Hello, you have to provide a token. Without it, you're requesting as an anonymous user: "If no access token or certificate is presented, the authentication layer assigns the system:anonymous virtual user and the system:unauthenticated virtual group to the request. "
These links could be helpful: https://docs.openshift.com/enterprise/3.2/architecture/additional_concepts/authentication.html#api-authentication https://docs.openshift.com/container-platform/latest/rest_api/index.html#rest-api-examples 2017-03-24 19:19 GMT+01:00 David VOGEL <[email protected]>: > I’m unable to create a persistent volume because the API fails (403) > trying to list the AWS EBS volumes attached to my EC2 host. > > > > I’ve installed Openshift Origin 1.5.0 on an EC2 host that has an attached > EBS volume. I’m running an all-in-one instance. > > > > In the oc cli logged in in as system:admin > > > > I can query the top-level of the restful apis with curl, so CURL_CA_BUNDLE > is set correctly: > > > > curl -k -v -XGET -H “Accept: application/json, */*" -H > “User-Agent: oc/v1.5.0 openshift/cf6a722” https://<ip>:8443/oapi/v1 > > and https://<ip>:8443/api/v1 > > > > But I fail when trying to list resources e.g.: http://<ip>:8443/api/v1/ > persistentvolumes or policybindings > > > > When I try to create a persistent volume with ‘oc create -f aws-pv.yaml’ > the failure occurs in Kubernetes code trying to retrieve EBS volumes using > an AWS SDK call to a function named like describe-volumes. > > > > I successfully list AWS EBS volumes on my EC2 host using the AWS cli: aws > ec2 describe-volumes > > AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set. > > > > Here’s the relevant section of the log generate by my ‘oc create’ call: > > > > I0324 08:23:17.827082 17537 round_trippers.go:299] curl -k -v -XPOST -H > "Accept: application/json" -H "Content-Type: application/json" -H > "User-Agent: oc/v1.4.0+776c994 (linux/amd64) kubernetes/a9e9cf3" https:// > 10.3.1.55:8443/api/v1/persistentvolumes > > I0324 08:23:17.865710 17537 round_trippers.go:318] POST > https://10.3.1.55:8443/api/v1/persistentvolumes 403 Forbidden in 38 > milliseconds > > I0324 08:23:17.865728 17537 round_trippers.go:324] Response Headers: > > I0324 08:23:17.865738 17537 round_trippers.go:327] Date: Fri, 24 Mar > 2017 15:23:17 GMT > > I0324 08:23:17.865745 17537 round_trippers.go:327] Content-Length: > 435 > > I0324 08:23:17.865750 17537 round_trippers.go:327] Cache-Control: > no-store > > I0324 08:23:17.865754 17537 round_trippers.go:327] Content-Type: > application/json > > I0324 08:23:17.865805 17537 request.go:908] Response Body: > {"kind":"Status","apiVersion":"v1","metadata":{},"status":" > Failure","message":"persistentvolumes \"pv0001\" is forbidden: error > querying AWS EBS volume vol-05dffe55de3ac725db: error querying ec2 for > volume info: *error listing AWS volumes: UnauthorizedOperation: You are > not authorized to perform this operation.*\n\tstatus code: 403, request > id:","reason":"Forbidden","details":{"name":"pv0001"," > kind":"persistentvolumes"},"code":403} > > I0324 08:23:17.866030 17537 helpers.go:199] server response object: [{ > > "kind": "Status", > > "apiVersion": "v1", > > "metadata": {}, > > "status": "Failure", > > "message": "error when creating \"aws-persistent-volume.yaml\": > persistentvolumes \"pv0001\" is forbidden: error querying AWS EBS volume > vol-05dffe55de3ac725db: error querying ec2 for volume info: error listing > AWS volumes: UnauthorizedOperation: You are not authorize\d to perform > this operation.\n\tstatus code: 403, request id: ", > > "reason": "Forbidden", > > "details": { > > "name": "pv0001", > > "kind": "persistentvolumes" > > }, > > "code": 403 > > }] > > > > Thanks in advance, > > David Vogel > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > > -- Slava Semushin | OpenShift
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
