Event Streams UI returns 401:Unauthorized after previously working successfully

[EmmaHumber]

Issue Description

When attempting to use the Event Streams UI, operations fail and the error 401:Unauthorized is returned.

In particular, it is not possible to view topics.

The Event Streams admapi pod's log shows

2020-11-05 06:45:17 WARN com.ibm.eventstreams.httpserver.clients.IAMClient - Unable to Introspect Token: Call to IAM failed: javax.net.ssl.SSLHandshakeException: Failed to create SSL connection.
2020-11-05 06:45:17 WARN com.ibm.eventstreams.handlers.security.IAMCredentialsHandler - IAM credentials flow failed

The problem occurs because the Event Streams Operator does not notice that the cluster's certificate have changed (for example they have expired and been renewed), which results in a mismatch between the certificates in use by Event Streams and the certificates in use by Common Services authorization service (IAM) and the failure to create the SSL connection.

Issue Resolution

The Event Streams Operator now updates the local copies of the cluster certificates held by Event Streams, if the cluster certificate has changed.

Workaround

https://www.ibm.com/support/pages/cloud-pak-integration-refreshing-expired-certificates#3.%20Event%20Streams%20within%20Cloud%20Pak%20for%20Integration

Fix details

IBM Internal Issue Number - 6424
Fix target - Not yet available