-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Release 1.2.3 Breaks on Oauth Token Retrieval from cfapi #302
Comments
Logs of splunk-firehose-nozzle-1.2.3 after upgrading from 1.2.2 to 1.2.3
|
I have confirmed that the environment variables for CLIENT_ID and CLIENT_SECRET are the same on 1.2.2 (because it is working) and on 1.2.3 |
I can confirm that we experienced the same behavior in our test environment after taking 1.2.3. |
I just removed all of 1.2.3, 1.2.2 and deployed a fresh instance of 1.2.3. The problem is identical. This indicates that it is probably not due to the migration/upgrade changes. I couldn't see anything in the release diffs that would cause this issue. Thank you @xyloman for confirming. |
Perhaps an update in one of the libraries the app uses? |
HI, i can confirm we are on Nozzle release 1.2.3 and Tanzu Applicaiton Services 2.11.8 which is CC api 2.164.0 and the nozzle runs fine without this issue. i know from an other user that they also dont experience this issue with TAS 2.11.X |
@gaigaslab-operations Thanks for reporting this. Can you please provide more details of the environment ? like TAS version, so that we can try to reproduce. (We had verified in TAS 2.11 and 2.7 LTS, and this issue was not there.) |
TAS 2.11.8 LTS |
Since the problem is about authorization, how is the app getting a token? Is it hitting uaa.? |
@kashyap-splunk @JuergenSu |
Hi, this is our env
and its running fine with 2.11.8-build.13 |
@gaigaslab-operations for auth, app uses the Client ID/secret provided to get token from uaa. Here, the Client ID and secret pair is generated using either 'uaac' or deployment manifest. (For ref: pivotal docs or Github docs) And, I have attached the env details of the setup I used for testing. Can you try generating new client id/secret pair using above steps and use them in your test/dev setup ? |
@kashyap-splunk We had already created a uaa oauth client and were using it with 1.2.2. When we upgraded to 1.2.3, that's where the problem started. When we backlevel to 1.2.2, it works again. The differences between my environment and that of @JuergenSu are as follows: (my configuration on the left, @JuergenSu in parenthesis following)
I modified my config to match, restaged, and still had the problem. My go buildpack is: I validated that the CLIENT_ID and CLIENT_SECRET are correct by retrieving a token through curl:
Now, I do have special characters in the secret such as |
That was it! I changed the CLIENT_SECRET on the uaac client and in the config (to match) and we can now start and run 1.2.3. There must have been a change in the CLIENT_SECRET handling so that special characters are no longer handled correctly. It would be good to get this fixed or documented. Any valid UAA client secret should be valid in the firehose-nozzle |
Yes, I am able to reproduce this now with special characters. And I verified it was not there in 1.2.2. We have not changed anything related to special characters handling. But from initial analysis, it seems that this is due to an issue in the specific version of the Oauth2 library used by 'cfclient' library we have used for authentication. (which was automatically determined by Go mods during migration from Glide). I will dig deeper and update. |
Fixed and available with 1.2.4 release |
We upgraded to Tile 1.2.3 from 1.2.2
Immediately, the splunk-nozzle-1.2.3 app started crashing after reporting that it could not get a token from the api endpoint - authorization error.
I don't have the logs right now, since we reverted to 1.2.2 to recover. I will reproduce on our sandbox foundation and provide the logs.
The text was updated successfully, but these errors were encountered: