1785551 – Webhook not triggering rebuild

Bug 1785551 - Webhook not triggering rebuild

Summary: Webhook not triggering rebuild

Keywords:
Status:	NEW
Alias:	None
Product:	OpenShift Online
Classification:	Red Hat
Component:	Unknown
Sub Component:
Version:	3.x
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Abhishek Gupta
QA Contact:	Xiaoli Tian
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-12-20 08:25 UTC by Martin Kosek
Modified:	2022-01-08 05:34 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Martin Kosek 2019-12-20 08:25:43 UTC

Description of problem:
In my employee.openshift.comproject, I have a BuildConfig with defined GitHub and Generic webhooks. Neither does not seem to trigger a rebuild of the image:

$ oc describe bc freeipa-org-planet
Name:		freeipa-org-planet
Namespace:	freeipa
Created:	2 months ago
Labels:		app=freeipa-org-planet
		template=freeipa-org-planet
Description:	Defines how to build the application
Annotations:	template.alpha.openshift.io/wait-for-ready=true
Latest Version:	7

Strategy:	Source
URL:		https://github.com/freeipa/freeipa-planet.git
From Image:	ImageStreamTag openshift/php:7.0
Output to:	ImageStreamTag freeipa-org-planet:latest

Build Run Policy:	Serial
Triggered by:		Config, ImageChange
Webhook GitHub:
	URL:	https://api.rh-us-east-1.openshift.com:443/apis/build.openshift.io/v1/namespaces/freeipa/buildconfigs/freeipa-org-planet/webhooks/<secret>/github
Webhook Generic:
	URL:		https://api.rh-us-east-1.openshift.com:443/apis/build.openshift.io/v1/namespaces/freeipa/buildconfigs/freeipa-org-planet/webhooks/<secret>/generic
	AllowEnv:	false
Builds History Limit:
	Successful:	5
	Failed:		5


$ curl -X post -k https://api.rh-us-east-1.openshift.com:443/apis/build.openshift.io/v1/namespaces/freeipa/buildconfigs/freeipa-org-planet/webhooks/<secret>/generic
{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "buildconfigs.build.openshift.io \"freeipa-org-planet\" is forbidden: User \"system:anonymous\" cannot  buildconfigs.build.openshift.io/webhooks in the namespace \"freeipa\": no RBAC policy matched",
  "reason": "Forbidden",
  "details": {
    "name": "freeipa-org-planet",
    "group": "build.openshift.io",
    "kind": "buildconfigs"
  },
  "code": 403


Version-Release number of selected component (if applicable):

OpenShift Master:
v3.11.43
Kubernetes Master:
v1.11.0+d4cacc0
OpenShift Web Console:
v3.11.43

How reproducible:
Always

Steps to Reproduce:
1. oc set triggers bc freeipa-org-planet --remove-all
2. oc set triggers bc/freeipa-org-planet --from-github
3. oc set triggers bc/freeipa-org-planet --from-webhook
4. oc describe bc freeipa-org-planet
5. Trigger generic or github webhook with the right secret

Actual results:
Generic webhook - I get error above
GitHub webhook - I get success reported from GitHub, but no rebuild is done

Expected results:
Webhooks trigger rebuild

Additional info:

Note You need to log in before you can comment on or make changes to this bug.