adohkan / git-remote-https-iap Goto Github PK
View Code? Open in Web Editor NEWSeamless authentication for GCP Identity-Aware-Proxy protected Git repositories
License: Apache License 2.0
Seamless authentication for GCP Identity-Aware-Proxy protected Git repositories
License: Apache License 2.0
Consistently work like the 10-50% of attempts that don't get the redirect.
With no changes in how we use git-remote-https+iap
, since late last week most of our git fetch and push attemtps result in
% GIT_IAP_VERBOSE=1 GIT_TRACE=true git fetch
16:03:50.102505 exec-cmd.c:139 trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/bin/git
16:03:50.103081 exec-cmd.c:238 trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/bin
16:03:50.103696 git.c:455 trace: built-in: git fetch
16:03:50.106250 run-command.c:667 trace: run_command: GIT_DIR=.git git remote-https+iap origin https+iap://git.example.net/example/repo
16:03:50.109391 exec-cmd.c:139 trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/libexec/git-core/git
16:03:50.109809 exec-cmd.c:238 trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/libexec/git-core
16:03:50.110135 git.c:743 trace: exec: git-remote-https+iap origin https+iap://git.example.net/example/repo
16:03:50.110147 run-command.c:667 trace: run_command: git-remote-https+iap origin https+iap://git.example.net/example/repo
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"/Users/me/example/ystack/bin/git-remote-https+iap origin https+iap://git.example.net/example/repo"}
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"Manage IAP auth for https://git.example.net"}
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"IAP Cookie still valid until 2022-01-17 16:51:15 +0100 CET"}
{"level":"debug","time":"2022-01-17T16:03:50+01:00","message":"passThruRemoteHTTPSHelper exec: [git remote-https origin https://git.example.net/example/repo]"}
16:03:50.122336 exec-cmd.c:139 trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/libexec/git-core/git
16:03:50.122667 exec-cmd.c:238 trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/libexec/git-core
16:03:50.122985 git.c:743 trace: exec: git-remote-https origin https://git.example.net/example/repo
16:03:50.122998 run-command.c:667 trace: run_command: git-remote-https origin https://git.example.net/example/repo
16:03:50.125879 exec-cmd.c:139 trace: resolved executable path from Darwin stack: /Library/Developer/CommandLineTools/usr/libexec/git-core/git-remote-https
16:03:50.126181 exec-cmd.c:238 trace: resolved executable dir: /Library/Developer/CommandLineTools/usr/libexec/git-core
fatal: unable to update url base from redirection:
asked for: https://git.example.net/example/repo/info/refs?service=git-upload-pack
redirect: https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJ
The behavior is the same if I delete the cookie file.
2.32.0 (Apple Git-132)
Working git fetch and push
During tireless retrying before your heroic rescue action on #5 one of our developers ended up in a state that causes all IAP requests to segfault in parseJWToken
.
{"level":"debug","message":"Reading file /Users/me/.config/gcp-iap/my-example-net.cookie"}
{"level":"debug","message":"could not read IAP cookie for https://my.example.net: open /Users/me/.config/gcp-iap/me-example-net.cookie: no such file or directory"}
{"level":"debug","message":"GetCredentials - found credentials for protocol=iap,host=https://me.example.net,username=refresh-token"}
{"level":"debug","message":"GetIAPAuthToken - successfully used 'refresh_token' to claim IAP Auth Token"}
{"level":"debug","message":"rawToken: "}
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x12e6e45]
goroutine 1 [running]:
github.com/adohkan/git-remote-https-iap/internal/iap.parseJWToken({0x0, 0xc0000274fc})
I think the segfault isn't the issue, but "rawToken: "
is.
We don't know yet but clearing the cookie file and re-configuring did not help.
Have you seen any instance of this issue, or have an immediate idea of where to look for the cause? If not I'll just continue digging ๐
GIT_IAP_VERBOSE=1 git clone https://example.com/repo/repo.git
Cloning into 'repo'...
{"level":"debug","time":"2023-07-21T12:17:41+01:00","message":"/Users/me/bin/git-remote-https+iap origin https+iap://example.com/repo/repo.git"}
{"level":"debug","time":"2023-07-21T12:17:41+01:00","message":"[handleIAPAuthCookieFor] Manage IAP auth for https://example.comi"}
{"level":"debug","time":"2023-07-21T12:17:41+01:00","message":"[handleIAPAuthCookieFor] IAP Cookie still valid until 2023-07-21 13:17:22 +0100 BST"}
.....
GIT_IAP_VERBOSE=1 git-remote-https+iap check origin "https://example.com/repo/repo.git"
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"git-remote-https+iap check origin https://example.com/repo/repo.git"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[handleIAPAuthCookieFor] Manage IAP auth for https://example.com"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[handleIAPAuthCookieFor] Could not read IAP cookie for https://example.com: open /Users/me/.config/gcp-iap/example.com.cookie: no such file or directory"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[NewCookie] Attempting to get NewCookie"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[GetCredentials] Found credentials for protocol=iap,host=https://example.com,username=refresh-token"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[GetIAPAuthToken] refreshToken is: XXXXXXXX"}
{"level":"debug","time":"2023-07-21T12:16:21+01:00","message":"[GetIAPAuthToken] Google Endpoint is: https://oauth2.googleapis.com/token"}
{"level":"debug","time":"2023-07-21T12:16:22+01:00","message":"[NewCookie] Failed to GetIAPAuthToken"}
{"level":"fatal","time":"2023-07-21T12:16:22+01:00","message":"[GetIAPAuthToken] Could not get exchange 'refresh_token' for IAP Auth Token: HTTP Error Code: Bad Request .... Error Description: invalid_grant"}
Unsure.
I suspect issue with the fact the browserflow never executes so I have a corrupted cached cred.
github.com/dgrijalva/jwt-go is no longer maintained and has a security issue
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.