1372579 – User can not get on /version/openshift with error code 403 on upgrade from 3.2.1

Bug 1372579 - User can not get on /version/openshift with error code 403 on upgrade from 3.2.1

Summary: User can not get on /version/openshift with error code 403 on upgrade from 3.2.1

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Master
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Jordan Liggitt
QA Contact:	weiwei jiang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-02 06:24 UTC by Liang Xia
Modified:	2017-03-08 18:26 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Access to new endpoints was not automatically added to existing discovery roles during an upgrade. Consequence: Checking the server version from the command line using `oc version` would display a forbidden error. Fix: Correctly add permission to the new endpoint during an upgrade. Result: `oc version` displays the server version as expected
Clone Of:
Environment:
Last Closed:	2016-09-27 09:47:14 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:1933	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.3 Release Advisory	2016-09-27 13:24:36 UTC

Comment 1 Jordan Liggitt 2016-09-02 14:10:02 UTC

This is an issue with non-resource-url reconciliation in roles

The additional allowed paths (/version/*) were not being added to the system:discovery role automatically

Comment 2 Jordan Liggitt 2016-09-02 21:50:10 UTC

fixed in https://github.com/openshift/origin/pull/10785

Comment 4 Liang Xia 2016-09-07 06:44:52 UTC

Currently the deploy is v3.3.0.29, Waiting for v3.3.0.30 to verify the bug

Comment 5 Troy Dawson 2016-09-07 13:11:47 UTC

This has been merged into ose and is in OSE v3.3.0.30 or newer.
The rpm's and images should be available now for testing.

Comment 9 errata-xmlrpc 2016-09-27 09:47:14 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933

Note You need to log in before you can comment on or make changes to this bug.