Closed livelace closed 7 years ago
Yep, I see this as well putting in a bad token.
Cross referencing with our extended test, the extended test for failure supplies a bad cluster api url to confirm test failure. We don't have a test that supplies a bad token in jenkins_pipeline.go.
Perhaps the http get of healthz/ready does not require a valid token ?!?! I have verified we are passing in the configured (invalid) token.
I'll experiment with some other uri endpoints
Yep, that appears to be the case. I added an equivalent of oc get is -n openshift
and that produced an auth error.
Conversely, if I go with the default token (the serviceaccount's token), the oc get is -n openshift
succeeds.
@bparees - does rest call equivalent to oc get is -n openshift
seem to you like a valid rest call to determine whether the supplied token carries the necessary authorization ?
is there no generic endpoint we can hit to simply validate the token? @liggitt @deads2k
there is the "/oapi/v1/users/~" endpoint, but it is messier to access that one from the java restclient
my worry w/ the openshift NS suggestion is the day someone decides they don't want an openshift namespace.
ok, i managed to hit "/oapi/v1/users/~" with relatively little pain from the java restclient after all ... pending endpoint correction from @liggitt @deads2k let's go with that
i'll submit pull momentarily
/apis
will return 401 with a bad token, and exists in both openshift and kube servers
@livelace if you can try out the pre-release version of this change at https://ci.openshift.redhat.com/jenkins/view/All/job/openshift-pipeline-plugin/36/s3/download/openshift-pipeline.hpi
@gabemontero It works, thanks! :)
On Wed, May 17, 2017 at 11:19 AM, Oleg Popov notifications@github.com wrote:
@gabemontero https://github.com/gabemontero It works, thanks! :)
Cool - thanks for testing.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/openshift/jenkins-plugin/issues/136#issuecomment-302124304, or mute the thread https://github.com/notifications/unsubscribe-auth/ADbadOTkSbPVVmZQ042bp34EDEG53FANks5r6xABgaJpZM4NcDkY .
Subject. Even with a wrong password/token.