-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Loss of API status on Forbidden #16731
Comments
I can't see any reason why we shouldn't fix upstream.
…On Fri, Oct 6, 2017 at 2:34 PM, Mo Khan ***@***.***> wrote:
Now:
$ curl -k https://$(openshift start --print-ip):8443/api/v1/namespaces/myproject/pods/podX1:8080/proxy/appEndPoint
User "system:anonymous" cannot get pods/unsafeproxy in the namespace "myproject": User "system:anonymous" cannot get pods/unsafeproxy in project "myproject"
In the past:
$ curl -k https://$(openshift start --print-ip):8443/api/v1/namespaces/myproject/pods/podX1:8080/proxy/appEndPoint
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "User \"system:anonymous\" cannot get pods/unsafeproxy in project \"myproject\"",
"reason": "Forbidden",
"details": {
"name": "podX1:8080",
"kind": "pods"
},
"code": 403
}
Are we OK with losing our nice machine parseable error? We lost this by
moving to the upstream handlers. We should probably fix upstream to do
something more useful.
@openshift/sig-security
<https://github.com/orgs/openshift/teams/sig-security>
—
You are receiving this because you are on a team that was mentioned.
Reply to this email directly, view it on GitHub
<#16731>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABG_p4x-Gjv7t6DIoYZDrh4ZFq_IsLX-ks5spnKcgaJpZM4Pw3tQ>
.
|
similar issue reported upstream, I verified we get full status objects back in 1.8, hadn't tracked down where it was fixed |
This seems to be fixed in upstream: on k8s
on openshift
by upstream do you mean Kubernetes or something else? |
yes, kubernetes. fixed in the 1.8 timeframe, which means openshift would pick up the fix in 3.8 |
Is this a beginner friendly issue? If yes, what particular areas I should look at to solve this problem? I have been trying to solve this issue for quiet sometime now!
which comes from here
Is there some specific place I should look at to fix this issue? |
@liggitt thanks for that reply, did not see your early comment, but I think this will help me understand how this was solved 👍 :-) Can you point me to the piece of code that fixed this one issue? |
This was fixed in kubernetes/kubernetes#47384 @smarterclayton @liggitt are we OK with 3.7 not having status errors on forbidden? 3.6- work as expected, and so will 3.8+ Seems strange to have 3.7 be the only release with this in a broken state. |
any update? |
Seem like it will be automatically fixed in 3.8, I am going to close this issue as we are not going to deal with this in 3.7 timeframe. |
Please make sure this is documented in the release notes for API changes and that it will be resolved in 3.8 |
Now:
In the past:
Are we OK with losing our nice machine parseable error? We lost this by moving to the upstream handlers. We should probably fix upstream to do something more useful.
@openshift/sig-security
The text was updated successfully, but these errors were encountered: