Julio,
have you tried the command with higer log level as per my previous email?
# oc get rc -n project1 --as=system:serviceaccounts:project1:inciga
--loglevel=8
This gives you the successful rest call, which is made by the OC client to
the API server. You can then check whether it differs from your curl.
Regards,
Frédéric
On Fri, Oct 20, 2017 at 8:30 AM, Julio Saura <jsa...@hiberus.com> wrote:
> headers look ok in curl request
>
> * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@
> STRENGTH
> * successfully set certificate verify locations:
> * CAfile: /etc/ssl/certs/ca-certificates.crt
> CApath: none
> * TLSv1.2 (OUT), TLS handshake, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Server hello (2):
> * NPN, negotiated HTTP1.1
> * TLSv1.2 (IN), TLS handshake, Certificate (11):
> * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
> * TLSv1.2 (IN), TLS handshake, Request CERT (13):
> * TLSv1.2 (IN), TLS handshake, Server finished (14):
> * TLSv1.2 (OUT), TLS handshake, Certificate (11):
> * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
> * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
> * TLSv1.2 (OUT), TLS handshake, Unknown (67):
> * TLSv1.2 (OUT), TLS handshake, Finished (20):
> * TLSv1.2 (IN), TLS change cipher, Client hello (1):
> * TLSv1.2 (IN), TLS handshake, Finished (20):
> * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
> * Server certificate:
> * subject: CN=10.1.5.31
> * start date: Sep 21 11:19:56 2017 GMT
> * expire date: Sep 21 11:19:57 2019 GMT
> * issuer: CN=openshift-signer@1505992768
> * SSL certificate verify result: self signed certificate in certificate
> chain (19), continuing anyway.
> > GET /api/v1/namespaces/project1/replicationcontrollers HTTP/1.1
> > Host: BALANCER:8443
> > User-Agent: curl/7.56.0
> > Accept: */*
> *> Authorization: Bearer
> eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJsZHAiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlY3JldC5uYW1lIjoiaW5jaWdhLXRva2VuLTBkNDcyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImluY2lnYSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjIyMjE0YTI4LWI0ZTMtMTFlNy1hZTBhLTAwNTA1NmE0M2M0MiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpsZHA6aW5jaWdhIn0.VfJa8fLQQjSYySjWO3d_hp0kGqVFAnhvFQ2R6jTcLmtFwiA2NouO0QJCI2KZqvhXigAzPsksOKP7-BP_v2c-93UH3UyXW7RhkYKMOO7d1EMZVMGnT6NBKhVkw45wa20kH221ggh98wdv4MZRAoNEOvmN9qXHmsUWEnxfT8uNIjIkAt_aydocQ22hIbYXzd6w5x6zmOWIVWllgF3qGtY8ArTgRf4WxhuwhUJRy_Gm31WhtKioovk2Hpt6XnlPhnfvHhioqtizZsTepVOD0A-yjearxiDBE7yuIzRsMHo014Dq3O2T_qIZ2P2wvEWBzfpi7i1to4ep3jcb_qDM2vQ0IQ*
> > Content-Type: application/json
> >
> < HTTP/1.1 403 Forbidden
> < Cache-Control: no-store
> < Content-Type: application/json
> < Date: Fri, 20 Oct 2017 06:28:52 GMT
> < Content-Length: 295
> {
> "kind": "Status",
> "apiVersion": "v1",
> "metadata": {},
> "status": "Failure",
> "message": "User \"system:serviceaccount:ldp:inciga\" cannot list
> replicationcontrollers in project \"ldp\"",
> "reason": "Forbidden",
> "details": {
> "kind": "replicationcontrollers"
> },
> "code": 403
> }
>
>
>
>
> El 19 oct 2017, a las 18:17, Frederic Giloux <fgil...@redhat.com>
> escribió:
>
> Very good. The issue is with your curl. Next step run the same command
> with --loglevel=8 and check the queries that are sent to the API server.
>
> Regards,
>
> Frédéric
>
> On 19 Oct 2017 18:11, "Julio Saura" <jsa...@hiberus.com> wrote:
>
>> umm that works …
>>
>> weird
>>
>> *Julio Saura Alejandre*
>> *Responsable Servicios Gestionados*
>> *hiberus* TRAVEL
>> Tel.: + 34 902 87 73 92 Ext. 659 <+34%20902%2087%2073%2092>
>> Parque Empresarial PLAZA
>> Edificio EXPOINNOVACIÓN
>> C/. Bari 25 <https://maps.google.com/?q=C/.+Bari+25&entry=gmail&source=g>
>> Duplicado, Escalera 1, Planta 2ª. 50197 Zaragoza
>> www.hiberus.com
>>
>> Crecemos contigo
>> Este mensaje se envía desde la plataforma de correo de Hiberus Este
>> mensaje y los documentos que, en su caso, lleve anexos, se dirigen
>> exclusivamente a su destinatario y pueden contener información privilegiada
>> o confidencial. Si tú no eres el destinatario indicado, queda notificado de
>> que la utilización, divulgación y/o copia sin autorización está prohibida
>> en virtud de la legislación vigente. Por ello, se informa a quien lo reciba
>> por error, que la información contenida en el mismo es reservada y su uso
>> no autorizado está prohibido legalmente, por lo que en tal caso te rogamos
>> que nos lo comuniques vía e-mail o teléfono, te abstengas de realizar
>> copias del mensaje o remitirlo o entregarlo a terceras personas y procedas
>> a devolverlo a su emisor y/o destruirlo de inmediato.
>>
>> El 19 oct 2017, a las 18:01, Frederic Giloux <fgil...@redhat.com>
>> escribió:
>>
>> oc get rc -n project1 --as=system:serviceaccounts:project1:inciga
>>
>>
>>
>
--
*Frédéric Giloux*
Senior Middleware Consultant
Red Hat Germany
fgil...@redhat.com M: +49-174-172-4661
redhat.com | TRIED. TESTED. TRUSTED. | redhat.com/trusted
________________________________________________________________________
Red Hat GmbH, http://www.de.redhat.com/ Sitz: Grasbrunn,
Handelsregister: Amtsgericht München, HRB 153243
Geschäftsführer: Paul Argiry, Charles Cachera, Michael Cunningham, Michael
O'Neill
_______________________________________________
users mailing list
users@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users
