Description of problem: crud/roles-rolebindings.spec.ts throws Unauthorized error attempting to `GET api/check-updates` seemingly before logining into the console. We do see other tests occasionly failing with same Unauthorized error, but not nearly as much as Roles And RoleBindings test which fails consistently: https://search.ci.openshift.org/?search=%E2%9C%96++crud%2Froles-rolebindings.spec.ts&maxAge=168h&context=0&type=all&name=pull-ci-openshift-console-master-e2e-gcp-console&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job "before all" hook for "test Roles detail page breadcrumbs to list page restores 'All Projects' dropdown": Roles and RoleBindings "before all" hook for "test Roles detail page breadcrumbs to list page restores 'All Projects' dropdown" expand_less 0s a: The following error originated from your application code, not from Cypress. It was caused by an unhandled promise rejection. > Unauthorized
The 'Unauthorized' error/flake appears to affect several areas of CI: https://search.ci.openshift.org/?search=It+was+caused+by+an+unhandled+promise+rejection.&maxAge=336h&context=1&type=junit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job In 'pull-ci-openshift-console-master-e2e-gcp-console' the majority of the "Unauthorized" errors are in: 1. Create key/value secrets 2. Roles and RoleBindings 3. Installing "Business Automation" operator In 'pull-ci-openshift-console-master-ceph-storage-plugin': 1. Test block pool creation under OCS UI 2. Tests Buckets, Status, Object Storage Efficiency, and Resource Providers Cards 3. Tests Expansion of a PVC 4. OCS Operator Expansion of Storage Class Test 5. Test block pool deletion under OCS UI In 'pull-ci-openshift-console-master-kubevirt-plugin': 1. Test multiple IP addresses are displayed for VM 2. Test Getting started card of the Virtualization Overview page 3. test dev console.test dev console switch perspective 4. smoke tests.smoke tests visit vm list page 5. Test network attachment definition 6. ID(CNV-6923) Verify storageProfile with a fake storageClass 7. Test VM scheduling policy
More info in: https://gcsweb-ci.apps.ci.l2s4.p1.openshiftapps.com/gcs/origin-ci-test/pr-logs/pull/openshift_console/10531/pull-ci-openshift-console-master-e2e-gcp-console/1463165570689011712/artifacts/e2e-gcp-console/test/artifacts/gui_test_screenshots/browser.log: [SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/kubernetes/apis/binding.operators.coreos.com/v1alpha1/bindablekinds/bindable-kinds - Failed to load resource: the server responded with a status of 401 (Unauthorized) [WARNING] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js 0:1019697 "Error fetching bindable services" a: Unauthorized at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710591 at Generator.next (<anonymous>) at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709878 at new Promise (<anonymous>) at s (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709623) at l (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710067) at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:855638 [SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/vendors~main-chunk-b7e93c71d22b5f8b2580.min.js 91 WebSocket connection to 'wss://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/graphql' failed: HTTP Authentication failed; no valid credentials available [SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/console/knative-event-sources - Failed to load resource: the server responded with a status of 401 (Unauthorized) [WARNING] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js 0:397448 "Error fetching CRDs for dynamic event sources" a: Unauthorized at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710591 at Generator.next (<anonymous>) at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709878 at new Promise (<anonymous>) at s (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:709623) at l (https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:710067) at https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/static/main-chunk-aa6364cc0b4b648d751c.min.js:1:855638 [SEVERE] https://console-openshift-console.apps.ci-op-iv0zq561-75d12.**********************/api/console/knative-channels - Failed to load resource: the server responded with a status of 401 (Unauthorized)
I just logged into a shared 4.10 cluster, then logged out (browser Inspect, preserved log) and I see the errors being throw! So it's not a cypress issue, but unfortunately, it is an issue with console/dynamic-plugins-sdk.
Sam Padgett wrote: "@dtaylor Are you sure this is the cause of the test failures? I would expect these errors in the logs, and we seem to be catching them properly..." Reassigning to Jakub for triage, as Sam seems to expect these errors, this BZ may not be a bug? Cypress PR which catches the "> Unauthorized" and allows e2e tests to continue: https://github.com/openshift/console/pull/10545
Reduced prio as this doesn't break our CI build anymore. Also created a PR already so pick this up, hope that's fine. PTAL https://github.com/openshift/console/pull/10606
This change only affects the CI test stability and could not be tested on a cluster. Set this as verified and will continuously watch the CI failure rate. The CI search page already shows a reduce of errors with this error. Search for "> Unauthorized" in the last 14 days Found in 0.00% of runs (0.00% of failures) across 484 total runs and 2 jobs (53.51% failed) https://search.ci.openshift.org/?search=%3E+Unauthorized&maxAge=336h&context=0&type=all&name=pull-ci-openshift-console-master-e2e-gcp-console&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job Search for "✖ crud/roles-rolebindings.spec.ts" in the last 14 days Found in 0.23% of runs (0.40% of failures) across 885 total runs and 2 jobs (56.50% failed) https://search.ci.openshift.org/?search=%E2%9C%96++crud%2Froles-rolebindings.spec.ts&maxAge=336h&context=0&type=all&name=pull-ci-openshift-console-master-e2e-gcp-console&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job Search for "It was caused by an unhandled promise rejection." in the last 14 days Found in 0.00% of runs (0.00% of failures) across 282990 total runs and 9431 jobs (20.37% failed) https://search.ci.openshift.org/?search=It+was+caused+by+an+unhandled+promise+rejection.&maxAge=336h&context=1&type=junit&name=&excludeName=&maxMatches=5&maxBytes=20971520&groupBy=job
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.10.3 security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0056