Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?

2019-10-01 Thread Akram Ben Aissi 
Hi André,

indeed this is the new default. And, historically, because of a CVE raising
an issue about it, dropping discovery of /api has been removed but then
temporary restored in 4.1 and removed in 4.2.
See this https://bugzilla.redhat.com/show_bug.cgi?id=1711533

On the Jenkins plugins we were about to fix similar issues, cause /oapi was
deprecated in OCP 4.2 . We depends on kubernetes-client Java library which
fixed this.
https://github.com/fabric8io/kubernetes-client/issues/1587 and follow the
different PR. If you depend on this library also, maybe you have your fix
in a recent version.

Otherwise, IIRC, the eclipse plugin required credentials (or a token) to
connect to openshift server, so in your case, you maybe "just" need to use
them to then get the endpoints.

Akram


Le mar. 1 oct. 2019 à 15:38, Andre Dietisheim  a
écrit :

> Hi
>
> In OpenShift 4.2 "/apis" started only being accessible to authorized
> users. This causes troubles for the Eclipse tooling and the java client
> library openshift-restclient-java
> (https://github.com/openshift/openshift-restclient-java) which tries to
> discover endpoints before authenticating.
>
> Thus my question(s):
>
> * Is this the new default?
> * if this restriction is deliberate, what's the reasoning behind it?
> * Is there a workaround?
>
> Thanks for your answers!
> André
>
> ___
> dev mailing list
> dev@lists.openshift.redhat.com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>
___
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

Re: in OpenShift 4.2, /apis is not accessible to anonymous users. Workarounds?

2019-10-01 Thread Andre Dietisheim 

Hi Akram

Thanks for the answer. Insightful.
For now we can't easily switch libraries given the extent of usage and 
amount of work to migrate.


Cheers
André

Am 01.10.19 um 16:34 schrieb Akram Ben Aissi:

Hi André,

indeed this is the new default. And, historically, because of a CVE 
raising an issue about it, dropping discovery of /api has been removed 
but then temporary restored in 4.1 and removed in 4.2.

See this https://bugzilla.redhat.com/show_bug.cgi?id=1711533

On the Jenkins plugins we were about to fix similar issues, cause 
/oapi was deprecated in OCP 4.2 . We depends on kubernetes-client Java 
library which fixed this.
https://github.com/fabric8io/kubernetes-client/issues/1587 and follow 
the different PR. If you depend on this library also, maybe you have 
your fix in a recent version.


Otherwise, IIRC, the eclipse plugin required credentials (or a token) 
to connect to openshift server, so in your case, you maybe "just" need 
to use them to then get the endpoints.


Akram


Le mar. 1 oct. 2019 à 15:38, Andre Dietisheim > a écrit :


Hi

In OpenShift 4.2 "/apis" started only being accessible to authorized
users. This causes troubles for the Eclipse tooling and the java
client
library openshift-restclient-java
(https://github.com/openshift/openshift-restclient-java) which
tries to
discover endpoints before authenticating.

Thus my question(s):

* Is this the new default?
* if this restriction is deliberate, what's the reasoning behind it?
* Is there a workaround?

Thanks for your answers!
André

___
dev mailing list
dev@lists.openshift.redhat.com 
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev

___
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev