error status code received from the API v0.0.23

Question

error status code received from the API v0.0.23

dbacademy opened this issue 2 years ago · 7 comments

I have a new OCP 4.10.20 cluster, while configuring Group Sync Operator for Authenticating Azure AD, getting this error on sync.

apiVersion: redhatcop.redhat.io/v1alpha1
kind: GroupSync
metadata:
creationTimestamp: '2023-01-14T11:44:40Z'
generation: 1
managedFields:
- apiVersion: redhatcop.redhat.io/v1alpha1
fieldsType: FieldsV1
fieldsV1:
'f:spec':
.: {}
'f:providers': {}
'f:schedule': {}
manager: kubectl-create
operation: Update
time: '2023-01-14T11:44:40Z'
- apiVersion: redhatcop.redhat.io/v1alpha1
fieldsType: FieldsV1
fieldsV1:
'f:status':
.: {}
'f:conditions':
.: {}
'k:{"type":"ReconcileError"}':
.: {}
'f:lastTransitionTime': {}
'f:message': {}
'f:observedGeneration': {}
'f:reason': {}
'f:status': {}
'f:type': {}
manager: manager
operation: Update
subresource: status
time: '2023-01-14T11:44:40Z'
name: azure-groupsync
namespace: group-sync-operator
resourceVersion: '413456'
uid: 8c63bb97-3fe1-4a27-96ff-7200ef10ede7
spec:
providers:
- azure:
credentialsSecret:
key: AZURE_CLIENT_SECRET
kind: Secret
name: azure-group-sync
namespace: group-sync-operator
groups:
- cld-az-ocpvnl-nonprod-sg
name: azure
schedule: '* * * * *'
status:
conditions:
- lastTransitionTime: '2023-01-14T11:50:12Z'
message: error status code received from the API
observedGeneration: 1
reason: LastReconcileCycleFailed
status: 'True'
type: ReconcileError

Answer 1 · 2023-01-14T12:09:05.000Z

Can additional logs be added, such as those from the operator?

Answer 2 · 2023-01-14T12:50:02.000Z

This is GroupSync instance status

Spec:
Providers:
Azure:
Credentials Secret:
Key: AZURE_CLIENT_SECRET
Kind: Secret
Name: azure-group-sync
Namespace: group-sync-operator
Groups:
cld-az-ocpvnl-nonprod-sg
Name: azure
Schedule: * * * * *
Status:
Conditions:
Last Transition Time: 2023-01-14T12:39:57Z
Message: error status code received from the API
Observed Generation: 1
Reason: LastReconcileCycleFailed
Status: True
Type: ReconcileError
Events:
Type Reason Age From Message

Warning ProcessingError 89s (x21 over 56m) GroupSync error status code received from the API

will upload other logs related to Operator shortly.

Answer 3 · 2023-02-01T18:24:37.000Z

@dbacademy any update?

Answer 4 · 2023-03-08T18:54:15.000Z

@sabre1041 We had microsoft and redhat case for this but didnt get any solution. we downgraded to v0.0.20 but till same issue

AME DISPLAY VERSION REPLACES PHASE
group-sync-operator.v0.0.20 Group Sync Operator 0.0.20 group-sync-operator.v0.0.19 Succeeded

NAME PACKAGE SOURCE CHANNEL
group-sync-operator group-sync-operator community-operators alpha

:~/group-sync$ oc get groupsync
NAME AGE
azure-groupsync 7m56s

Following is the error into the status

Status:
Conditions:
Last Transition Time: 2023-03-08T18:50:39Z
Message: error status code received from the API
Observed Generation: 1
Reason: LastReconcileCycleFailed
Status: True
Type: ReconcileError
Events:
Type Reason Age From Message

Warning ProcessingError 3m (x17 over 8m32s) GroupSync error status code received from the API

Answer 5 · 2023-03-08T18:59:36.000Z

@dbacademy what permissions are associated to the Application ID? Are you using Application level permissions

Answer 6 · 2023-03-08T22:29:08.000Z

@sabre1041 we are using Microsoft AD, and service principle we are using have permission as following on Microsoft Graph API.

Application.ReadWrite.All
Directory.AccessAsUser.All
Directory.Read.All
Group.Read.All
GroupMember.Read.All
User.Read
User.Read.All

Answer 7 · 2023-04-16T21:03:52.000Z

Hi @sabre1041 ; sorry. I forgot to update the status, The issue was resolved. Yes App ID we are using do not have Application level permission rather it had Delegated permission. I added Application level permission for following and it worked.

Directory.Read.All
Group.Read.All
User.Read.All