Channels
  • t

    TS

    2 weeks ago
    Hi, I'm trying to deploy cerbos server to a cluster following your example but I'm getting this error. I just changed the repo URL, branch (it exists in remote), and subDir. I created a personal access token with repo scope
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Which git protocol are you using: file, HTTPS or ssh?
    I guess https
  • t

    TS

    2 weeks ago
    https
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Can you please try to check out this repo (if not already)
    <https://github.com/cerbos/sample-policies.git>

    The idea is to reproduce the example in your environment
  • t

    TS

    2 weeks ago
    That repo is private
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Oops. My bad.
  • t

    TS

    2 weeks ago
    I tried with this repo
    It worked 🤔
    So I think there is a problem with my repo
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Probably the pod doesn’t have access to the internet or to the git repo.
  • t

    TS

    2 weeks ago
    The pod have access to internet because it clone this repo
    So I think there is a problem with my repo
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    I see
  • t

    TS

    2 weeks ago
    My repo is private and is inside an organization
    I think my personal access token does not work for that
    The image is correct? I think it should be:
    https:
      username: "my-github-username"
      password: ${GITHUB_TOKEN}
    isn't?
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Hmm… Let me double-check this.
    My repo is private and is inside an organization Is it on GitHub?
  • t

    TS

    2 weeks ago
    Yeah, on GitHub
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Have you tried both?
    https:
      username: "my-github-username"
      password: ${GITHUB_TOKEN}
    and
    https:
      username: ${GITHUB_TOKEN}
      password:
  • t

    TS

    2 weeks ago
    yep
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see “
    About authentication with SAML single sign-on” and “Authorizing a personal access token for use with SAML single sign-on” in the GitHub Enterprise Cloud documentation. from here https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
    Does your org use SAML SSO?
    I think you’re right. The auth details should be
    https:
      username: "anything here but an empty string"
      password: ${GITHUB_TOKEN}
  • t

    TS

    2 weeks ago
    I don't think so SSO is the problem
    because I have just used personal access for another apps
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    You probably running those apps locally. Have your tried to run cerbos locally as well?
  • t

    TS

    2 weeks ago
    They are running in the same cluster
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Can you publish or DM your config (with all sensitive info removed)?
  • t

    TS

    2 weeks ago
    Sent
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Thanks
    The config seems to be correct. Could you please try it with the main/master branch? I understand it doesn’t have policies.
  • t

    TS

    2 weeks ago
    With master branch, I get
    failed to get repo HEAD: reference not found
    The same issue
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Does the repo URL end with
    .git
    ?
  • t

    TS

    2 weeks ago
    yes
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Here’s the smallest code snippet to try to reproduce the issue locally, but it requires Golang. Usage: Check out the repo, then from
    ./_examples/clone/auth/basic/access_token
    run
    go run main.go <url> <directory> <github_access_token>

    It checks out the repo set by <url> to the <directory>
  • t

    TS

    2 weeks ago
    go run main.go '<https://github.com/my-org/repo.git>' ./repo/ 'my-token'
    It worked correctly
    It cloned the repo to the specified directory
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    So the token and the git library work
    Can you please try to run cerbos locally?
  • t

    TS

    2 weeks ago
    Do you think the problem could be some kind of timeout because I saw the cloning took 1 minute with 20 seconds?
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Possibly
    Git storage has updatePollInterval and operationTimeout
    Default is 60s
  • t

    TS

    2 weeks ago
    Let's try it 🤞
    Did not work
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Same repo and token as with the code snippet?
  • t

    TS

    2 weeks ago
    Yep, the same
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Did you get the same error when you run cerbos locally?
  • t

    TS

    2 weeks ago
    I did not try locally, yet
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Can you please try it locally?
  • t

    TS

    2 weeks ago
    will try it locally
    In the meantime, I try with uploading the policies to a s3 bucket, publicly accessible. but does not work either
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    If it is public, can you DM me the bucket URL?
  • t

    TS

    2 weeks ago
    done
  • Dennis (Cerbos)

    Dennis (Cerbos)

    2 weeks ago
    Cerbos instance running locally has cloned your S3 bucket