failure after concourse 5.0 upgrade

[bencao]

Noticed the following errors for concourse-pipeline-resource after upgrading to concourse 5.0, is it something related to RBAC changes?

resource script '/opt/resource/check []' failed: exit status 1

stderr:
Logging to /tmp/concourse-pipeline-resource-check.log007011057
2019/03/07 04:20:34 exit status 1 - WARNING:

fly version (4.2.2) is out of sync with the target (5.0.0). to sync up, run the following:

    fly -t https://my.concourse.net sync

error: oauth2: cannot fetch token: 400 Bad Request
Response: 

[vito]

just shipped a 2.0.0 tag which has fly 5.0.0, which should fix this!

[bencao]

Thanks for the quick fix!

While I got the same error after upgrading pipeline-resource to tag 2.0, I did a further investigation. I realized the actual root cause was due to the auth change for concourse 5.0, previously I had a CONCOURSE_MAIN_TEAM_ALLOW_ALL_USERS configuration that automatically promote local user to be in main team, and while I kept on using this local user but removed main team allow all users, I found the following logs from atc log stream:

{"timestamp":"2019-03-11T16:35:40.650433761Z","level":"error","source":"atc","message":"atc.sky.token.failed-to-issue-concourse-token","data":{"error":"user doesn't belong to any team","session":"5.39076"}}

Eventually, I solved this problem by changing the configuration by allowing this special local user to be in main team:

CONCOURSE_ADD_LOCAL_USER=admin:pasword
+ CONCOURSE_MAIN_TEAM_LOCAL_USER=admin

[bencao]

One small improvement we may do is to improve the error message from the pipeline-resource log:

2019/03/11 16:35:39 exit status 1 - error: oauth2: cannot fetch token: 400 Bad Request
Response: 

The response was empty. If there's anything that can point us to "please check whether user xxx has proper permissions to read and write for pipeline yyy" it will be quite helpful, thank you!