https://datahubproject.io logo
Join Slack
Powered by
I have all containers to v0.8.33 tag but “linkedin...
# troubleshoot
k
I have all containers to v0.8.33 tag but “linkedin/datahub-frontend-react” was 
v0.8.17
and I updated it to 
v0.8.33
. After the deployment the UI crashed and this is the error I have from the logs:
Copy code
! @7nf015ap6 - Internal server error, for (GET) [/callback/oidc?state=LqmnUiAvYgUGt98yM69UMRPG24DNJMAazoGGCH66Fkw&code=4/0AX4XfWg4uU9YpUKuVYjja_NgSZ0r7n4HTGM_Gpg87fxx4ODyQDVde1tIC0jPB7nEzaVjSw&scope=email%20profile%20<https://www.googleapis.com/auth/userinfo.profile%20openid%20https://www.googleapis.com/auth/userinfo.email&authuser=1&hd=sennder.com&prompt=none>] ->
 
play.api.UnexpectedException: Unexpected exception[CompletionException: org.pac4j.core.exception.TechnicalException: Bad token response, error=invalid_grant]
e
Hi @kind-psychiatrist-76973 just to confirm do you have OIDC setup for DataHub?
It looks like you’re using Google authentication?
If so, can you confirm that you followed all the steps here? I wonder if there is something incompatible with the setup you had previously in `v0.8.33`https://datahubproject.io/docs/how/auth/sso/configure-oidc-react-google/
k
yes 
Google authentication
from the helmfile.yaml
Copy code
releases:
- name: "datahub-secrets"
  chart: "k8s-as-helm/secret"
  version: "1.0.4"
  values:
    - secretData:
        db_password: {{ requiredEnv "DB_PASSWORD" | quote }}
        elasticsearch_password: "elastic_monkey"
        oidc_client_secret: {{ requiredEnv "GOOGLE_OAUTH_CLIENT_SECRET" | quote }}
Copy code
# for OIDC user authentication: <https://datahubproject.io/docs/how/auth/sso/configure-oidc-react-google>
    - datahub-frontend:
        enabled: true
        image:
          repository: linkedin/datahub-frontend-react
          tag: "v0.8.17"
        service:
          type: ClusterIP
        ingress:
          enabled: true
          annotations:
            <http://kubernetes.io/ingress.class|kubernetes.io/ingress.class>: nginx
            <http://nginx.ingress.kubernetes.io/ssl-redirect|nginx.ingress.kubernetes.io/ssl-redirect>: "true"
            <http://cert-manager.io/cluster-issuer|cert-manager.io/cluster-issuer>: {{ .Values | get "issuer" }}
          hosts:
            - host: {{ .Values | get "domain" }}
              paths:
                - "/"
          tls:
            - secretName: {{ .Values | get "tls-secret" }}
              hosts:
                - {{ .Values | get "domain" }}
        extraEnvs:
          - name: AUTH_OIDC_ENABLED
            value: "true"
          - name: AUTH_OIDC_CLIENT_ID
            value: <http://xxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com|xxxxxx-xxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com>
          - name: AUTH_OIDC_CLIENT_SECRET
            valueFrom:
              secretKeyRef:
                name: datahub-secrets
                key: oidc_client_secret
          - name: AUTH_OIDC_DISCOVERY_URI
            value: <https://accounts.google.com/.well-known/openid-configuration>
          - name: AUTH_OIDC_BASE_URL
            value: https://{{ .Values | get "domain" }}
          - name: AUTH_OIDC_SCOPE
            value: "openid profile email"
          - name: AUTH_OIDC_USER_NAME_CLAIM
            value: email
          - name: AUTH_OIDC_USER_NAME_CLAIM_REGEX
            value: ([^@]+)
          # User and groups provisioning
          - name: AUTH_OIDC_JIT_PROVISIONING_ENABLED
            value: "true"
          - name: AUTH_OIDC_PRE_PROVISIONING_REQUIRED
            value: "false"
          - name: AUTH_OIDC_EXTRACT_GROUPS_ENABLED
            value: "true"
It was setup by a former employee not me but it has been working for months
for sure he followed that tutorial
e
Got it! I notice that the tag here still says 
v0.18.17
. Is that right?
k
Yes, as I said, with 
v0.18.17
is works, If I update to 
v0.8.33
like the other containers, I get the error mentioned in this thread.
e
Hey @kind-psychiatrist-76973 sorry for the delay here, I’ll look into this more and get back to you
k
I still getting the error:
Copy code
root@sh:/datahub# datahub ingest -c ./metadata-ingestion/recipes/snowflake_to_datahub_rest.yml
1 validation error for PipelineConfig
pipeline_name
  extra fields not permitted (type=value_error.extra)
Unfortunately it’s not verbose enough so I can’t see which ones are the extra parameters
Open in Slack
PreviousNext
Powered by