I'm trying to create a Spring Cloud Config Server to retrieve configuration files from a private GitHub repository. My GitHub account has 2 Factor Authentication activated so I wasn't expecting the below configuration to work, which it didn't but I can't find any documentation to suggest what I need to do in order to make it work.
What configuration do I need to set that will allow the connection to work?
spring.cloud.config.server.git.uri=https://github.com/DanBonehill/photo-app-config
spring.cloud.config.server.git.username=USERNAME
spring.cloud.config.server.git.password=PASSWORD
Error
org.eclipse.jgit.api.errors.TransportException: https://github.com/DanBonehill/photo-app-config: not authorized
What you could try and do (have not tested this), is create a personal access token from the Github console.
Then configure
spring.cloud.config.server.git.username=<yourusername>
spring.cloud.config.server.git.password=<yourtoken>
Instead of using username and password you should use an ssh key, the official documentation can guide you through it!
Basic authentication using a password to Git is deprecated and will soon no longer work. Visit https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/ for more information around suggested workarounds and removal dates.
you solve this in 2 minutes, this problem is because at August 13, 2021 the github update the login form, to solve this.
1) login in your gitHub folow this path: Settings > Developer settings > Personal access tokens > Generate new token
2) Now set a long time to expiration token, check the "repo" to allow access repository with this token, and Generate token.
3) Now skill your github password because this token created is your new password, replace this at all application, server, terminal that need to access github.
4) Now configure your spring configuration server, this is a content of file "application.properties" of spring configuration server at path /src/main/resources/application.properties.
spring.cloud.config.server.git.uri= https://github.com/"username"/"repository" //your githur repository
spring.cloud.config.server.git.search-paths= myFilesFolder /if your files is into some folder
spring.cloud.config.server.git.username= testUsername // your username
spring.cloud.config.server.git.password= gti_FdsweecSoUSHPsdfw //Here is your new token created
Related
I have deployed a very basic web app to JFrog that I created using Maven. It has a basic JSP file that says "Hello World" I deployed a .war file manually. After deployment, I was able to see the link like
localhost:8082/artifactory/MyWebApp/
But, when I hit it, it redirects me to 8082 and asks for a username and password which I never set up. I tried the login name and password but this does not seem to work. I have not used any authentication in my application. Kindly help
So, I resolved it. As it was a new installation, I generated a new token and gave it permission to access. I was thus able to access the path and download the artifact.
This seems to be a permission issue to me. Generate a new token with proper access. Should work.
I have a project (A), with CI pipeline, in GitLab. This pipeline has a dependency on a package from another project (B). During the build of project A, I want to download the package from project B's package registry. The packages are uploaded as (zip files) generic packages. The projects are all private so I need some kind of access token to authenticate.
I'm trying to use Deploy Tokens as these seem to provide the required read_package_registry access scope. However, I cannot find any documentation describing how to authenticate with a deploy token when downloading generic package files.
I'm using the following request, described in the previous link.
GET https://gitlab.com/api/v4/projects/<project_B_id>/packages/generic/<package_name>/<package_version>/<package_file>
I have tried
adding the deploy token username and password to the URL, basic/digest authentication
Adding a header to the request PRIVATE-TOKEN: [deploy-token]
Adding a header to the request DEPLOY-TOKEN: [deploy-token]
Adding a header to the request Authorization: Bearer [deploy-token]
I've also tried each of the above headers but with [deploy-token-username][deploy-token] as the value
I can't find documentation stating that I can't use a deploy token.
Does anyone have a working example of how to do this, or does anyone know if this is/isn't possible?
I can switch to a private access token, but I'd prefer to use the correct tool for the job, and that seems to be deploy tokens.
The issue has been raised on gitlab. Deploy tokens do not work for now. It is currently tracked here:
https://gitlab.com/gitlab-org/gitlab/-/issues/284397
The workaround is to use a personal access token.
This works since Gitlab 13.0. As per documentation, create a deploy token, and supply the username and password in the request. This is basic authentication, and with curl you can do so
curl --user "<deploy-token-username>:<deploy-token>" \
"https://gitlab.example.com/api/v4/projects/24/packages/generic/my_package/0.0.1/file.txt"
Deploy tokens do not seem to work with PRIVATE-TOKEN or Authorization headers with bearer token.
I've been looking for this answer too.
The docs (https://docs.gitlab.com/ee/user/packages/generic_packages/index.html#authenticate-to-the-package-registry) say
To authenticate to the Package Registry, you need either a personal access token or CI job token.
No mention of Deploy Tokens. Those seem to be limited to docker, npm, etc.
Also, the Job Token you have in project B allows you to publish your artifact. But, the Job Token you have in project A does not seem to be authorized to download it.
I believe the answer is that you cannot use a Deploy Token, but I'd love to be proven wrong.
I am trying to access the Github repo which sits behind an enterprise firewall (Open VPN). I am trying to access with my username and password but getting the below Exception. Any suggestions on how to access the repo with Spring Cloud.
application.properties:
spring.cloud.config.server.git.uri=https://github.com/company-repo/abc.git
spring.cloud.config.server.git.username=tarun
spring.cloud.config.server.git.password=xxxxx
spring.cloud.config.server.git.ignore-local-ssh-settings=true
Exception:
Error occured cloning to base directory. org.eclipse.jgit.api.errors.TransportException:
https://github.com/company-repo/abc.git: not authorized
Do not Use Your GitHub password in your app.prop file...You will get a Not Authorized exception. Instead Generate an access token.
Creating a personal access token
You should create a personal access token to use in place of a password with the command line or with the API.
Personal access tokens (PATs) are an alternative to using passwords for authentication to GitHub when using the GitHub API or the command line.
If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see "About authentication with SAML single sign-on" and "Authorizing a personal access token for use with SAML single sign-on."
As a security precaution, GitHub automatically removes personal access tokens that haven't been used in a year.
Creating a token
Verify your email address, if it hasn't been verified yet.
In the upper-right corner of any page, click your profile photo, then click Settings.
Settings icon in the user bar
In the left sidebar, click Developer settings.
In the left sidebar, click Personal access tokens.
Click Generate new token.
Give your token a descriptive name.
Select the scopes, or permissions, you'd like to grant this token. To use your token to access repositories from the command line, select repo.
Click Generate token.
Click to copy the token to your clipboard. For security reasons, after you navigate off the page, you will not be able to see the token again.
Warning: Treat your tokens like passwords and keep them secret. When working with the API, use tokens as environment variables instead of hardcoding them into your programs.
To use your token to authenticate to an organization that uses SAML SSO, authorize the token for use with a SAML single-sign-on organization.
Using a token on the command line
Once you have a token, you can enter it instead of your password when performing Git operations over HTTPS.
For example, on the command line you would enter the following:
$ git clone https://github.com/username/repo.git
Username: your_username
Password: your_token
Personal access tokens can only be used for HTTPS Git operations. If your repository uses an SSH remote URL, you will need to switch the remote from SSH to HTTPS.
If you are not prompted for your username and password, your credentials may be cached on your computer. You can update your credentials in the Keychain to replace your old password with the token.
The way i made it work is :
Generate the Access Token on Github repo and provide read and admin rights to it
Use the Token as password
Credentials can be saved in Kubernetes as Secrets or inside Vault. Hope this helps.
I've seen a lot of examples of how to configure Maven to upload using a username / password, but I haven't seen any examples of how to do this using the access token. (Access tokens: https://www.jfrog.com/confluence/display/RTF/Access+Tokens)
In the examples I've found, the username/password are stored in settings.xml. I'm looking for a solution that allows me to use this token with mvn deploy.
The access token can be used as the password. For example, if your username is "myuser" and you have an access token for this user: "eyHFdghgHDFGHdgdfg5t...", then your settings file should have the following:
<username>myuser</username>
<password>eyHFdghgHDFGHdgdfg5t...</password>
This is basically already covered in the Using Tokens section of the Wiki you mentioned.
HTH,
Yinon.
I have installed the Google Drive Realtime API sample files on my web server, following these instructions, including generating a client_id in the Cloud Console and inserting it into the index.html file.
When I visit that page and click the button to authorize the app, it pops up with a new window and shows:
Error: invalid_client
no registered origin
The Request Details are:
openid_connect_request=true
cookie_policy_enforce=false
scope=https://www.googleapis.com/auth/drive.install https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/plus.me
response_type=token
access_type=online
redirect_uri=postmessage
proxy=oauth2relay865404532
origin=http://mywebsite.com
state=264939258|0.165356673
display=page
client_id=1077585001321.apps.googleusercontent.com
authuser=0
I can't see any other client_id that I should be using in the Cloud Console. Does anybody know how to overcome this error? Thanks for your help.
In the new Google API Console, configure your OAuth2.0 authorized origins from
Your Project > APIs & auth > Credentials
You might need to add a new Client ID specifically for a web application (I did because the default was for AppEngine)
Create Client ID > Web Application > Authorized Javascript origins
If you are running on a local dev server, just add the exact URL such as :
http://127.0.0.1:9000
UPDATE: I changed accepted answer to Johno Scott instead as he refers to the newer version of the console, whereas mine was only true for the older version.
I solved it. I needed to enter a WEB ORIGIN on the OAuth 2.0 Client ID screen. Specifically, it had to be the exact path/url of the index.html file, otherwise it defaults to the root domain which doesn't work.
This screenshot shows you exactly where it needs to be entered: