Title
#help
t

TS

06/16/2022, 10:12 PM
Hi, I'm trying to deploy cerbos server to a cluster following your example but I'm getting this error. I just changed the repo URL, branch (it exists in remote), and subDir. I created a personal access token with repo scope
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:15 PM
Which git protocol are you using: file, HTTPS or ssh?
10:16 PM
I guess https
t

TS

06/16/2022, 10:16 PM
https
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:20 PM
Can you please try to check out this repo (if not already)
<https://github.com/cerbos/sample-policies.git>
10:22 PM
The idea is to reproduce the example in your environment
t

TS

06/16/2022, 10:25 PM
10:25 PM
That repo is private
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:26 PM
Oops. My bad.
t

TS

06/16/2022, 10:28 PM
I tried with this repo
10:29 PM
It worked 🤔
10:30 PM
So I think there is a problem with my repo
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:30 PM
Probably the pod doesn’t have access to the internet or to the git repo.
t

TS

06/16/2022, 10:31 PM
The pod have access to internet because it clone this repo
10:32 PM
So I think there is a problem with my repo
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:32 PM
I see
t

TS

06/16/2022, 10:32 PM
My repo is private and is inside an organization
10:33 PM
I think my personal access token does not work for that
10:35 PM
The image is correct? I think it should be:
https:
  username: "my-github-username"
  password: ${GITHUB_TOKEN}
isn't?
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:39 PM
Hmm… Let me double-check this.
My repo is private and is inside an organization
Is it on GitHub?
t

TS

06/16/2022, 10:39 PM
Yeah, on GitHub
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:41 PM
Have you tried both?
https:
  username: "my-github-username"
  password: ${GITHUB_TOKEN}
and
https:
  username: ${GITHUB_TOKEN}
  password:
t

TS

06/16/2022, 10:42 PM
yep
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 10:44 PM
If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see “About authentication with SAML single sign-on” and “Authorizing a personal access token for use with SAML single sign-on” in the GitHub Enterprise Cloud documentation.
from here https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
10:45 PM
Does your org use SAML SSO?
10:55 PM
I think you’re right. The auth details should be
https:
  username: "anything here but an empty string"
  password: ${GITHUB_TOKEN}
t

TS

06/16/2022, 11:03 PM
I don't think so SSO is the problem
11:04 PM
because I have just used personal access for another apps
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 11:10 PM
You probably running those apps locally. Have your tried to run cerbos locally as well?
t

TS

06/16/2022, 11:11 PM
They are running in the same cluster
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 11:26 PM
Can you publish or DM your config (with all sensitive info removed)?
t

TS

06/16/2022, 11:33 PM
Sent
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 11:33 PM
Thanks
11:43 PM
The config seems to be correct. Could you please try it with the main/master branch? I understand it doesn’t have policies.
t

TS

06/16/2022, 11:46 PM
With master branch, I get
failed to get repo HEAD: reference not found
The same issue
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 11:47 PM
Does the repo URL end with
.git
?
t

TS

06/16/2022, 11:49 PM
yes
Dennis (Cerbos)

Dennis (Cerbos)

06/16/2022, 11:53 PM
Here’s the smallest code snippet to try to reproduce the issue locally, but it requires Golang. Usage: Check out the repo, then from
./_examples/clone/auth/basic/access_token
run
go run main.go <url> <directory> <github_access_token>
11:54 PM
It checks out the repo set by <url> to the <directory>
t

TS

06/17/2022, 12:11 AM
go run main.go '<https://github.com/my-org/repo.git>' ./repo/ 'my-token'
It worked correctly
12:11 AM
It cloned the repo to the specified directory
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 12:12 AM
So the token and the git library work
12:12 AM
Can you please try to run cerbos locally?
t

TS

06/17/2022, 12:17 AM
Do you think the problem could be some kind of timeout because I saw the cloning took 1 minute with 20 seconds?
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 12:17 AM
Possibly
12:19 AM
Git storage has updatePollInterval and operationTimeout
12:20 AM
Default is 60s
t

TS

06/17/2022, 12:21 AM
Let's try it 🤞
12:27 AM
Did not work
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 12:29 AM
Same repo and token as with the code snippet?
t

TS

06/17/2022, 12:29 AM
Yep, the same
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 12:31 AM
Did you get the same error when you run cerbos locally?
t

TS

06/17/2022, 12:32 AM
I did not try locally, yet
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 12:33 AM
Can you please try it locally?
t

TS

06/17/2022, 12:44 AM
will try it locally
12:45 AM
In the meantime, I try with uploading the policies to a s3 bucket, publicly accessible. but does not work either
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 12:47 AM
If it is public, can you DM me the bucket URL?
t

TS

06/17/2022, 12:51 AM
done
Dennis (Cerbos)

Dennis (Cerbos)

06/17/2022, 1:07 AM
Cerbos instance running locally has cloned your S3 bucket