I have a maven repo set up in AWS CodeArtifact. I am using maven-publish plugin with Gradle to publish the artifacts. However, gradle exits with the following error -
Could not GET 'https://.../maven-metadata.xml'. Received status code 403 from server: Forbidden
This is because the AWS Role/User which is being used to authenticate to AWS CodeArtifact does not have the following permissions on the forbidden resource -
"codeartifact:Get*",
"codeartifact:Describe*",
"codeartifact:List*",
"codeartifact:ReadFromRepository"
Related
we're getting the following error when trying to update the Jenkins plugins. we've proxy configured
"
Failure -
java.io.IOException: Server returned HTTP response code: 401 for URL: https://updates.jenkins.io/download/plugins/active-directory/2.26/active-directory.hpi"
enter image description here
401 status code means failed authorisation.
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2
Try verifying your username password once.
https://updates.jenkins.io/download/plugins/active-directory/2.26/active-directory.hpi is globally accessible.
A simple wget from the jenkins machine will download the new plugin if the proxy is configured correctly.
When trying to build kudu in my ec2, I got an error "HTTP/1.1 403 Forbidden". My connection was opened through a proxy. The domain that we are trying to connect to here is "service .gradle.org". This can be accessed through HTTPS. Here the build is run using the gradle wrapper jar (v6.8.3). Here, a 403 Forbidden error of the above type kept appearing. It lookes like the connection is trying to use HTTP instead of HTTPS.
This problem is not occurring when the build is run in an environment without a proxy
Build fail image
I am trying to deploy serverless with the credentials stored in my aws-vault keychain.
However when I run aws-vault exec myprofile -- sls deploy I receive the following error:
An error occurred: MyLambdaFunction - AccessDenied. User doesn't have permission to call iam:GetRole.
The user has AdministratorAccess and I also gave him IAMFullAccess (which should not be needed)
When I deploy with the same credentials stored in ~.aws/credentials with sls deploy
it works.
According to the docs the session token generated by aws-vault has some restrictions:
You cannot call any IAM API operations unless MFA authentication information is included in the request.
You cannot call any AWS STS API except AssumeRole or GetCallerIdentity.
A work around is to use the --no-session
so aws-vault exec myprofile --no-session -- sls deploy works without any error.
I am currently setting up a build pipeline in Azure DevOps with a self-hosted agent. Everything is working great so far except the SonarQube build steps.
When executing the Prepare SonarQube on my self-hosted agent it fails with the following error:
2018-11-19T14:14:19.1070144Z ##[debug]organization=null
2018-11-19T14:14:19.1087901Z ##[debug]scannerMode=MSBuild
2018-11-19T14:14:19.1093031Z ##[debug]projectKey=online:kiamservices:main
2018-11-19T14:14:19.1095851Z ##[debug]projectName=Online – KIAM Services
2018-11-19T14:14:19.1098962Z ##[debug]projectVersion=1.0
2018-11-19T14:14:19.1104908Z ##[debug][SQ] API GET: '/api/server/version' with query "undefined"
2018-11-19T14:14:19.2819233Z ##[debug][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2832616Z ##[debug]task result: Failed
2018-11-19T14:14:19.2928009Z ##[error][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2943259Z ##[debug]Processed: ##vso[task.issue type=error;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.2946004Z ##[debug]Processed: ##vso[task.complete result=Failed;][SQ] API GET '/api/server/version' failed, error was: {"code":"SELF_SIGNED_CERT_IN_CHAIN"}
2018-11-19T14:14:19.3015449Z ##[section]Finishing: Prepare SonarQube
If I run the same setup on a microsoft hosted agent it runs just fine.
It is correct that my organization uses it's own Certificate Authority but the certificates are present on the self hosted agent as far as I know.
Is there a way to tell SonarQube to just ignore certificate errors?
I have looked high and low and have sadly not found any information on this error that was even remotely helpful.
Thank you in advance!
Sonar uses the Java Keystore for its certificate checks. It doesn't look at windows' keystore at all. You'll likely be able to solve this by importing the correct certificates in the JVM's keystore using the keytool utility.
See also:
https://sylvainleroy.com/2018/07/30/sonarqube-scanner-and-invalid-ssl-certificates/
I'm unable to connect to the sonarcube server(localhost:9000) from Azure Devops(dev.azure.com)
The following is the error log:
[error][SQ] API GET '/api/server/version' failed, error was: {"code":"ECONNREFUSED","errno":"ECONNREFUSED","syscall":"connect","address":"127.0.0.1","port":9000}
I've Authenticated it by generating token in Sonarqube and providing the credentials in dev.azure.