OCM, ROSA CLI: Tokens expiring and will require CLI tool update
Environment
- OCM Command line interface client application < 0.1.60
- ROSA Command line interface client application < 1.1.3
Issue
-
Users running older versions of the OCM CLI and/or ROSA CLI tools will need to update to newer versions to accomodate backend API changes in order to authenticate.
- Bearer tokens for OCM CLI and ROSA CLI tools expire today and require a binary update if older
- Upon updating, new tokens will be required for authentication
-
Error messages are shown when executing
ocm
orrosa
commands:OCM auth: failed to get tokens, got http code 200, will not attempt to retry. err: expected 'bearer' token type but got 'Bearer
level=error msg="Can't get tokens, got HTTP code 200, will not retry: expected 'bearer' token type but got 'Bearer" E: Failed to create OCM connection: error creating connection. Not able to get authentication token
Resolution
Update OCM CLI
- It's needed to install version 0.1.60 or newer, and the latest version is recommended, 0.1.72 at time of writing.
- Visit https://console.redhat.com/openshift/downloads to download the latest version for your platform.
Update ROSA CLI
- It's needed to install version 1.1.3 or newer, and the latest version is recommended, 1.2.33 at time of writing.
- Visit https://console.redhat.com/openshift/downloads to download the latest version for your platform.
Acquire a new token
- Visit https://console.redhat.com/openshift/token to retrieve a new token to authenticate with these updated CLI tools.
Root Cause
Backend authentication mechanisms for these tools have been updated for additional security and capabilities. These updates necessitate the expiry/logout of older tokens and deprecation of older CLI binaries.
Diagnostic Steps
When interacting with OCM CLI or ROSA CLI, users will encounter the following errors:
OCM CLI
$ ocm login
[...]
OCM auth: failed to get tokens, got http code 200, will not attempt to retry. err: expected 'bearer' token type but got 'Bearer
ROSA CLI
$ rosa init
[...]
level=error msg="Can't get tokens, got HTTP code 200, will not retry: expected 'bearer' token type but got 'Bearer"
E: Failed to create OCM connection: error creating connection. Not able to get authentication token
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments