search

iits-consulting / otc-auth

Open Source CLI for the Open Telekom Cloud written in go.
GNU General Public License v3.0
44 stars 4 forks source link

Permission denied after upgrade to 2.0.7 #72

Closed bbung closed 12 months ago

bbung commented 1 year ago

Hey,

we updated from Verison 2.0.0 to Version 2.0.7 and now do get the following error message:

2023/10/23 10:15:02 info: cloud config created
2023/10/23 10:15:02 Cloud OTCXXXXXXXX loaded successfully and set to active.
2023/10/23 10:15:02 Retrieving unscoped token for active cloud...
2023/10/23 10:15:05 error: status 403 Forbidden, body:
{"error":{"code":403,"message":"You are not authorized to perform the requested action.","title":"Forbidden"}}
2023/10/23 10:15:05 fatal: response failed with status 403 Forbidden. Body:
{
   "error": {
      "code": 403,
      "message": "You are not authorized to perform the requested action.",
      "title": "Forbidden"
   }
}
2023/10/23 10:15:05 Cloud OTCXXXXXXXX loaded successfully and set to active.
2023/10/23 10:15:05 fatal: no valid unscoped token found.

Please obtain an unscoped token by logging in first

We do not see any breaking changes in the changelog nor does the version number indicate any. We are using the command: otc-auth login idp-oidc and the following env vars (no command line arguments):

export CLIENT_ID
export CLIENT_SECRET
export IDP_URL
export OIDC_SCOPES="profile,openid,email"
export CLUSTER_NAME
export OS_DOMAIN_NAME
export REGION
export OS_PROJECT_NAME
export IDP_NAME

Are there any changes that we missed?

Thanks and best regards, Björn

Ninja243 commented 1 year ago

Hello and thank you for the issue! There shouldn't have been any breaking changes; we're looking into it!

Best regards, Mweya

bbung commented 1 year ago

Hey, sorry to ask. Any Updates on the issue?

Ninja243 commented 1 year ago

Hello, I haven't been able to reproduce this error so far, I'm still looking into it. I've just pushed an update to otc-auth, does this issue still happen on version 2.0.8?

bbung commented 1 year ago

Hey, no. The error is still there with 2.0.8.


otc-auth version 2.0.8 built on 2023-11-21T11:32:16Z
❯ ./login
2023/11/21 13:55:40 info: cloud OTC00000000001000092830 loaded successfully and set to active.
2023/11/21 13:55:40 info: retrieving unscoped token for active cloud...
2023/11/21 13:55:42 fatal: status 403 Forbidden, body:
{"error":{"code":403,"message":"You are not authorized to perform the requested action.","title":"Forbidden"}}```

Any chance to enable debug loggin or anything?
Ninja243 commented 1 year ago

Not yet! I'll look into adding a debug flag. Thank you!

Does removing your $HOME/.otc-auth-config file and trying to log in again also still result in the 403? And also, just for confirmation's sake, do you not see this issue with version 2.0.0?

bbung commented 1 year ago

Hey, i just tested again the different version with deleting the otc-auth-config each time. It breaks with version 2.0.2 2.0.0 works 2.0.1 works 2.0.2 403 forbidden error.

Maybe this helps pinpointing the error. Thanks for looking into it.

Ninja243 commented 12 months ago

I think we've found the issue! We were overwriting the scopes supplied by accident. Would you mind giving it a try with version 2.0.9 sometime later?

bbung commented 12 months ago

Thanks, that fixed the issue. 2.0.9 works!