Auto Clone Environment fails during curl download

[FlorianASchroeder]

The statement

ods-jenkins-shared-library/src/org/ods/OdsPipeline.groovy

Line 165 in 443bbda

script.sh(script: "curl --fail -s --user ${userPass} -G '${cloneProjectScriptUrl}' -d raw -o clone-project.sh")

fails if @ is used in userPass.
The current substitution

ods-jenkins-shared-library/src/org/ods/OdsPipeline.groovy

Line 163 in 443bbda

def userPass = script.USERPASS.replace('@', '%40').replace('$', '\'$\'')

does not successfully escape the character.

[clemensutschig]

@michaelsauter 1.2 and fix internally quickly?

[gerardcl]

@clemensutschig we are handling it with Vincent and working with Florian already on it, we will test both places and provide patch soon. Would be nice if the fix is applied internally during this week, is it ok?

[clemensutschig]

Sure.

[gerardcl]

@clemensutschig @michaelsauter I guess that the replace of the '@' is because of the possibility of having the username given by an e-mail, is it really happening? as far as I know this replacements (both, also the '$') are not required at all so we might just need to remove the whole replacement line...

[clemensutschig]

@gerardcl userpass is both. Username:password

[gerardcl]

ok, talked with @michaelsauter , this is coming from this issue #26 and respective PR #33 . And the point is that the '@' replacement/scaping is only required on the bash script no on curl. Preparing a fix...

[gerardcl]

ok, we need to only do the replacement if any '@' to '%40' before https://github.com/opendevstack/ods-project-quickstarters/blob/b6fa686c834574ea3ca94afa30f6f34b717df32f/ocp-templates/scripts/clone-project.sh#L111

[gerardcl]

ok, seems that the service account oc 'system:serviceaccount:projectX-cd:jenkins' has no rights to create a project....:

+ oc new-project projectX-bugfix-49
Error from server (Forbidden): You may not request a new project via this API.

@michaelsauter @clemensutschig any hints?

for the sake of more info, it is failing when importing at import.sh here: https://github.com/opendevstack/ods-project-quickstarters/blob/b6fa686c834574ea3ca94afa30f6f34b717df32f/ocp-templates/scripts/import_ocp_project_metadata.sh#L451

[gerardcl]

ok, seems we found the reason and we are going to test it soon: https://access.redhat.com/solutions/2988521

conclusion: SA is not provided from v3.6 self-provisioner role, we need to create a new role.

[gerardcl]

we confirm the solution provided by aforementioned link works! we need now to provide an automated way to provision this when creating new projects and apply it to exisitng ones...will do so... later today will provide fix for master too

[henrjk]

I am pretty sure this is also what is causing auto clone to fail in our project in production.

[gerardcl]

let's check it tomorrow then for sure!