Bug 2024932 - console throws "Unauthorized" error after logging out
Summary: console throws "Unauthorized" error after logging out
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Dev Console
Version: 4.10
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 4.10.0
Assignee: Jaivardhan Kumar
QA Contact: spathak@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-19 14:48 UTC by David Taylor
Modified: 2022-03-10 16:30 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
: 2025954 (view as bug list)
Environment:
Last Closed: 2022-03-10 16:29:41 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift console pull 10606 0 None open Bug 2024932: Catch unhandled promises (to increase e2e stability) 2021-12-08 12:07:01 UTC
Red Hat Product Errata RHSA-2022:0056 0 None None None 2022-03-10 16:30:04 UTC

Description David Taylor 2021-11-19 14:48:26 UTC
Description of problem:

crud/roles-rolebindings.spec.ts throws Unauthorized error attempting to `GET api/check-updates` seemingly before logining into the console.

We do see other tests occasionly failing with same Unauthorized error, but not nearly as much as Roles And RoleBindings test which fails consistently:

https://search.ci.openshift.org/?search=%E2%9C%96++crud%2Froles-rolebindings.spec.ts&maxAge=168h&context=0&type=all&name=pull-ci-openshift-console-master-e2e-gcp-console&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job


"before all" hook for "test Roles detail page breadcrumbs to list page restores 'All Projects' dropdown": Roles and RoleBindings "before all" hook for "test Roles detail page breadcrumbs to list page restores 'All Projects' dropdown" expand_less	0s
a: The following error originated from your application code, not from Cypress. It was caused by an unhandled promise rejection.

  > Unauthorized

Comment 2 David Taylor 2021-11-22 17:30:54 UTC
The 'Unauthorized' error/flake appears to affect several areas of CI:  https://search.ci.openshift.org/?search=It+was+caused+by+an+unhandled+promise+rejection.&maxAge=336h&context=1&type=junit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job

In 'pull-ci-openshift-console-master-e2e-gcp-console' the majority of the "Unauthorized" errors are in:

1. Create key/value secrets
2. Roles and RoleBindings
3. Installing "Business Automation" operator

In 'pull-ci-openshift-console-master-ceph-storage-plugin':

1. Test block pool creation under OCS UI
2. Tests Buckets, Status, Object Storage Efficiency, and Resource Providers Cards
3. Tests Expansion of a PVC
4. OCS Operator Expansion of Storage Class Test
5. Test block pool deletion under OCS UI

In 'pull-ci-openshift-console-master-kubevirt-plugin':

1. Test multiple IP addresses are displayed for VM
2. Test Getting started card of the Virtualization Overview page
3. test dev console.test dev console switch perspective
4. smoke tests.smoke tests visit vm list page
5. Test network attachment definition
6. ID(CNV-6923) Verify storageProfile with a fake storageClass
7. Test VM scheduling policy

Comment 3 David Taylor 2021-11-23 17:56:45 UTC
More info in: https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_console/10531/pull-ci-openshift-console-master-e2e-gcp-console/1463165570689011712/artifacts/e2e-gcp-console/test/artifacts/gui_test_screenshots/browser.log:

[SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/kubernetes/apis/binding.operators.coreos.com/v1alpha1/bindablekinds/bindable-kinds - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[WARNING] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js 0:1019697 "Error fetching bindable services" a: Unauthorized
    at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710591
    at Generator.next (<anonymous>)
    at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709878
    at new Promise (<anonymous>)
    at s (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709623)
    at l (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710067)
    at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:855638
[SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/vendors~main-chunk-b7e93c71d22b5f8b2580.min.js 91 WebSocket connection to 'wss://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/graphql' failed: HTTP Authentication failed; no valid credentials available
[SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/console/knative-event-sources - Failed to load resource: the server responded with a status of 401 (Unauthorized)
[WARNING] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js 0:397448 "Error fetching CRDs for dynamic event sources" a: Unauthorized
    at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710591
    at Generator.next (<anonymous>)
    at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709878
    at new Promise (<anonymous>)
    at s (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709623)
    at l (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710067)
    at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:855638
[SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/console/knative-channels - Failed to load resource: the server responded with a status of 401 (Unauthorized)

Comment 4 David Taylor 2021-11-24 14:28:27 UTC
I just logged into a shared 4.10 cluster, then logged out (browser Inspect, preserved log) and I see the errors being throw!  So it's not a cypress issue, but unfortunately, it is an issue with console/dynamic-plugins-sdk.

Comment 5 David Taylor 2021-12-03 13:43:59 UTC
Sam Padgett wrote: "@dtaylor Are you sure this is the cause of the test failures? I would expect these errors in the logs, and we seem to be catching them properly..."

Reassigning to Jakub for triage, as Sam seems to expect these errors, this BZ may not be a bug?

Cypress PR which catches the "> Unauthorized" and allows e2e tests to continue:
https://github.com/openshift/console/pull/10545

Comment 6 Christoph Jerolimov 2021-12-08 12:06:03 UTC
Reduced prio as this doesn't break our CI build anymore. Also created a PR already so pick this up, hope that's fine.

PTAL https://github.com/openshift/console/pull/10606

Comment 8 Christoph Jerolimov 2021-12-20 11:32:48 UTC
This change only affects the CI test stability and could not be tested on a cluster. Set this as verified and will continuously watch the CI failure rate.

The CI search page already shows a reduce of errors with this error.

Search for "> Unauthorized" in the last 14 days
Found in 0.00% of runs (0.00% of failures) across 484 total runs and 2 jobs (53.51% failed)

https://search.ci.openshift.org/?search=%3E+Unauthorized&maxAge=336h&context=0&type=all&name=pull-ci-openshift-console-master-e2e-gcp-console&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job


Search for "✖  crud/roles-rolebindings.spec.ts" in the last 14 days
Found in 0.23% of runs (0.40% of failures) across 885 total runs and 2 jobs (56.50% failed)

https://search.ci.openshift.org/?search=%E2%9C%96++crud%2Froles-rolebindings.spec.ts&maxAge=336h&context=0&type=all&name=pull-ci-openshift-console-master-e2e-gcp-console&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job


Search for "It was caused by an unhandled promise rejection." in the last 14 days
Found in 0.00% of runs (0.00% of failures) across 282990 total runs and 9431 jobs (20.37% failed)

https://search.ci.openshift.org/?search=It+was+caused+by+an+unhandled+promise+rejection.&maxAge=336h&context=1&type=junit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job

Comment 13 errata-xmlrpc 2022-03-10 16:29:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:0056


Note You need to log in before you can comment on or make changes to this bug.