-@gerrit:opendev.org- Dong Zhang proposed: [zuul/nodepool] 925086: Fix exception for non Statemachine providers https://review.opendev.org/c/zuul/nodepool/+/925086 | 10:27 | |
-@gerrit:opendev.org- Dong Zhang proposed: [zuul/nodepool] 925090: Pin setuptools<72 to fix build error https://review.opendev.org/c/zuul/nodepool/+/925090 | 12:38 | |
@dfajfer:fsfe.org | I have a weird problem - /api/ endpoint seems to work okay but whenever I try to do zuul client commands (`{autohold,autohold-delete,autohold-info,autohold-list,enqueue,enqueue-ref,dequeue,promote,encrypt,builds,build-info,job-graph,freeze-job}`) it ends up with 404 | 12:48 |
---|---|---|
@dfajfer:fsfe.org | it's just one environment and they're both on k8s. Currently sitting and comparing everything but nothing looks like it would block certain api endpoints | 12:48 |
@dfajfer:fsfe.org | * I have problem with just one environment and they're both on k8s. Currently sitting and comparing everything but nothing looks like it would block certain api endpoints | 12:48 |
@dfajfer:fsfe.org | * I have problem with just one environment and they're all on k8s (with operator running). Currently sitting and comparing everything but nothing looks like it would block certain api endpoints | 12:49 |
@dfajfer:fsfe.org | to say it somewhat easier, for some reason I get 404 on url: | 12:57 |
`https://zuul/api/tenant/{tenant}/project/{project}/autohold` | ||
as it says `404 Not Found Unknown project` | ||
but GET on `https://zuul/api/tenant/{tenant}/project/{project}` works as expected. I don't experience that on the old environment :( not sure what am I missing but I failed to find anything looking at ingress related configurations | ||
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/925019 | 13:00 | |
-@gerrit:opendev.org- Benjamin Schanzel proposed: [zuul/zuul] 924067: Add filtering support for pipeline status views https://review.opendev.org/c/zuul/zuul/+/924067 | 13:09 | |
@dfajfer:fsfe.org | * to say it somewhat easier, for some reason I get 404 on url: | 13:24 |
`https://zuul/api/tenant/{tenant}/project/{project}/autohold` | ||
as it says `404 Not Found Unknown project` | ||
but GET on `https://zuul/api/tenant/{tenant}/project/{project}` works as expected. I don't experience that on the old environment :( not sure what am I missing but I failed to find anything looking at ingress related configurations. The error comes from CherryPy though so it's something regarding Zuul that I might have not done properly, kinda stuck right now | ||
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/925019 | 13:34 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/925019 | 13:36 | |
-@gerrit:opendev.org- Felix Edel proposed: [zuul/zuul] 925096: WIP: Make QueueItem cards in ChangeQueue more concise https://review.opendev.org/c/zuul/zuul/+/925096 | 13:51 | |
-@gerrit:opendev.org- Simon Westphahl proposed: [zuul/zuul] 925019: Refactor AWS SMs to allow recovery from ZK state https://review.opendev.org/c/zuul/zuul/+/925019 | 14:03 | |
@fungicide:matrix.org | > <@dfajfer:fsfe.org> to say it somewhat easier, for some reason I get 404 on url: | 14:26 |
> `https://zuul/api/tenant/{tenant}/project/{project}/autohold` | ||
> as it says `404 Not Found Unknown project` | ||
> | ||
> but GET on `https://zuul/api/tenant/{tenant}/project/{project}` works as expected. I don't experience that on the old environment :( not sure what am I missing but I failed to find anything looking at ingress related configurations. The error comes from CherryPy though so it's something regarding Zuul that I might have not done properly, kinda stuck right now | ||
did you add and apply the same `authorization-rule` (formerly `admin-rule`) entries in your tenant config? | ||
@fungicide:matrix.org | https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule | 14:26 |
@dfajfer:fsfe.org | I do but it's a mockup really | 14:29 |
@dfajfer:fsfe.org | it's literally like this on both envs | 14:30 |
``` | ||
- admin-rule: | ||
name: myrule | ||
conditions: | ||
- preferred_username: fajfer | ||
``` | ||
@dfajfer:fsfe.org | in tenant configs | 14:30 |
@dfajfer:fsfe.org | I'm more worried because if I'm not authenticated and reach the endpoint on old one I get a 404 and JSON response `Missing \"Authorization\" header` | 14:30 |
@dfajfer:fsfe.org | whilist on the new environment CherryPy greets me | 14:31 |
@dfajfer:fsfe.org | * whilist on the new environment CherryPy greets me with a bare 404 not found | 14:31 |
@dfajfer:fsfe.org | * whilist on the new environment CherryPy greets me with a bare 404 Not Found Unknown project | 14:31 |
@dfajfer:fsfe.org | ```When an authorization rule is included in the tenant’s admin-rules, the protected actions available are autohold, enqueue, dequeue and promote.``` | 14:35 |
Stuff like `autohold-list` give me 404 from CherryPy as well | ||
@dfajfer:fsfe.org | I think I have something, I don't see admin rules apply under every tenant | 14:39 |
@dfajfer:fsfe.org | doesn't seem to work, can I somehow check current rules in rare case the tenant config didnt update | 14:54 |
@dfajfer:fsfe.org | * seems to work the same way, can I somehow check current rules in rare case the tenant config didnt update | 14:54 |
@dfajfer:fsfe.org | made another cluster without admin rules and it's the same thing there | 15:10 |
@dfajfer:fsfe.org | so just regarding Zuul overall, is the above expected behaviour? I mean without https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule I should be just allowed to enqueue whatever I want, right? currently I have no '[auth]' blocks in my zuul-config so putting some mockup rules didn't make any sense on my part but I got rid of them | 15:48 |
@dfajfer:fsfe.org | * so just regarding Zuul overall, is the above expected behaviour? I mean without https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule I should be just allowed to enqueue whatever I want, right? currently I have no '[auth]` blocks in my zuul-config so putting some mockup rules didn't make any sense on my part but I got rid of them | 15:49 |
-@gerrit:opendev.org- Zuul merged on behalf of James E. Blair https://matrix.to/#/@jim:acmegating.com: [zuul/zuul] 922779: Add exclude_results to web UI buildset filtering https://review.opendev.org/c/zuul/zuul/+/922779 | 15:57 | |
@dfajfer:fsfe.org | > <@dfajfer:fsfe.org> so just regarding Zuul overall, is the above expected behaviour? I mean without https://zuul-ci.org/docs/zuul/latest/tenants.html#authorization-rule I should be just allowed to enqueue whatever I want, right? currently I have no '[auth]` blocks in my zuul-config so putting some mockup rules didn't make any sense on my part but I got rid of them | 16:08 |
`At least one authenticator must be configured in Zuul for admin commands to be enabled in the client.` | ||
https://zuul-ci.org/docs/zuul/latest/configuration.html#client | ||
Guess it is expected behaviour. | ||
@dfajfer:fsfe.org | didn't really catch that earlier and the operator doesn't really make room for creating one | 16:09 |
@dfajfer:fsfe.org | I guess the error wasn't really helpful as it was saying `Unknown project` instead of some kind of 403 message | 16:11 |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: [zuul/zuul] 925124: Mark some intentional errors as okay https://review.opendev.org/c/zuul/zuul/+/925124 | 18:08 | |
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 18:12 | |
- [zuul/zuul] 922433: Add ability to fail tests if tracebacks appear in logs https://review.opendev.org/c/zuul/zuul/+/922433 | ||
- [zuul/zuul] 922434: Handle some TemplateNotFoundErrors https://review.opendev.org/c/zuul/zuul/+/922434 | ||
- [zuul/zuul] 922435: Don't log tracebacks on malformed JSON error https://review.opendev.org/c/zuul/zuul/+/922435 | ||
- [zuul/zuul] 922436: Mark mqtt test exception as okay https://review.opendev.org/c/zuul/zuul/+/922436 | ||
- [zuul/zuul] 925124: Mark some intentional errors as okay https://review.opendev.org/c/zuul/zuul/+/925124 | ||
-@gerrit:opendev.org- James E. Blair https://matrix.to/#/@jim:acmegating.com proposed: | 23:06 | |
- [zuul/zuul] 925136: Mark exception okay in test_cache_new_branch https://review.opendev.org/c/zuul/zuul/+/925136 | ||
- [zuul/zuul] 925137: Mark line map exceptions as okay https://review.opendev.org/c/zuul/zuul/+/925137 | ||
- [zuul/zuul] 925138: Avoid DB exceptions on certain build cleanups https://review.opendev.org/c/zuul/zuul/+/925138 | ||
- [zuul/zuul] 925139: Fix test_crd_gate_unknown https://review.opendev.org/c/zuul/zuul/+/925139 | ||
- [zuul/zuul] 925140: Update pagure fake get_project_webhook_token https://review.opendev.org/c/zuul/zuul/+/925140 | ||
- [zuul/zuul] 925141: Don't log tracebacks on missing jobs in freeze https://review.opendev.org/c/zuul/zuul/+/925141 | ||
- [zuul/zuul] 925142: Avoid logging tracebacks on some job freeze errors https://review.opendev.org/c/zuul/zuul/+/925142 | ||
- [zuul/zuul] 925143: Avoid logging tracebacks on inheritance freeze errors https://review.opendev.org/c/zuul/zuul/+/925143 | ||
- [zuul/zuul] 925144: Don't log tracebacks on broken stream pipes https://review.opendev.org/c/zuul/zuul/+/925144 | ||
- [zuul/zuul] 925145: Don't log tracebacks on job dependency errors https://review.opendev.org/c/zuul/zuul/+/925145 | ||
- [zuul/zuul] 925146: Refactor JobConfigurationError https://review.opendev.org/c/zuul/zuul/+/925146 | ||
- [zuul/zuul] 925147: Don't log tracebacks when failing to create cron triggers https://review.opendev.org/c/zuul/zuul/+/925147 | ||
- [zuul/zuul] 925148: Set ltime in test_pending_merge_in_reconfig https://review.opendev.org/c/zuul/zuul/+/925148 | ||
- [zuul/zuul] 925149: Fix traceback in test_merger_repack_large_change https://review.opendev.org/c/zuul/zuul/+/925149 | ||
- [zuul/zuul] 925150: Fix traceback in test_nodepool_pipeline_priority https://review.opendev.org/c/zuul/zuul/+/925150 | ||
- [zuul/zuul] 925151: Don't log tracebacks on variable name errors https://review.opendev.org/c/zuul/zuul/+/925151 | ||
- [zuul/zuul] 925152: Unconditionally check for tracebacks in logs https://review.opendev.org/c/zuul/zuul/+/925152 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!