Bug 1695048
Summary: | Conformance tests failing with "Unauthorized" or "You must be logged in to the server" | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Devan Goodwin <dgoodwin> |
Component: | apiserver-auth | Assignee: | Mo <mkhan> |
Status: | CLOSED DUPLICATE | QA Contact: | Chuan Yu <chuyu> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 4.1.0 | CC: | aos-bugs, ccoleman, evb, gmontero, jokerman, mmccomas, nagrawal, slaznick |
Target Milestone: | --- | ||
Target Release: | 4.1.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-04-05 13:22:21 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Devan Goodwin
2019-04-02 11:41:23 UTC
Moving to auth. Michal Fojtik [3 minutes ago] i think that flakes are caused by something creating SAR request without user/group Michal Fojtik [2 minutes ago] @auth-team should check the audit logs, grep create calls for subject access reviews and find the one returning 403 (likely) Michal Fojtik [2 minutes ago] then identify service account and track down what is making that invalid request Moving to urgent, this is a top flake and causes failures/flakes in almost every single run. Looks at least related to https://bugzilla.redhat.com/show_bug.cgi?id=1694878 if not a duplicate I am also seeing the same TLS errors in the authentication server For example: I0402 09:19:48.937291 1 log.go:172] http: TLS handshake error from 10.131.0.6:44300: EOF from the run Devan mentioned in his description. Adding Standa to the cc: ... you agree? Indeed, the TLS handshake errors seem to be the same in both the cases. Note that the logged error 'Failed to make webhook authorizer request: .authorization.k8s.io "" is invalid: spec.user: Invalid value: "": at least one of user or group must be specified' does not seem to have actual influence on the test result as explained in https://bugzilla.redhat.com/show_bug.cgi?id=1694878#c1. I still need to figure out what causes the TLS errors. Assigning to Mo who has been helping to debug the issue *** This bug has been marked as a duplicate of bug 1694878 *** |