Fedora Account System
Red Hat Associate
Red Hat Customer
Description of problem: Once a token expires, rhc can no longer authenticate, even when you pass in a password. This causes all auth related operations failed (including trying to delete auth tokens). Here is what I got when I tried to list the domain with an expired auth token: $ rhc domain show -p $pass -k Your authorization token has expired. Please sign in now to continue. Username or password is not correct Not authenticated NOTE: I'm passing in the correct password here. The expired token if causing all rhc auth sessions to fail. If I'm passing in the correct password, this should always succeed. Here's is what I got when I tried to remove all auth tokens: $ rhc authorization delete-all -k -p $pass Deleting all authorizations ... Your authorization token has expired. Please sign in now to continue. Username or password is not correct Not authenticated NOTE: the username and password _are_ correct. To manually fix this problem, I had to remove the token using this command: $ rm ~/.openshift/token_L4hORHcHOZWgmE7J4emuvg Once I did this, rhc started working properly again. Version-Release number of selected component (if applicable): rhc-1.6.8-1.el6oso.noarch How reproducible: unsure, but probably pretty reproducible. Steps to Reproduce: NOTE: This was seen with our monitoring checks, so these steps are what I think will repro it. 1. Create a token for rhc to use (verify that it's there in the ~/.openshift directory) 2. Wait for the token to expire 3. Run: rhc domain show -k -p $pass 4. Notice that even though you're passing in the correct password, the call fails. 5. Run: rhc authorization delete-all -k -p $pass 6. Notice again that even though you're passing in the correct password, the call fails. Actual results: Couldn't remove a token once it was expired. With the expired token in place, all rhc commands that required authorization failed (for instance, "rhc domain show" failed). Expected results: If I'm passing in a password, it should never fail, even if a token has expired.
QE can't reproduce this bug with rhc-1.6.8-1.el6oso.noarch. Please refer to the steps as below: Steps: 1. Create a token with short period expiration # rhc authorization add --scopes session --note new_session --expires-in 60 Adding authorization ... done new_session ----------- Token: decbbd3292354cf0068820964bdb994b4c5118e3208cc4ef14a954cb9e1d588a Scopes: session Created: 1:32 PM Expires In: 1 minute 2. Wait for the token to expire 3. Run: rhc domain show or rhc authorization Actual results: It will generate a new token automatically after you input correct password as below # rhc domain show Your authorization token has expired. Please sign in now to continue. Password: ****** Applications in stgtest1 domain ------------------------------- php11 @ http://php11-stgtest1.stg.rhcloud.com/ (uuid: 51614b242587c8247f00012d) ------------------------------------------------------------------------------- Created: Apr 07 6:32 PM Gears: 1 (defaults to small) Git URL: ssh://51614b242587c8247f00012d.rhcloud.com/~/git/php11.git/ SSH: 51614b242587c8247f00012d.rhcloud.com php-5.3 (PHP 5.3) ----------------- Gears: 1 small # rhc authorization RHC/1.6.8 (from dhcp-11-50.nay.redhat.com on x86_64-linux) ---------------------------------------------------------- Token: fcde849437fb591febe36d571da4bfaa996ce376b010c3c3228a0f7c0bd5593c Scopes: session Created: 1:33 PM Expires In: about 24 hours Could you please help provide more information for this bug? Thanks.
Hmm, interesting. Not that it should matter, but try passing in the password using the -p command line option. That's what I was doing. The only other thing I can think of that's different is that this token was created by the 'rhc setup' command. Here was the rhc setup command that we ran: rhc setup -l $user -p $pass
QE test again with rhc-1.6.8-1.el6oso.noarch, but it still cannot reproduce the bug. if the token have been expired or be deleted, run any commands use the option '-p ' like 'rhc domain show -p $password', it can execute successfully. this is my step: 1) first create token by 'rhc setup' [zqzhao@dhcp-13-222 .openshift]$ rhc authorization RHC/1.6.8 (from dhcp-13-222.nay.redhat.com on x86_64-linux) ----------------------------------------------------------- Token: 3300862bc69ee72fab0bae8d03c28656aad8f3aa6d48cba508d8aa10b95a8e16 Scopes: session Created: 2:51 AM Expires In: less than 1 minute 2)after 1 minute, run 'rhc domain show -p redhat -k' [zqzhao@dhcp-13-222 .openshift]$ rhc domain show -p redhat -k Your authorization token has expired. Please sign in now to continue. The domain zqd exists but has no applications. You can use 'rhc app create' to create a new application.
Ok, thanks for trying to repro this. I'm not sure how I got the rhc into this state. I'm closing this bug for now and will re-open if I run across this problem again (hopefully with better repro instructions).