1906588 – [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope

Bug 1906588 - [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-user" cannot list resource "nodes" in API group "" at the cluster scope

Summary: [ci][sig-builds] nodes is forbidden: User "e2e-test-jenkins-pipeline-xfghs-us...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Build
Sub Component:
Version:	4.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	urgent
Target Milestone:	---
Target Release:	4.7.0
Assignee:	Gabe Montero
QA Contact:	XiuJuan Wang
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-12-10 20:22 UTC by Gabe Montero
Modified:	2021-02-24 15:42 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-02-24 15:41:57 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	openshift origin pull 25754	0	None	closed	Bug 1906588: normalize ginkgo structuring so we avoid timing windows with k8s e2e setup when changing user	2021-01-26 08:17:10 UTC
Red Hat Product Errata	RHSA-2020:5633	0	None	None	None	2021-02-24 15:42:24 UTC

Description Gabe Montero 2020-12-10 20:22:12 UTC

A combo of the new k8s e2e framework and other conceivable issues revealed a timing window where the build jenkins pipeline strategy e2e's would change the user while the k8s e2e setup code was trying to list the nodes.

The user stemming from its NewCLI calls by default does not, nor should it have, permissions to list nodes.

A restructure of when NewCLI is called fixes  the problem.

See https://coreos.slack.com/archives/CEKNRGF25/p1607517832067700 for the tl;dr

Comment 2 Gabe Montero 2020-12-11 22:35:09 UTC

verified by PR CI e2e-*-builds passing

Comment 5 errata-xmlrpc 2021-02-24 15:41:57 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5633

Note You need to log in before you can comment on or make changes to this bug.