https://cerbos.dev logo
Join Slack
Powered by
Hi, I'm trying to deploy cerbos server to a cluste...
# help
t
Hi, I'm trying to deploy cerbos server to a cluster following your example but I'm getting this error. I just changed the repo URL, branch (it exists in remote), and subDir. I created a personal access token with repo scope
d
Which git protocol are you using: file, HTTPS or ssh?
I guess https
t
https
d
Can you please try to check out this repo (if not already) 
<https://github.com/cerbos/sample-policies.git>
The idea is to reproduce the example in your environment
t
message has been deleted
That repo is private
d
Oops. My bad.
t
I tried with this repo
It worked 🤔
đź‘Ť 1
So I think there is a problem with my repo
d
Probably the pod doesn’t have access to the internet or to the git repo.
t
The pod have access to internet because it clone this repo
So I think there is a problem with my repo
d
I see
t
My repo is private and is inside an organization
I think my personal access token does not work for that
The image is correct? I think it should be:
Copy code
https:
  username: "my-github-username"
  password: ${GITHUB_TOKEN}
isn't?
d
Hmm… Let me double-check this.
My repo is private and is inside an organization
Is it on GitHub?
t
Yeah, on GitHub
d
Have you tried both?
Copy code
https:
  username: "my-github-username"
  password: ${GITHUB_TOKEN}
and
Copy code
https:
  username: ${GITHUB_TOKEN}
  password:
t
yep
d
If you want to use a PAT to access resources owned by an organization that uses SAML SSO, you must authorize the PAT. For more information, see “About authentication with SAML single sign-on” and “Authorizing a personal access token for use with SAML single sign-on” in the GitHub Enterprise Cloud documentation.
from here https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token
Does your org use SAML SSO?
I think you’re right. The auth details should be
Copy code
https:
  username: "anything here but an empty string"
  password: ${GITHUB_TOKEN}
t
I don't think so SSO is the problem
because I have just used personal access for another apps
d
You probably running those apps locally. Have your tried to run cerbos locally as well?
t
They are running in the same cluster
d
Can you publish or DM your config (with all sensitive info removed)?
t
Sent
d
Thanks
The config seems to be correct. Could you please try it with the main/master branch? I understand it doesn’t have policies.
t
With master branch, I get 
failed to get repo HEAD: reference not found
The same issue
d
Does the repo URL end with 
.git
?
t
yes
d
Here’s the smallest code snippet to try to reproduce the issue locally, but it requires Golang. Usage: Check out the repo, then from 
./_examples/clone/auth/basic/access_token
run 
go run main.go <url> <directory> <github_access_token>
It checks out the repo set by <url> to the <directory>
t
go run main.go '<https://github.com/my-org/repo.git>' ./repo/ 'my-token'
It worked correctly
It cloned the repo to the specified directory
d
So the token and the git library work
Can you please try to run cerbos locally?
t
Do you think the problem could be some kind of timeout because I saw the cloning took 1 minute with 20 seconds?
d
Possibly
Git storage has updatePollInterval and operationTimeout
Default is 60s
t
Let's try it 🤞
Did not work
d
Same repo and token as with the code snippet?
t
Yep, the same
d
Did you get the same error when you run cerbos locally?
t
I did not try locally, yet
d
Can you please try it locally?
t
will try it locally
In the meantime, I try with uploading the policies to a s3 bucket, publicly accessible. but does not work either
d
If it is public, can you DM me the bucket URL?
t
done
d
Cerbos instance running locally has cloned your S3 bucket
12 Views
Open in Slack
PreviousNext
Powered by