SCIM bridge Upgrade from 2.4.1 -> 2.5.0 failed

jfmarquis
jfmarquis
Community Member

i've try to upgrade my gke cluster on google from 2.4.1 -> 2.5.0 with this command :
kubectl set image deployment/op-scim-bridge-op-scim-bridge op-scim-bridge=1password/scim:v2.5.0 --namespace=op-scim-bridge
but it failed
Can you help me to debug please ?

Defaulted container "op-scim-bridge" out of: op-scim-bridge, scimuser-permissions (init)
7:53AM INF 1Password SCIM bridge, starting up application=op-scim build=205001 version=2.5.0
7:53AM INF registering new health component application=op-scim build=205001 component=RedisCache service=health version=2.5.0
7:53AM INF starting to poll components for health reports application=op-scim build=205001 service=health version=2.5.0
7:53AM INF registering new health component application=op-scim build=205001 component=CertificateManager service=health version=2.5.0
7:53AM INF starting certificate manager application=op-scim build=205001 component=CertificateManager domain=bidgen.data.adeo.cloud version=2.5.0
7:53AM INF registering new health component application=op-scim build=205001 component=SCIMServer service=health version=2.5.0
7:53AM INF starting 1Password TLS SCIM bridge server addr=:8443 application=op-scim build=205001 component=SCIMServer version=2.5.0
7:53AM INF waiting for bearer token to begin confirmation user watcher application=op-scim build=205001 component=ConfirmationWatcher version=2.5.0
7:53AM INF waiting for bearer token to begin start provision user watcher application=op-scim build=205001 component=StartProvisionWatcher version=2.5.0
7:53AM INF registering new health component application=op-scim build=205001 component=StartProvisionWatcher service=health version=2.5.0
7:53AM INF registering new health component application=op-scim build=205001 component=ConfirmationWatcher service=health version=2.5.0
8:11AM ERR error parsing configured domain; ensure fully qualified domain name was provided including a scheme application=op-scim build=205001 component=SCIMServer domain=asfr-safe.1password.eu request_id=cbmd1d6vslkb0shs9fag version=2.5.0
8:11AM ERR AuthWrap failed to buildCredentials error="failed to IsAllowedAuthURL" application=op-scim build=205001 component=SCIMServer request_id=cbmd1d6vslkb0shs9fag version=2.5.0
8:11AM INF HTTP request application=op-scim build=205001 component=SCIMServer duration=76.950947 method=GET path=/Users?filter=userName+eq+%2279d994bf-3e27-46f6-a1c5-580186afa1ad%22 remote_addr=10.56.1.1 request_id=cbmd1d6vslkb0shs9fag size=90 status=401 version=2.5.0
8:50AM ERR error parsing configured domain; ensure fully qualified domain name was provided including a scheme application=op-scim build=205001 component=SCIMServer domain=asfr-safe.1password.eu request_id=cbmdjomvslkb0shs9fb0 version=2.5.0
8:50AM ERR AuthWrap failed to buildCredentials error="failed to IsAllowedAuthURL" application=op-scim build=205001 component=SCIMServer request_id=cbmdjomvslkb0shs9fb0 version=2.5.0
8:50AM INF HTTP request application=op-scim build=205001 component=SCIMServer duration=83.611254 method=GET path=/Users?filter=userName+eq+%221620e00e-07ba-4370-bb91-46c105fa61dc%22 remote_addr=192.168.42.196 request_id=cbmdjomvslkb0shs9fb0 size=90 status=401 version=2.5.0
8:51AM ERR AuthWrap failed to validateAuthHeader error="no auth header; unauthorized" application=op-scim build=205001 component=SCIMServer request_id=cbmdk7uvslkb0shs9fbg version=2.5.0
8:51AM INF HTTP request application=op-scim build=205001 component=SCIMServer duration=3.429512 method=GET path=/Users remote_addr=192.168.42.196 request_id=cbmdk7uvslkb0shs9fbg size=90 status=401 version=2.5.0
8:53AM INF health report application=op-scim build=205001 created=2022-08-05T08:51:43Z expires=2022-08-05T09:01:43Z service=health source=RedisCache status=healthy version=2.5.0
8:53AM INF health report application=op-scim build=205001 created=2022-08-05T08:51:43Z expires=2022-08-05T09:01:43Z service=health source=CertificateManager status=healthy version=2.5.0


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • jfmarquis
    jfmarquis
    Community Member

    This is a bug in this version.
    the variable OP_DOMAIN is not set correctly (without HTTP)
    to correct just reset the variable with this command : kubectl set env deployment/op-scim-bridge-op-scim-bridge -OP_DOMAIN=https://XXX.1password.XX/

  • Hi jfmarquis,

    Thank you for posting the question and your effort around figuring a potential solution. We will certainly take this into consideration while updating our deployment instructions.

This discussion has been closed.