Closed reschenburgIDBS closed 2 years ago
Hi
we're trying to setup fiat/authz atm, with authn working fine (i.e. we can sign into spinnaker using github accounts)
The problem starts as soon as we have an authz section in the config:
{"level":"error","ts":1635948418.3120487,"logger":"controller-runtime.controller","msg":"Reconciler error","controller":"spinnakerservice-controller","request":"spinnaker/spinnaker","error":"got halyard response status 500, response: ","stacktrace":"github.com/go-logr/zapr.(*zapLogger).Error\n\t/opt/spinnaker-operator/build/vendor/github.com/go-logr/zapr/zapr.go:128\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/opt/spinnaker-operator/build/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:218\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/opt/spinnaker-operator/build/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:192\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).worker\n\t/opt/spinnaker-operator/build/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:171\nk8s.io/apimachinery/pkg/util/wait.JitterUntil.func1\n\t/opt/spinnaker-operator/build/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:152\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/opt/spinnaker-operator/build/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:153\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/opt/spinnaker-operator/build/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:88"}
with the important bit being: "error":"got halyard response status 500, response: ", - no actual response message.
"error":"got halyard response status 500, response: ",
We have tried spinnakerConfig.config.version: 1.26.6 as well as 1.23.7
spinnakerConfig.config.version: 1.26.6 as well as 1.23.7
There is no fiat pod spinning up as a result and other configuration chages are not applied until the authz section is removed from config.
this is our authn and authz section:
security: authn: oauth2: enabled: true client: clientId: <removed> clientSecret: <removed> accessTokenUri: https://github.com/login/oauth/access_token userAuthorizationUri: https://github.com/login/oauth/authorize scope: user:email resource: userInfoUri: https://api.github.com/user userInfoRequirements: company: '<removed>' userInfoMapping: email: email firstName: '' lastName: name username: login provider: GITHUB authz: enabled: true groupMembership: service: GITHUB google: roleProviderType: GOOGLE github: roleProviderType: GITHUB baseUrl: https://api.github.com accessToken: <removed> organization: <removed> file: roleProviderType: FILE ldap: roleProviderType: LDAP
It would also be great to know what key/value pairs are available for userInfoRequirements.
Other possibly relevant info:
Any suggestions as to what might be going wrong here?
Thanks!
resolved. we had an indentation error in the authz section which was not immidiately obvious as we are using yq to inject secrets as part of a pipeline.
Hi
we're trying to setup fiat/authz atm, with authn working fine (i.e. we can sign into spinnaker using github accounts)
The problem starts as soon as we have an authz section in the config:
with the important bit being:
"error":"got halyard response status 500, response: ",
- no actual response message.We have tried
spinnakerConfig.config.version: 1.26.6 as well as 1.23.7
There is no fiat pod spinning up as a result and other configuration chages are not applied until the authz section is removed from config.
this is our authn and authz section:
It would also be great to know what key/value pairs are available for userInfoRequirements.
Other possibly relevant info:
Any suggestions as to what might be going wrong here?
Thanks!