[caasp-beta] caasp v4 dex refreshtokens forbidden

JenTing Hsiao jenting.hsiao at suse.com
Mon Aug 19 04:47:18 MDT 2019 

Loop more people.

JenTing Hsiao <jenting.hsiao at suse.com<mailto:jenting.hsiao at suse.com>>於 2019年8月17日 週六,11:45寫道:
Hi Ian,
    Due to oidc-dex ClusterRole refreshtokens no get permission. Thanks for finding the bug. Please help file bugzilla if possible.

JenTing

Donaldson, Ian <Ian.Donaldson at ngic.com<mailto:Ian.Donaldson at ngic.com>>於 2019年8月17日 週六,00:44寫道:
One of our developers can’t login to gangway/dex to get his token.. I see these errors in the dex logs. Any ideas?

2019-08-16T11:44:00.072284195-04:00 stderr F time="2019-08-16T15:44:00Z" level=error msg="failed to get refresh token: GET https://10.96.0.1:443/apis/dex.coreos.com/v1/namespaces/kube-system/refreshtokens/bj7ffgjikxfj6hiryzqgmzm6x Forbidden: response from server \"{\"kind\":\"Status\",\"apiVersion\":\"v1\",\"metadata\":{},\"status\":\"Failure\",\"message\":\"refreshtokens.dex.coreos.com<http://refreshtokens.dex.coreos.com> \\"bj7ffgjikxfj6hiryzqgmzm6x\\" is forbidden: User \\"system:serviceaccount:kube-system:oidc-dex\\" cannot get resource \\"refreshtokens\\" in API group \\"dex.coreos.com<http://dex.coreos.com>\\" in the namespace \\"kube-system\\"\",\"reason\":\"Forbidden\",\"details\":{\"name\":\"bj7ffgjikxfj6hiryzqgmzm6x\",\"group\":\"dex.coreos.com\",\"kind\":\"refreshtokens\"},\"code\":403}\""



Ian Donaldson
Unix Systems Administrator
Office: 336-435-3983
ian.donaldson at NGIC.com
[cid:image001.png at 01CF32FA.7C387000]


_______________________________________________
caasp-beta mailing list
caasp-beta at lists.suse.com<mailto:caasp-beta at lists.suse.com>
Check the mailing list archives or Unsubscribe at http://lists.suse.com/mailman/listinfo/caasp-beta
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190819/8af62348/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2857 bytes
Desc: image001.png
URL: <http://lists.suse.com/pipermail/caasp-beta/attachments/20190819/8af62348/attachment.png>

More information about the caasp-beta mailing list