adohkan / git-remote-https-iap Goto Github PK

View Code? Open in Web Editor NEW

14.0 5.0 11.0 63 KB

Seamless authentication for GCP Identity-Aware-Proxy protected Git repositories

License: Apache License 2.0

Go 90.58% Makefile 9.42%

git-remote-helper gcp-iap identity-aware-proxy git-iap

git-remote-https-iap's People

Contributors

Stargazers

Watchers

Forkers

marshallbrekka acumenix solsson atoms motorolasolutions syllogy ryanm101 elatov doytsujin henricook mscribellito

git-remote-https-iap's Issues

fatal: unable to update url base from redirection

Expected Behavior

Consistently work like the 10-50% of attempts that don't get the redirect.

Actual Behavior

With no changes in how we use git-remote-https+iap, since late last week most of our git fetch and push attemtps result in

% GIT_IAP_VERBOSE=1 GIT_TRACE=true git fetch
16:03:50.102505 exec-cmd.c:139          trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/bin/git
16:03:50.103081 exec-cmd.c:238          trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/bin
16:03:50.103696 git.c:455               trace: built-in: git fetch
16:03:50.106250 run-command.c:667       trace: run_command: GIT_DIR=.git git remote-https+iap origin https+iap://git.example.net/example/repo
16:03:50.109391 exec-cmd.c:139          trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/libexec/git-core/git
16:03:50.109809 exec-cmd.c:238          trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/libexec/git-core
16:03:50.110135 git.c:743               trace: exec: git-remote-https+iap origin https+iap://git.example.net/example/repo
16:03:50.110147 run-command.c:667       trace: run_command: git-remote-https+iap origin https+iap://git.example.net/example/repo
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"/Users/me/example/ystack/bin/git-remote-https+iap origin https+iap://git.example.net/example/repo"}
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"Manage IAP auth for https://git.example.net"}
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"IAP Cookie still valid until 2022-01-17 16:51:15 +0100 CET"}
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"passThruRemoteHTTPSHelper exec: [git remote-https origin https://git.example.net/example/repo]"}
16:03:50.122336 exec-cmd.c:139          trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/libexec/git-core/git
16:03:50.122667 exec-cmd.c:238          trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/libexec/git-core
16:03:50.122985 git.c:743               trace: exec: git-remote-https origin https://git.example.net/example/repo
16:03:50.122998 run-command.c:667       trace: run_command: git-remote-https origin https://git.example.net/example/repo
16:03:50.125879 exec-cmd.c:139          trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/libexec/git-core/git-remote-https
16:03:50.126181 exec-cmd.c:238          trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/libexec/git-core
fatal: unable to update url base from redirection:
  asked for: https://git.example.net/example/repo/info/refs?service=git-upload-pack
   redirect: https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJ

The behavior is the same if I delete the cookie file.

Steps to Reproduce the Problem

Configure according to README
Git fetch or push

Specifications

Version: 0.1.1
Git version: 2.32.0 (Apple Git-132)
Operating System: OSX Monterey

Failure to authenticate due to empty string rawToken

Expected Behavior

Working git fetch and push

Actual Behavior

During tireless retrying before your heroic rescue action on #5 one of our developers ended up in a state that causes all IAP requests to segfault in parseJWToken.

{"level":"debug","message":"Reading file /Users/me/.config/gcp-iap/my-example-net.cookie"}
{"level":"debug","message":"could not read IAP cookie for https://my.example.net: open /Users/me/.config/gcp-iap/me-example-net.cookie: no such file or directory"}
{"level":"debug","message":"GetCredentials - found credentials for protocol=iap,host=https://me.example.net,username=refresh-token"}
{"level":"debug","message":"GetIAPAuthToken - successfully used 'refresh_token' to claim IAP Auth Token"}
{"level":"debug","message":"rawToken: "}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x12e6e45]

goroutine 1 [running]:
github.com/adohkan/git-remote-https-iap/internal/iap.parseJWToken({0x0, 0xc0000274fc})

I think the segfault isn't the issue, but "rawToken: " is.

Steps to Reproduce the Problem

We don't know yet but clearing the cookie file and re-configuring did not help.

Have you seen any instance of this issue, or have an immediate idea of where to look for the cause? If not I'll just continue digging 🙂

Specifications

Version: both v0.1.0 and v0.2.0
Git version: 2.30.1
Operating System: OSX 12.1

Failure to execute git commands due to bad request on refresh token

Expected Behavior

GIT_IAP_VERBOSE=1 git clone https://example.com/repo/repo.git
Cloning into 'repo'...
{"level":"debug","time":"2023-07-21T12:17:41+01:00","message":"/Users/me/bin/git-remote-https+iap origin https+iap://example.com/repo/repo.git"}
{"level":"debug","time":"2023-07-21T12:17:41+01:00","message":"[handleIAPAuthCookieFor] Manage IAP auth for https://example.comi"}
{"level":"debug","time":"2023-07-21T12:17:41+01:00","message":"[handleIAPAuthCookieFor] IAP Cookie still valid until 2023-07-21 13:17:22 +0100 BST"}
.....

Actual Behavior

GIT_IAP_VERBOSE=1 git-remote-https+iap check origin "https://example.com/repo/repo.git"
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"git-remote-https+iap check origin https://example.com/repo/repo.git"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[handleIAPAuthCookieFor] Manage IAP auth for https://example.com"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[handleIAPAuthCookieFor] Could not read IAP cookie for https://example.com: open /Users/me/.config/gcp-iap/example.com.cookie: no such file or directory"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[NewCookie] Attempting to get NewCookie"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[GetCredentials] Found credentials for protocol=iap,host=https://example.com,username=refresh-token"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[GetIAPAuthToken] refreshToken is: XXXXXXXX"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[GetIAPAuthToken] Google Endpoint is: https://oauth2.googleapis.com/token"}
{"level":"debug","time":"2023-07-21T12:16:22+01:00","message":"[NewCookie] Failed to GetIAPAuthToken"}
{"level":"fatal","time":"2023-07-21T12:16:22+01:00","message":"[GetIAPAuthToken] Could not get exchange 'refresh_token' for IAP Auth Token: HTTP Error Code: Bad Request .... Error Description: invalid_grant"}

Steps to Reproduce the Problem

Unsure.
I suspect issue with the fact the browserflow never executes so I have a corrupted cached cred.

Specifications

Version: 0.20
Git version: 2.39.2
Operating System: Mac (M1) Ventura 13.4.1

Migrate to https://github.com/golang-jwt/jwt

github.com/dgrijalva/jwt-go is no longer maintained and has a security issue

adohkan / git-remote-https-iap Goto Github PK

git-remote-https-iap's People

Contributors

Stargazers

Watchers

Forkers

git-remote-https-iap's Issues

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

Recommend Projects

Recommend Topics

Recommend Org