fix: retry request for '"system:anonymous" cannot get resource' error

[dkwon17]

What does this PR do?

Extension of #946 to cover the case where a 403 error happens for the provision request:

What issues does this PR fix or reference?

eclipse-che/che#22352

Is it tested? How?

The issue this PR aims to fix is difficult to reproduce. To test this PR, you can apply this patch:

diff --git a/packages/dashboard-backend/src/routes/api/helpers/getToken.ts b/packages/dashboard-backend/src/routes/api/helpers/getToken.ts
index 59e8d76f..1d5fcbf8 100644
--- a/packages/dashboard-backend/src/routes/api/helpers/getToken.ts
+++ b/packages/dashboard-backend/src/routes/api/helpers/getToken.ts
@@ -17,9 +17,5 @@ import { createFastifyError } from '@/services/helpers';
 const authorizationBearerPrefix = /^Bearer /;
 
 export function getToken(request: FastifyRequest): string {
-  const authorization = request.headers?.authorization;
-  if (!authorization || !authorizationBearerPrefix.test(authorization)) {
-    throw createFastifyError('FST_UNAUTHORIZED', 'Bearer Token Authorization is required', 401);
-  }
-  return authorization.replace(authorizationBearerPrefix, '').trim();
+  throw createFastifyError('FST_UNAUTHORIZED', 'users.user.openshift.io "~" is forbidden: User "system:anonymous" cannot get resource "users" in API group "user.openshift.io" at the cluster scope', 401);
 }

build the dashboard image, and verify that there are console warning messages notifying of request retries:

Release Notes

Docs PR

[che-bot]

Click here to review and test in web IDE:

[dkwon17]

Hello @olexii4 @akurinnoy I've noticed that the dashboard already sends a second provision request if the first one has failed:

https://user-images.githubusercontent.com/83611742/275662573-c4a2df69-dd18-481f-9da9-829a289776ad.png

Is this configurable somewhere?

[akurinnoy]

@dkwon17 The dashboard is not retrying this particular request. The request was probably done from another component as a sanity check before requesting some data.

updated.
However, this behavior can be improved.

[tolusha]

Probably we can use createToRetryAnyErrors and don't care about error message which we can't guarantee will be same all time.

[dkwon17]

Sounds good, I have updated the PR

[akurinnoy]

There is an unused axios import at the top of the page.

[akurinnoy]

Removing this unsued import will fix the build.

[dkwon17]

Thank you, I've made a new commit to remove it

[ibuziuk]

@dkwon17 once merged, could you please make sure that the fix is backported for 3.10.x

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: akurinnoy, dkwon17, ibuziuk, tolusha

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

New changes are detected. LGTM label has been removed.

[github-actions]

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-955

[devstudio-release]

Build 3.10 :: dashboard_3.x/368: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: sync-to-downstream_3.x/4996: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: get-sources-rhpkg-container-build_3.x/4825: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: get-sources-rhpkg-container-build_3.x/4825:

dashboard : 3.x :: Failed in : quay.io/devspaces/dashboard-rhel8:3.10-39
FAILURE:; copied to quay

[devstudio-release]

Build 3.10 :: dashboard_3.x/369: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: sync-to-downstream_3.x/5017: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: get-sources-rhpkg-container-build_3.x/4851: Console, Changes, Git Data

[devstudio-release]

Build 3.10 :: get-sources-rhpkg-container-build_3.x/4851:

dashboard : 3.x :: Failed in : BREW:BUILD/STATUS:UNKNOWN
FAILURE:; copied to quay