denied insufficient scope when trying mirror UDS

Question

denied insufficient scope when trying mirror UDS

Closed this issue 2 years ago · 5 comments

When I've been preparing the airgap install for a customer with customer's entitlement key, I got following error:

error: unable to retrieve source image cp.icr.io/cp/uds/uds-submodule manifest sha256:2f0477e68af25cbb9a41341a2c9ec26b9dfd4b76554f84a15f1da5b6401b897d: denied: insufficient scope",

I've already let the customer regenerate the entitlement key according to the following doc:

https://www.ibm.com/docs/en/api-connect/10.0.1.x?topic=integration-troubleshooting-installation-upgrade-openshift#tapic_install_OpenShift_troubleshoot__entitlement

What else should I look further?

Answer 1 · 2022-11-11T13:45:16.000Z

This is a known issue with User Data Services, we tried to get this resolved properly in the backend entitlement systems, but that has failed and we are working on a workaround will be added into the Ansible collection ... it might be available later today, but early next week at the latest.

Answer 2 · 2022-11-11T14:16:14.000Z

@durera , thank you for your prompt response. It saves my day. I'd already hit my head to wall for several days for this.

Answer 3 · 2022-11-12T00:09:46.000Z

@durera Thank you for the fix. I pulled the latest cli image and run mirror-image again with customer's entitlement key.
I can see your fix integrated into the latest cli image and it really works around the original denied insufficient scope
problem. But unfortunately, I got another error during the workaround running:

TASK [ibm.mas_airgap.mirror_case_prepare : IBM UDS 2.0.8 workaround] ***********
Friday 11 November 2022  23:58:35 +0000 (0:00:00.060)       0:02:18.951 ******* 
fatal: [localhost]: FAILED! => {"reason": "Could not find or access '/opt/app-root/lib64/python3.9/site-packages/ansible_collections/ibm/mas_airgap/playbooks/tasks/uds-280-fix.yml' on the Ansible Controller."}
[WARNING]: Failure using method (v2_runner_on_failed) in callback plugin
(<ansible.plugins.callback.junit.CallbackModule object at 0x7fb191ee2130>):
/opt/app-root/lib64/python3.9/site-packages/ansible_collections/ibm/mas_airgap/
roles/mirror_case_prepare/tasks/main.yml:112: localhost:
ibm.mas_airgap.mirror_case_prepare : IBM UDS 2.0.8 workaround
_raw_params=tasks/uds-280-fix.yml: duplicate host callback: localhost

PLAY RECAP *********************************************************************
localhost                  : ok=94   changed=19   unreachable=0    failed=1    skipped=30   rescued=0    ignored=0

Could you take a look at it? I can open a new issue if you think that problem should be tracked in another issue.

Thanks,

Answer 4 · 2022-11-12T03:36:41.000Z

I think I found it. There is a typo in the task main.yml of the role mirror_case_prepare, it reads uds-280-fix.yml
within the main.yml file, however, the real file name is uds-208-fix.yml.

Answer 5 · 2022-11-12T07:32:48.000Z

PR #86 should fix this typo.