Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1615229 - [ASB] Service Catalog can not reach /osb/v2/catalog endpoint
[ASB] Service Catalog can not reach /osb/v2/catalog endpoint
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Service Broker (Show other bugs)
3.11.0
Unspecified Unspecified
medium Severity medium
: ---
: 3.11.0
Assigned To: Jason Montleon
Zihan Tang
: TestBlocker
Depends On:
Blocks: 1583503
  Show dependency treegraph
 
Reported: 2018-08-13 01:50 EDT by Zihan Tang
Modified: 2018-10-11 03:25 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-10-11 03:24:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:2652 None None None 2018-10-11 03:25 EDT

  None (edit)
Description Zihan Tang 2018-08-13 01:50:40 EDT 
Description of problem:
ansible-service-broker can not fetch clusterserviceclass from asb pod.
curl -k -H "Authorization: Bearer `oc serviceaccounts get-token asb-client`" https://$(oc get routes -n openshift-ansible-service-broker --no-headers | awk '{print $2}')/ansible-service-broker/v2/catalog
{
  "paths": [
    "/apis",
    "/healthz",
    "/healthz/ping",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/metrics",
    "/osb/"
  ]

Version-Release number of selected component (if applicable):
asb: 1.3.8
openshift-ansible-3.11.0-0.13.0

How reproducible:
always

Steps to Reproduce:
1. set asb with avalible registry, it can fetch apbs successfully.
# oc get bundles
NAME                               AGE
0300d1ae1841c23a9df0a179ad0605fd   2h
0e5dbb6592fec99057f94fbb095ec558   2h
48749329dd289591e11ba737f15fc71b   2h
bd8dff760b959264f3ab38d42ba5e7a8   2h

2. relist service catalog by : apb catalog relist -n ansible-service-broker
checking clusterserviceclass

# oc get clusterserviceclass
No resources found.

Actual results:
No resources found.

# oc describe clusterservicebroker ansible-service-broker
Name:         ansible-service-broker
Namespace:    
Labels:       <none>
Annotations:  <none>
API Version:  servicecatalog.k8s.io/v1beta1
Kind:         ClusterServiceBroker
Metadata:
  Creation Timestamp:  2018-08-13T05:39:49Z
  Finalizers:
    kubernetes-incubator/service-catalog
  Generation:        1
  Resource Version:  29548
  Self Link:         /apis/servicecatalog.k8s.io/v1beta1/clusterservicebrokers/ansible-service-broker
  UID:               4b92b10b-9ebb-11e8-9c5b-0a580a80001b
Spec:
  Auth Info:
    Bearer:
      Secret Ref:
        Name:       asb-client
        Namespace:  openshift-ansible-service-broker
  Ca Bundle:        L...TS9MSGsvN295RT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
  Relist Behavior:  Duration
  Relist Requests:  5
  URL:              https://asb.openshift-ansible-service-broker.svc:1338/osb
Status:
  Conditions:
    Last Transition Time:  2018-08-13T05:39:49Z
    Message:               Error fetching catalog.Error getting broker catalog: Status: 403; ErrorMessage: <nil>; Description: <nil>; ResponseError: <nil>
    Reason:                ErrorFetchingCatalog
    Status:                False
    Type:                  Ready
  Operation Start Time:    2018-08-13T05:39:50Z
  Reconciled Generation:   0
Events:
  Type     Reason                Age                From                                Message
  ----     ------                ----               ----                                -------
  Warning  ErrorFetchingCatalog  24s (x14 over 1m)  service-catalog-controller-manager  Error getting broker catalog: Status: 403; ErrorMessage: <nil>; Description: <nil>; ResponseError: <nil>

Expected results:
get clusterserviceclass successfully

Additional info:
osb api return 403

# curl -k -H "Authorization: Bearer `oc serviceaccounts get-token asb-client`" https://$(oc get routes -n openshift-ansible-service-broker --no-headers | awk '{print $2}')/osb/v2/catalog
Error from server (NotFound): serviceaccounts "asb-client" not found
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/osb/v2/catalog\": no RBAC policy matched",
  "reason": "Forbidden",
  "details": {
    
  },
  "code": 403

Found some related PR: 
https://github.com/openshift/ansible-service-broker/pull/1029
https://github.com/openshift/openshift-ansible/pull/9510
Comment 1 Zihan Tang 2018-08-13 02:19:28 EDT 
In #Descripition, 
the ansible-service-broker URL by default is : 

  URL:              https://asb.openshift-ansible-service-broker.svc:1338/ansible-service-broker
Comment 2 Zhang Cheng 2018-08-13 02:46:00 EDT 
Adding "testblocker" since this issue is blocking about 90% ASB TCs.
Comment 4 Zihan Tang 2018-08-16 02:25:02 EDT 
image is ready, change it to ON_QA
Comment 5 Zihan Tang 2018-08-16 02:26:32 EDT 
Verified
openshift-ansible-3.11.0-0.16.0
Comment 7 errata-xmlrpc 2018-10-11 03:24:38 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:2652
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.