APB bootstrap failing with run_local_build.sh deployment on mac.

[eriknelson]

Quoting @mkanoor from #236:

@eriknelson I am on Mac using OpenShift with Docker.

oc v3.7.1+ab0f056
kubernetes v1.7.6+a08f5eeb62
features: Basic-Auth

Server https://127.0.0.1:8443
openshift v3.7.1+a8deba5-34
kubernetes v1.7.6+a08f5eeb62

I have installed apb using pip

oc cluster up --service-catalog=true
oc login -u system:admin
oc adm policy add-cluster-role-to-user cluster-admin developer
oc login << as developer>>
I run this shell script https://github.com/openshift/ansible-service-broker/blob/master/scripts/run_latest_build.sh
app bootstrap --username developer --password password

That still gives me a 403, it seems like its missing some roles.

I added curl "https://raw.githubusercontent.com/ansibleplaybookbundle/ansible-playbook-bundle/master/templates/openshift-permissions.template.yaml" | oc process -p USER=$YOUR_USERNAME -f - | oc create -f -

I still get a 403, I ran into the bootstrap because the apb push was failing in bootstrap.

[eriknelson]

@mkanoor applying the cluster role cluster-admin to the developer essentially gives developer cluster root privileges, so it is unlikely you are missing a role, and you can safely ignore the template I mentioned because that tries to apply fine grained access rights without granting root privileges.

I will try to reproduce this and report back.

[eriknelson]

I'm able to reproduce this following your steps on a fedora machine as well, so this isn't unique to the mac. Digging into this.

[eriknelson]

@mkanoor Found the root issue, 2 things:

1) run_local_build.sh logs in as system:admin to ensure it can create the required broker resources. apb requires a user with a token to execute its commands, and system:admin does not have a token. This is why you are seeing a 403 error; because you ran our script, you are no longer developer.

Solution: run oc login -u developer after you have run the run_local_script.sh, and prior to running any apb commands.

2) The apb bootstrap --username and --password flags to are only required for basic auth, which you are not using. Instead, the apb tool will use Bearer Token auth and automatically load your token after you correctly oc login as developer. apb bootstrap is all that you need to run; it will load your user token.

Please let me know if that works for you!

[mkanoor]

@eriknelson I am seeing the token after I do the oc login as developer. But I still get a 403

Error: Attempt to bootstrap Broker returned status: 403
Unable to bootstrap Ansible Service Broker.

[mkanoor]

@eriknelson I take it back. I seems to be working with your suggestions. Thanks for your help 👍