Bug 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope
Summary: [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-us...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 4.7
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 4.7.0
Assignee: Gabe Montero
QA Contact: XiuJuan Wang
Depends On:
TreeView+ depends on / blocked
Reported: 2020-12-10 20:22 UTC by Gabe Montero
Modified: 2021-02-24 15:42 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2021-02-24 15:41:57 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github openshift origin pull 25754 0 None closed Bug 1906588: normalize ginkgo structuring so we avoid timing windows with k8s e2e setup when changing user 2021-01-26 08:17:10 UTC
Red Hat Product Errata RHSA-2020:5633 0 None None None 2021-02-24 15:42:24 UTC

Description Gabe Montero 2020-12-10 20:22:12 UTC
A combo of the new k8s e2e framework and other conceivable issues revealed a timing window where the build jenkins pipeline strategy e2e's would change the user while the k8s e2e setup code was trying to list the nodes.

The user stemming from its NewCLI calls by default does not, nor should it have, permissions to list nodes.

A restructure of when NewCLI is called fixes  the problem.

See https://coreos.slack.com/archives/CEKNRGF25/p1607517832067700 for the tl;dr

Comment 2 Gabe Montero 2020-12-11 22:35:09 UTC
verified by PR CI e2e-*-builds passing

Comment 5 errata-xmlrpc 2021-02-24 15:41:57 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.