gabemontero
commented
8 years ago OK ... I think I've reproduced this, though some confirmation of the details would be good. In particular, from the job output provided, I surmised that: 1) Jenkins was not running in either of the projects involved in the tagging 2) as such, you provided auth tokens for both the source and destination projects 3) I took at stab and guessed you provided edit access of the destination project to the service account of the source project 4) If so, I believe I saw the tagging work from scratch with v1.0.11, but not work with v1.0.12 5) Conversely, if the image stream already existed, it failed with v1.0.11 (a known bug I fixed in v1.0.12), but worked with v1.0.12
Also, after reproducing, I was able to address the issue without having to make a code change to the plugin, but instead run an additional oc policy add-role-to-user command, adding edit access of the source project to the service account of the destination project (the inverse if you will for what I did in 3) above). When doing this, the tagging then worked for me (irregardless of whether the ImageStream previously existed or not) with v1.0.12.
With those details, and for handling the previous bug wrt the image stream existing, I believe this is the correct approach (updating the policy of the service account of each project), and I'll be updating the README.
@livelace - assuming my repro attempt sounds close enough to your env, please try adding edit access to the service accounts of each project to themselves as well as the project on the other side of the oc tag operation, and let me know the results.
livelace
https://paste.fedoraproject.org/368841/14637447/
With 1.0.11 all working fine.