.1.15(for ocp3.9) :
You don't need to add "ansible-service-broker" strings at the end of broker url(in another work, should be fine with or without string), and apb list both fine with or without "--broker" option.

Certainly, it is better if developer can patch a fix for 3.7 to print a proper error when user have a wrong usage.
Comment 5 daniel 2018-03-17 14:25:54 UTC 
master1: -> apb from ocp channel
master2: -> apb from epel
users:
  - system:admin
  - user1  - cluster admin role
  - user2  - 'normal' user

master1:
********
# yum install apb-1.0.4-1* -y
[root@master-1 ~]# rpm -qa apb
apb-1.0.4-1.el7.noarch
[root@master-1 ~]#

user:system:admin 
------------------
[root@master-1 ~]# apb list
Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str'
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 

--> seems expected as no token for system:admin



user: user1 (cluster admin role)
--------------------------------
[root@master-1 ~]# apb list
Exception occurred! unsupported operand type(s) for +: 'NoneType' and 'str'
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/
ID                                NAME               DESCRIPTION                        
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation         
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation    
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB     
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation  
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker
ID                                NAME               DESCRIPTION                        
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation         
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation    
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB     
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation  
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/
Error: Attempt to list APBs in the broker returned status: 404
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Error: Attempt to list APBs in the broker returned status: 404
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 

--> user with cluster role and token, works

user: user2 (normal user)
--------------------------
[root@master-1 ~]# apb list
Exception occurred! Could not find route to ansible-service-broker. Use --broker or log into the cluster using "oc login"
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 
[root@master-1 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-1 ~]# 

--> user w/o access rights, does not work, expected

#####################################################################################################################################################

master2:
********
# wget https://copr.fedorainfracloud.org/coprs/g/ansible-service-broker/ansible-service-broker-latest/repo/epel-7/group_ansible-service-broker-ansible-service-broker-latest-epel-7.repo -O /etc/yum.repos.d/ansible-service-broker.repo
# yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# yum install -y apb
[root@master-2 ~]# rpm -qa apb
apb-1.1.15-1.20180305205029.el7.centos.noarch
[root@master-2 ~]# 


user:system:admin 
------------------
[root@master-2 ~]# apb list
Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker.                    Trying openshift-ansible-service-broker
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# 


--> seems expected as no token for system:admin


user: user1 (cluster admin role)
--------------------------------
[root@master-2 ~]# apb list
Didn't find OpenShift Ansible Broker route in namespace: ansible-service-broker.                    Trying openshift-ansible-service-broker
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
ID                                NAME               DESCRIPTION                        
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation         
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation    
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB     
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation  
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 404
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
ID                                NAME               DESCRIPTION                        
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation         
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation    
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB     
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation  
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
ID                                NAME               DESCRIPTION                        
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation         
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation    
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB     
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation  
[root@master-2 ~]# 
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
ID                                NAME               DESCRIPTION                        
2c259ddd8059b9bc65081e07bf20058f  rh-mariadb-apb     Mariadb apb implementation         
03b69500305d9859bb9440d9f9023784  rh-mediawiki-apb   Mediawiki123 apb implementation    
73ead67495322cc462794387fa9884f5  rh-mysql-apb       Software Collections MySQL APB     
d5915e05b253df421efe6e41fb6a66ba  rh-postgresql-apb  SCL PostgreSQL apb implementation  
[root@master-2 ~]# 

--> cluster admin role for user works es expected


user: user2 (normal user)
--------------------------
[root@master-2 ~]# apb list 
Exception occurred! Could not find route to ansible-service-broker. Use --broker or log into the cluster using "oc login"
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# apb list --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com
Contacting the ansible-service-broker at: https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/v2/catalog
Error: Attempt to list APBs in the broker returned status: 403
Unable to list APBs in Ansible Service Broker.
[root@master-2 ~]# 

--> expected as user access rights not set



my summary:
- abp from official repos should have improved error message making it easier for users to understand why it is failing

- cosmetig thing:
  - apb from ocp repo :  --broker https://asb-1338-openshift-ansible-service-broker.apps.example.com/ansible-service-broker/  (trailing /) works while it does not for the one from epel, again cosmetic, but at least for me hard to spot ;)

- probably we should improve documentation around this as looking at 
  - https://docs.openshift.com/container-platform/3.7/apb_devel/cli_tooling.html#apb-devel-cli-overview
    as well as 
  - https://docs.openshift.com/container-platform/3.7/apb_devel/writing/getting_started.html#apb-devel-writing-gs-dev-env
  do not mention that --broker is required
Comment 6 Dylan Murray 2018-03-19 16:18:06 UTC 
I have backported some fixes so that the --broker flag will work as expected without providing the required suffix.

This should fix the 404 errors that Daniel has seen.

https://github.com/ansibleplaybookbundle/ansible-playbook-bundle/pull/245
Comment 7 David Zager 2018-03-20 17:39:35 UTC 
https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=663785
Comment 9 Zhang Cheng 2018-04-08 05:48:56 UTC 
Changing status to ON_QA since errata image ready for test.
Comment 10 Jian Zhang 2018-04-09 02:02:32 UTC 
It works well as we expected, LGTM, verified.

version:
[root@host-172-16-120-59 ~]# rpm -qa | grep apb
apb-1.0.5-1.el7.noarch
Comment 14 errata-xmlrpc 2018-06-27 07:59:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2009