:thumbsup:
@siddharthvipul1 or @dkirwan would either of you be able to take a look at this?

The projects are actually:
- coreos-ci
- fedora-coreos

And likely something like walters-fcos-dev which was created as part of https://pagure.io/centos-infra/issue/83.

@jlebon @walters apologies, will take a look today.

The email walters@verbum.org was already associated with fedora-coreos and we have also added this to coreos-ci

Hi, I tried this again and I still don't have access to those projects:

$ oc whoami
walters@redhat.com
$ oc get project
NAME                                 DISPLAY NAME   STATUS
openshift-virtualization-os-images                  Active
$

Is there a place with the source code to the changes you're making? Is it gitops?

Is it possible that what happened there is that @walters' CentOS CI account was registered to his verbum.org address, but his Fedora account used redhat.com? So now I think we need to remove the verbum.org one and add the redhat.com one.

Hmm. That seems probable. I don't recall the...OK searching my email it seems very likely I used walters@verbum.org for CentOS.

I'm happy to try changing my FAS email, but before I jump into doing that I'd appreciate if someone with access to inspect the data and/or knowledge of the FAS/CentOS merger can confirm it's a good idea for me to change my FAS email to walters@verbum.org.

@walters yeah, I was looking at FAS level and email addresses don't match, so probably from the merge between ACO and FAS (now only one IPA backend).
The way the OCP cluster was deployed and using openidc was to (don't ask me why) to use email for preferredUsername, meaning that in case of merge (as we had) or just when people are updating their email address, it needs to be reflected again in openshift.

Your actual email address was updated for the groups coreos-ci-admins, fedora-coreos-admins, walters-fcos-dev-admins.

Can you confirm that it's now working for you ?

$ oc get project
NAME                                 DISPLAY NAME       STATUS
coreos-ci                            coreos-ci          Active
fedora-coreos                        fedora-coreos      Active
openshift-virtualization-os-images                      Active
walters-fcos-dev                     walters-fcos-dev   Active
$

:tada:
Thanks!

This got reverted somehow; I don't have access to fedora-coreos anymore. Again I have the question - what's the controller for this? Is there a gitops repo?

@walters , had a look and wondering as I'm not aware of any automated action through git.
But I had another look and timeframe and it seems to be tied to https://pagure.io/centos-infra/issue/424 , so @siddharthvipul1 probably ran something from his laptop against a (private) git repo that myself I can't access (github refuses my key and it's not in the official centos namespace).

@mobrien : can you have a look to revert that change and merge so that @walters can retrieve his access ? we can directly modify in openshift, but if there is non documented process that is used, that will again cause troubles in the future, so action #1 is to ensure that we use something in the official centos namespace and document it

o/ I think at somepoint soon we should fix that oauth config @arrfab we can use something like the following to map to the IPA/Noggin user rather than an email etc:

  - name: fedoraidp
    login: true
    challenge: false
    mappingMethod: claim
    type: OpenID
    openID:
      clientID: ocp
      clientSecret:
        name: fedoraidp-clientsecret
      extraScopes:
      - email
      - profile
      claims:
        preferredUsername:
        - nickname
        name:
        - name
        email:
        - email
      issuer: https://id.fedoraproject.org

@dkirwan huge +1 on that as that would also ensure using the correct nickname and not having same problem again when someone updates its email address in FAS/IPA :)

Also, found git repo and added my key there so was able to correct it there and reapply.
Should be fixed for now (and document updated so that all other team members can know where to look at and commit/push)
Closing

Confirmed it's fixed, thank you!