search

opendatahub-io / model-registry-operator

Apache License 2.0
3 stars 17 forks source link

Curl to Rest Service giving Authorization Issues #134

Open R3hankhan123 opened 6 days ago

R3hankhan123 commented 6 days ago

Describe the bug When trying to curl the rest route after deploying through istio/mysql the following error is coming

[root@a3elp75 ~]# curl -vvvH "Authorization: Bearer $TOKEN" http://modelregistry-sample-rest.$DOMAIN/api/model_registry/v1alpha3/registered_models
*   Trying 192.168.169.2...
* TCP_NODELAY set
* Connected to modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe (192.168.169.2) port 80 (#0)
> GET /api/model_registry/v1alpha3/registered_models HTTP/1.1
> Host: modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe
> User-Agent: curl/7.61.1
> Accept: */*
> Authorization: Bearer sha256~OAs3VwnQq-oDDGEfelUOiWpzwbfqzkI7JVAYSYqbcdM
> 
< HTTP/1.1 403 Forbidden
< x-ext-auth-reason: not authorized: unknown reason
< date: Wed, 18 Sep 2024 10:54:55 GMT
< server: istio-envoy
< content-length: 0
< x-envoy-upstream-service-time: 53
< set-cookie: e12cfe597d4ad19a906d2e228942653f=d93cc212d4be68de0cd2612e88d9eef2; path=/; HttpOnly
< 
* Connection #0 to host modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe left intact

I am using OCP version 4.13 and using openshift service mesh instead of istio To Reproduce Steps to reproduce the behavior: Following the steps provided in the readme

Expected behavior By default the following should come when trying to curl as provided in the readme {"items":[],"nextPageToken":"","pageSize":0,"size":0} Additional context Model Registry has been deployed via ODH version 2.17 The following are istioctl commands on istio-ingressway

[root@a3elp75 ~]# ~/istioctl proxy-config listener  istio-ingressgateway-5b88b8779c-qwgjq -n istio-system
ADDRESSES PORT  MATCH DESTINATION
0.0.0.0   8080  ALL   Route: http.8080
0.0.0.0   15021 ALL   Inline Route: /healthz/ready*
0.0.0.0   15090 ALL   Inline Route: /stats/prometheus*
[root@a3elp75 ~]# ~/istioctl proxy-config routes  istio-ingressgateway-5b88b8779c-qwgjq -n istio-system
NAME          VHOST NAME                                                              DOMAINS                                                                                                                                MATCH                  VIRTUAL SERVICE
http.8080     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe:80     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe, modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe     /*                     modelregistry-sample.opendatahub
http.8080     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe:80     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe, modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe     /*                     modelregistry-sample.opendatahub
http.8080     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe:80     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe, modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe     /*                     modelregistry-sample.opendatahub
http.8080     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe:80     modelregistry-sample-grpc.apps.ocpz-standard.a3elp75.lnxero1.boe, modelregistry-sample-rest.apps.ocpz-standard.a3elp75.lnxero1.boe     /*                     modelregistry-sample.opendatahub
              backend                                                                 *                                                                                                                                      /stats/prometheus*     
              backend                                                                 *                                                                                                                                      /healthz/ready*