I'm trying to use SparkLauncher with Spark library but to accomplish that, I need to first login to Openshift using java client. I'm getting a 403 Authentication error as shown below.
These are the dependencies I'm using:
<dependency>
<groupId>org.apache.spark</groupId>
<artifactId>spark-launcher_2.13</artifactId>
<version>3.4.1</version>
</dependency>
<dependency>
<groupId>com.openshift</groupId>
<artifactId>openshift-java-client</artifactId>
<version>2.5.0.Final</version>
</dependency>
This is my request:
IOpenShiftConnection connection = new OpenShiftConnectionFactory().getConnection("POST", <user>, <password>, <master_server_url>:6443);
but I'm getting an error 403 that the user is not authenticated:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path \"/broker/rest/user\"",
"reason": "Forbidden",
"details": {}
"code": 403
}
If I try the same user and password just in a shell script, it can login correctly using oc login and then do the spark-submit but is not possible in java where I expect the same pod created and be visible in Openshift. The same in Openshift console, the user with the password has access.
I also found that an invalid access token or an invalid certificate is rejected by the authentication layer and it assigns the system:anonymous virtual user to the request, just what I'm getting, not the user of my request.
I'm also putting "POST" as the first parameter of getConnection, although according to the api, http://openshift.github.io/openshift-java-client/documentation/ I'm not sure if it is correct, it should be the http client id:
public IOpenShiftConnection getConnection(String clientId,
String username,
String password,
String serverUrl)
throws OpenShiftException
Establish a connection with the clientId along with user's login and password.
Parameters:
clientId - http client id
username - user's login.
password - user's password.
serverUrl - the server url.
I've also tried to verify the connection with:
curl -k -v -H "Authorization:<sha256_token> -H "Accept:application/yaml" -H "Content-Type:application/yaml" \
https://<master_server_url>:6443/api/v1/namespaces/<namespace_name>/pods
and what I got is that it Accepts the certificate and hand shake but again returns the 403 error with above json detail with system:anonymous user
If I try this other way,
IOpenShiftConnection connection = new OpenShiftConnectionFactory().getConnection(<master_server_url>:6443, <user>, <password>);
I get that cannot connect to redhat.com
The response shows that cannot get path /broker/rest/user. Is required to enable the user somewhere in Openshift rest api, if yes, how to do it?
Thanks in advance for your help.