Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(aws): configure basic auth for bindle #74

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat(aws): configure basic auth for bindle #74

wants to merge 1 commit into from

Conversation

vdice
Copy link
Member

@vdice vdice commented Jun 28, 2022

  • Adds basic auth to the Bindle server

Ref #3

@vdice vdice force-pushed the feat/add-bindle-basic-auth branch from 1162a50 to 221e18c Compare June 28, 2022 20:57
@vdice
Copy link
Member Author

vdice commented Jun 28, 2022

@bacongobbler with the current commit, services deploy correctly but I'm unable to deploy an app. Looking at the bindle logs, I see auth errors like the following, presumably from hippo requests:

2022-06-28T20:48:40.830445Z DEBUG bindle::server::filters: Authentication error error=Invalid byte 58, offset 5.
2022-06-28T20:48:40.830464Z DEBUG bindle::server::filters: Handling rejection as authn rejection
2022-06-28T20:48:40.830468Z DEBUG bindle::server::reply: Parsed accept header into list accept_value=application/toml accept_items=["application/toml"]
2022-06-28T20:48:40.830473Z DEBUG bindle::server::reply: Selected a best-fit MIME best_fit=application/toml

The deploy itself fails like so:

$ spin deploy
Error: Unable to create Hippo app

Caused by:
    {"type":"https://tools.ietf.org/html/rfc7231#section-6.6.1","title":"An error occurred while processing your request.","status":500}

I'm not seeing any logs in Hippo, even with Logging__LogLevel__Default = "Debug" set in its job env...

I wonder if the first thing we can double-check is that Hippo is passing along the username and password correctly?

If easier/more convenient to test using the local installer, you can try this wip branch instead: https://github.com/vdice/fermyon-installer/tree/wip/local-bindle-basic-auth

@bacongobbler
Copy link
Member

bacongobbler commented Jun 28, 2022
edited
Loading

This is probably because Hippo does not propagate bindle credential auth down to the nomad job. Hippo can fetch information from bindle, but the nomad job running Spin cannot pull the bindle because it doesn't have the username/password credentials.

@bacongobbler
Copy link
Member

https://github.com/deislabs/hippo/blob/843f7da45edd3acbab95007aa89ba90ba2155a9a/src/Infrastructure/Services/NomadJobService.cs#L179

@vdice
Copy link
Member Author

vdice commented Jun 29, 2022

Thanks @bacongobbler -- I'll have to double-check but I think bindle-server v0.8.0 running with basic auth actually still allows anonymous GETs, so Spin should be able to fetch bindles as usual. I'll need to double-check this. But I can confirm that the Nomad job representing the Spin app hasn't yet been scheduled on Nomad when I hit this behavior; so I think we're encountering issues prior to this.

@bacongobbler
Copy link
Member

Hmm, okay. I’ll see if I can reproduce the issue tomorrow. Thanks for looking into this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vdice @bacongobbler