Bug 1372579 - User can not get on /version/openshift with error code 403 on upgrade from 3.2.1
Summary: User can not get on /version/openshift with error code 403 on upgrade from 3.2.1
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Master
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Jordan Liggitt
QA Contact: weiwei jiang
Depends On:
TreeView+ depends on / blocked
Reported: 2016-09-02 06:24 UTC by Liang Xia
Modified: 2017-03-08 18:26 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Access to new endpoints was not automatically added to existing discovery roles during an upgrade. Consequence: Checking the server version from the command line using `oc version` would display a forbidden error. Fix: Correctly add permission to the new endpoint during an upgrade. Result: `oc version` displays the server version as expected
Clone Of:
Last Closed: 2016-09-27 09:47:14 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1933 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 Release Advisory 2016-09-27 13:24:36 UTC

Comment 1 Jordan Liggitt 2016-09-02 14:10:02 UTC
This is an issue with non-resource-url reconciliation in roles

The additional allowed paths (/version/*) were not being added to the system:discovery role automatically

Comment 2 Jordan Liggitt 2016-09-02 21:50:10 UTC
fixed in https://github.com/openshift/origin/pull/10785

Comment 4 Liang Xia 2016-09-07 06:44:52 UTC
Currently the deploy is v3.3.0.29, Waiting for v3.3.0.30 to verify the bug

Comment 5 Troy Dawson 2016-09-07 13:11:47 UTC
This has been merged into ose and is in OSE v3.3.0.30 or newer.
The rpm's and images should be available now for testing.

Comment 9 errata-xmlrpc 2016-09-27 09:47:14 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.