I have got a developer with proper cluster role to list projects.
By doing these manual steps, I am able to list projects:
1/ oc login -u developer -p developer
2/ oc whoami --show-token
B9ONXUSkY2DFU-hPuIFLCIbaQa7gscHg0AUDCVwz3Uo
3/ list projects:
My projects are listed so developer have the right to do it and the token used is ok.
Now when I want to use Arquillian Cube with Openshift to run a test (so it will list projects, create a project, pods and run tests) using this arquillian.xml:
It fails. From the log the "system:anonymous" is used to list all projects. So it seems that user developer is not used to authenticate.
Initializing Session:76bbce4a
Using Kubernetes at: https://192.168.42.148:8443/
Next exception has been thrown while checking the existence of itest-76bbce4a namespace and the namespace is going to be created. The exception is io.fabric8.kubernetes.clnt.v3_1.KubernetesClientException: Failure executing: GET at: https://192.168.42.148:8443/apis/project.openshift.io/v1/projects. Message: Forbidden! User developer/192-168-42-148:8443 doesn't have permission. User "system:anonymous" cannot list all projects.project.openshift.io in the cluster.
Creating project: itest-76bbce4a
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.347 s <<< FAILURE! - in com.damdamdeo.helloworld.HelloWorldFeatureIT
[ERROR] com.damdamdeo.helloworld.HelloWorldFeatureIT Time elapsed: 1.346 s <<< ERROR!
io.fabric8.kubernetes.clnt.v3_1.KubernetesClientException: Failure executing: POST at: https://192.168.42.148:8443/apis/project.openshift.io/v1/projectrequests. Message: Forbidden! User developer/192-168-42-148:8443 doesn't have permission. You may not request a new project via this API..
However with this arquillian.conf (notice I am using the token retrieved from 'oc whoami --show-token'):
Initializing Session:6d4e8061
Using Kubernetes at: https://192.168.42.148:8443/
Creating project: itest-6d4e8061
To switch to the new project: oc project itest-6d4e8061
Did not find any kubernetes/openshift configuration files before starting the test execution. If you are using fabric8-maven-plugin, ensure mvn package fabric8:resource fabric8:build is run first to generate the resources.
avr. 12, 2018 1:13:08 AM org.arquillian.cube.kubernetes.impl.resources.KubernetesResourcesApplier applyKubernetesResourcesAtClassScope
INFOS: Creating environment for com.damdamdeo.helloworld.HelloWorldFeatureIT
avr. 12, 2018 1:13:08 AM org.arquillian.cube.openshift.impl.CEEnvironmentProcessor createEnvironment
INFOS: Creating environment for com.damdamdeo.helloworld.HelloWorldFeatureIT
avr. 12, 2018 1:13:08 AM org.arquillian.cube.kubernetes.impl.resources.KubernetesResourcesApplier applyKubernetesResourcesAtMethodScope
INFOS: Creating environment for com.damdamdeo.helloworld.HelloWorldFeatureIT method performInternalCucumberOperations
avr. 12, 2018 1:13:08 AM org.arquillian.cube.openshift.impl.CEEnvironmentProcessor createOpenShiftResource
INFOS: Creating environment for com.damdamdeo.helloworld.HelloWorldFeatureIT method public void cucumber.runtime.arquillian.runner.BaseCukeSpace.performInternalCucumberOperations(java.lang.Object,java.lang.Object) throws java.lang.Exception
avr. 12, 2018 1:13:08 AM cucumber.runtime.arquillian.runner.BaseCukeSpace runFeatures
INFOS: Running com/damdamdeo/helloworld/HelloWorld.feature
Feature: Hello World IT
avr. 12, 2018 1:13:09 AM org.arquillian.cube.kubernetes.impl.KubernetesAssistant deploy
INFOS: application deployed, 3 object(s) created.
Expected behavior:
cube.username and cube.password should be used to authenticate the user to execute tests.
Workaround:
log to openshift using 'oc login -u system:admin' before running tests (using 'mvn deploy').
Remark: login using the developer user is not working.
I have got a developer with proper cluster role to list projects.
By doing these manual steps, I am able to list projects: 1/ oc login -u developer -p developer 2/ oc whoami --show-token B9ONXUSkY2DFU-hPuIFLCIbaQa7gscHg0AUDCVwz3Uo 3/ list projects:
My projects are listed so developer have the right to do it and the token used is ok.
Now when I want to use Arquillian Cube with Openshift to run a test (so it will list projects, create a project, pods and run tests) using this arquillian.xml:
It fails. From the log the "system:anonymous" is used to list all projects. So it seems that user developer is not used to authenticate.
However with this arquillian.conf (notice I am using the token retrieved from 'oc whoami --show-token'):
It works:
Expected behavior:
cube.username and cube.password should be used to authenticate the user to execute tests.
Workaround: log to openshift using 'oc login -u system:admin' before running tests (using 'mvn deploy').
Remark: login using the developer user is not working.
Versions:
arquillian-cube-openshift: 1.15.3
oc v3.6.1+008f2d5 kubernetes v1.6.1+5115d708d7 features: Basic-Auth GSSAPI Kerberos SPNEGO
Server https://192.168.42.148:8443 openshift v3.6.1+269e828-9 kubernetes v1.6.1+5115d708d7