Bug 1957668

Summary: oc login does not show link to console
Product: OpenShift Container Platform Reporter: Stefan Schimanski <sttts>
Component: ocAssignee: Filip Krepinsky <fkrepins>
oc sub component: oc QA Contact: zhou ying <yinzhou>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: low CC: aos-bugs, mfojtik
Version: 4.8Flags: mfojtik: needinfo?
Target Milestone: ---   
Target Release: 4.11.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Feature / Reason: to have an accessible console URL even when logged out of the cluster Result: - $API_URL/console will redirect to console URL - oc login will show the console URL when requiring an authentication
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-08-10 10:36:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stefan Schimanski 2021-05-06 09:54:15 UTC 
Description of problem:

$ oc config use-context bugzilla-operator/api-cr-j7t7-p1-openshiftapps-com:6443/sttts--GitHub--730123
$ oc get clusteroperators
error: You must be logged in to the server (Unauthorized)
$ oc login
Authentication required for https://api.cr.j7t7.p1.openshiftapps.com:6443 (openshift)
Username:

Clicking on the link gives me:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
    
  },
  "code": 403
}

This is not helpful. I am confused and unhappy as a user. How should I know the URL to the console?

Expected results:

Either redirect directly to the console on platforms that support this (Mac does via `open` command), or at lesat show me a link to the console I can click on.
Comment 1 Michal Fojtik 2021-06-05 10:29:07 UTC 
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.
Comment 2 Michal Fojtik 2021-07-08 12:13:22 UTC 
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.
Comment 4 Filip Krepinsky 2021-08-17 10:07:48 UTC 
still unsure of a correct way of fixing this, might not make it to 4.9: https://github.com/openshift/oc/pull/883#discussion_r671472821
Comment 5 Filip Krepinsky 2021-09-03 16:29:25 UTC 
not so simple to fix - still pending
Comment 7 Filip Krepinsky 2022-01-13 13:15:31 UTC 
added a PR to api-server that adds a support for automatic detection of console URL and redirecting
Comment 8 Filip Krepinsky 2022-01-28 19:46:23 UTC 
not managed to push it in 4.10 - moving to 4.11
Comment 10 Filip Krepinsky 2022-04-04 18:53:56 UTC 
changes in the api server have been merged, and the oc PR has been updated and is currently under review
Comment 12 zhou ying 2022-06-22 03:13:12 UTC 
can't reproduce the issue now :


oc version --client
Client Version: 4.11.0-0.nightly-2022-06-11-120123
Kustomize Version: v4.5.4


[root@localhost ocmirrortest]# oc config use-context /api-yinzhoudowns-qe-devcluster-openshift-com:6443/testuser-0
Switched to context "/api-yinzhoudowns-qe-devcluster-openshift-com:6443/testuser-0".
[root@localhost ocmirrortest]# oc login
You must obtain an API token by visiting https://oauth-openshift.apps.yinzhoudowns.qe.devcluster.openshift.com/oauth/token/request
Comment 14 errata-xmlrpc 2022-08-10 10:36:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069