Bug 1957668 - oc login does not show link to console [NEEDINFO]
Summary: oc login does not show link to console
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.8
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
: 4.11.0
Assignee: Filip Krepinsky
QA Contact: zhou ying
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-05-06 09:54 UTC by Stefan Schimanski
Modified: 2022-08-10 10:36 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature / Reason: to have an accessible console URL even when logged out of the cluster Result: - $API_URL/console will redirect to console URL - oc login will show the console URL when requiring an authentication
Clone Of:
Environment:
Last Closed: 2022-08-10 10:36:17 UTC
Target Upstream Version:
Embargoed:
mfojtik: needinfo?


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift api pull 1094 0 None open Bug 1957668: remove ConsolePublicURL from KubeAPIServerConfig 2022-01-12 13:48:02 UTC
Github openshift kubernetes pull 1110 0 None open Bug 1957668: UPSTREAM: <carry>: use console-public config map for console redirect 2022-01-12 13:44:47 UTC
Github openshift oc pull 883 0 None open Bug 1957668: show console URL when asking for Authentication 2021-07-13 19:49:22 UTC
Red Hat Product Errata RHSA-2022:5069 0 None None None 2022-08-10 10:36:37 UTC

Description Stefan Schimanski 2021-05-06 09:54:15 UTC
Description of problem:

$ oc config use-context bugzilla-operator/api-cr-j7t7-p1-openshiftapps-com:6443/sttts--GitHub--730123
$ oc get clusteroperators
error: You must be logged in to the server (Unauthorized)
$ oc login
Authentication required for https://api.cr.j7t7.p1.openshiftapps.com:6443 (openshift)
Username:

Clicking on the link gives me:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {
    
  },
  "status": "Failure",
  "message": "forbidden: User \"system:anonymous\" cannot get path \"/\"",
  "reason": "Forbidden",
  "details": {
    
  },
  "code": 403
}

This is not helpful. I am confused and unhappy as a user. How should I know the URL to the console?

Expected results:

Either redirect directly to the console on platforms that support this (Mac does via `open` command), or at lesat show me a link to the console I can click on.

Comment 1 Michal Fojtik 2021-06-05 10:29:07 UTC
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.

Comment 2 Michal Fojtik 2021-07-08 12:13:22 UTC
This bug hasn't had any activity in the last 30 days. Maybe the problem got resolved, was a duplicate of something else, or became less pressing for some reason - or maybe it's still relevant but just hasn't been looked at yet. As such, we're marking this bug as "LifecycleStale" and decreasing the severity/priority. If you have further information on the current state of the bug, please update it, otherwise this bug can be closed in about 7 days. The information can be, for example, that the problem still occurs, that you still want the feature, that more information is needed, or that the bug is (for whatever reason) no longer relevant. Additionally, you can add LifecycleFrozen into Keywords if you think this bug should never be marked as stale. Please consult with bug assignee before you do that.

Comment 4 Filip Krepinsky 2021-08-17 10:07:48 UTC
still unsure of a correct way of fixing this, might not make it to 4.9: https://github.com/openshift/oc/pull/883#discussion_r671472821

Comment 5 Filip Krepinsky 2021-09-03 16:29:25 UTC
not so simple to fix - still pending

Comment 7 Filip Krepinsky 2022-01-13 13:15:31 UTC
added a PR to api-server that adds a support for automatic detection of console URL and redirecting

Comment 8 Filip Krepinsky 2022-01-28 19:46:23 UTC
not managed to push it in 4.10 - moving to 4.11

Comment 10 Filip Krepinsky 2022-04-04 18:53:56 UTC
changes in the api server have been merged, and the oc PR has been updated and is currently under review

Comment 12 zhou ying 2022-06-22 03:13:12 UTC
can't reproduce the issue now :


oc version --client
Client Version: 4.11.0-0.nightly-2022-06-11-120123
Kustomize Version: v4.5.4


[root@localhost ocmirrortest]# oc config use-context /api-yinzhoudowns-qe-devcluster-openshift-com:6443/testuser-0
Switched to context "/api-yinzhoudowns-qe-devcluster-openshift-com:6443/testuser-0".
[root@localhost ocmirrortest]# oc login
You must obtain an API token by visiting https://oauth-openshift.apps.yinzhoudowns.qe.devcluster.openshift.com/oauth/token/request

Comment 14 errata-xmlrpc 2022-08-10 10:36:17 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Container Platform 4.11.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:5069


Note You need to log in before you can comment on or make changes to this bug.