Role is not correctly casted to class by apiVersion property provided

[dsimansk]

Versions used

openshift-client : 4.0.4

$ oc version
oc v3.10.0+dd10d17
kubernetes v1.10.0+b81c8f8
features: Basic-Auth

Server https://ocp310.xyz:8443
openshift v3.10.14
kubernetes v1.10.0+b81c8f8

Lets have a simple file with Role definition based on rbac.authorization.k8s.io/v1

{
  "apiVersion": "rbac.authorization.k8s.io/v1",
  "kind": "Role",
  "metadata": {
    "labels": {
      "app": "broker"
    },
    "name": "broker-role"
  },
  "rules": [{
    "apiGroups": [""],
    "resources": ["endpoints"],
    "verbs": ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
  }, {
    "apiGroups": [""],
    "resources": ["namespaces"],
    "verbs": ["get", "list"]
  }]
}

When it's loaded as an external resource, the properties returned for HasMetadata object are the following. I've assumed that for k8s Role the right class is io.fabric8.kubernetes.api.model.rbac.KubernetesRole. Afterwards the class is implying the apiGroup endpoint used for POST request. The mix of k8sandopenshift` groups is causing a problem on API server side described further.

openshift.client().load(IOUtils.toInputStream(roleJson)).get();

// getApiVersion() getKind() getClass()
rbac.authorization.k8s.io/v1 :: Role :: class io.fabric8.openshift.api.model.Role

The same can be observed when such Role and other Authorization resources are part of template, for example.

Problem is that OpenShift API server is not very comfortable with mismatching apiVersion in JSON request and actual apiGroup. Server is restarted due to panic error upon reflection cast, tracked as BZ. Due to the fact, the Java exception thrown is complaining about connection problems.

Okhttp client trace log

Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: <-- END HTTP (755-byte body)
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: --> POST https://api.perf1.xpaas:8443/apis/authorization.openshift.io/v1/namespaces/dsimansk/roles http/1.1
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: Content-Type: application/json; charset=utf-8
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: Content-Length: 372
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: Authorization: Bearer 3xcBwHHKTfbdiwTl3OQniCZ9z2ZvzWLsDz2P-InK9yA
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: Host: api.perf1.xpaas:8443
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: Connection: Keep-Alive
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: Accept-Encoding: gzip
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: User-Agent: okhttp/3.9.1
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO:
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"Role","metadata":{"annotations":{},"labels":{"app":"broker"},"name":"broker-roleJson","namespace":"dsimansk"},"rules":[{"apiGroups":[""],"resources":["endpoints"],"verbs":["create","delete","deletecollection","get","list","patch","update","watch"]},{"apiGroups":[""],"resources":["namespaces"],"verbs":["get","list"]}]}
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: --> END POST (372-byte body)
Aug 29, 2018 11:04:06 AM okhttp3.internal.platform.Platform log
INFO: <-- HTTP FAILED: java.io.IOException: unexpected end of stream on Connection{api.perf1.xpaas:8443, proxy=DIRECT hostAddress=api.perf1.xpaas/10.8.47.10:8443 cipherSuite=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 protocol=http/1.1}

Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 20.372 sec <<< FAILURE! - in com.redhat.xpaas.amq.template.CreateRoleTest
createRole(com.redhat.xpaas.amq.template.CreateRoleTest)  Time elapsed: 0.711 sec  <<< ERROR!
io.fabric8.kubernetes.client.KubernetesClientException: Operation: [create]  for kind: [Role]  with name: [broker-roleJson]  in namespace: [dsimansk]  failed.
	at java.net.PlainSocketImpl.socketConnect(Native Method)
	at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
	at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)
	at okhttp3.internal.platform.Platform.connectSocket(Platform.java:125)
	at okhttp3.internal.connection.RealConnection.connectSocket(RealConnection.java:238)
	at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:158)
	at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256)
	at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134)
	at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113)
	at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at io.fabric8.kubernetes.client.utils.BackwardsCompatibilityInterceptor.intercept(BackwardsCompatibilityInterceptor.java:119)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at io.fabric8.kubernetes.client.utils.ImpersonatorInterceptor.intercept(ImpersonatorInterceptor.java:56)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at io.fabric8.openshift.client.internal.OpenShiftOAuthInterceptor.intercept(OpenShiftOAuthInterceptor.java:74)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
	at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
	at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
	at okhttp3.RealCall.execute(RealCall.java:77)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:379)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleResponse(OperationSupport.java:344)
	at io.fabric8.kubernetes.client.dsl.base.OperationSupport.handleCreate(OperationSupport.java:227)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.handleCreate(BaseOperation.java:780)
	at io.fabric8.kubernetes.client.dsl.base.BaseOperation.create(BaseOperation.java:353)
	at io.fabric8.openshift.client.handlers.RoleHandler.create(RoleHandler.java:44)
	at io.fabric8.openshift.client.handlers.RoleHandler.create(RoleHandler.java:33)
	at io.fabric8.kubernetes.client.dsl.internal.KubernetesListOperationsImpl.create(KubernetesListOperationsImpl.java:142)
	at io.fabric8.kubernetes.client.dsl.internal.KubernetesListOperationsImpl.create(KubernetesListOperationsImpl.java:82)
	at io.fabric8.kubernetes.client.dsl.internal.KubernetesListOperationsImpl.create(KubernetesListOperationsImpl.java:47)
	at cz.xtf.openshift.OpenShiftUtil.createResources(OpenShiftUtil.java:135)
	at cz.xtf.openshift.OpenShiftUtil.createResources(OpenShiftUtil.java:131)
	at com.redhat.xpaas.amq.template.CreateRoleTest.createRole(CreateRoleTest.java:68)

[fnan-avq]

Is there any workaround for this issue? Or is there any way of creating Kubernetes Roles and RoleBindings with the fabric8 kubernetes client ?

[traviswinter]

RBAC is being refactored as per #1300 - with those changes the correct model object should be returned.

[rohanKanojia]

Closed via #1300