Hi we're having trouble enabling OIDC Auth we're u...
# troubleshoots
strong-spoon-1980
04/01/2022, 4:56 PMHi we're having trouble enabling OIDC Auth we're using version 2.62 of the helm chart and we've done the suggested config from this issue and we've also tried without quoting it. We're seeing this on the frontend pod --
Copy code
Caused by: com.typesafe.config.ConfigException$WrongType: env variables: auth.oidc.enabled has type STRING rather than BOOLEAN Copy code
extraEnvs:
- name: "AUTH_OIDC_ENABLED"
value: "true" (have also tried just plain true)
- name: "AUTH_OIDC_CLIENT_ID"
value: "SNIP"
- name: "AUTH_OIDC_DISCOVERY_URI"
value: "<https://accounts.google.com/.well-known/openid-configuration>"
- name: "AUTH_OIDC_BASE_URL"
value: "SNIP"
- name: "AUTH_OIDC_SCOPE"
value: "openid profile email"
- name: "AUTH_OIDC_USER_NAME_CLAIM"
value: "email"
- name: "AUTH_OIDC_USER_NAME_CLAIM_REGEX"
value: "([^@]+)"
- name: "AUTH_OIDC_CLIENT_SECRET"
value: "SNIP"strong-spoon-1980
04/01/2022, 4:57 PM Copy code
4) Error injecting constructor, com.typesafe.config.ConfigException$WrongType: env variables: auth.oidc.enabled has type STRING rather than BOOLEAN
at controllers.CentralLogoutController.<init>(CentralLogoutController.java:20)
while locating controllers.CentralLogoutController
for the 5th parameter of router.Routes.<init>(Routes.scala:45)
while locating router.Routes
while locating play.api.inject.RoutesProvider
while locating play.api.routing.Router
for the 1st parameter of play.api.http.JavaCompatibleHttpRequestHandler.<init>(HttpRequestHandler.scala:217)
while locating play.api.http.JavaCompatibleHttpRequestHandler
while locating play.api.http.HttpRequestHandler
for the 6th parameter of play.api.DefaultApplication.<init>(Application.scala:236)
at play.api.DefaultApplication.class(Application.scala:235)
while locating play.api.DefaultApplication
while locating play.api.Application
for the 1st parameter of play.DefaultApplication.<init>(DefaultApplication.java:32)
at play.DefaultApplication.class(DefaultApplication.java:32)
while locating play.DefaultApplication
Caused by: com.typesafe.config.ConfigException$WrongType: env variables: auth.oidc.enabled has type STRING rather than BOOLEAN
at com.typesafe.config.impl.SimpleConfig.findKeyOrNull(SimpleConfig.java:163)
at com.typesafe.config.impl.SimpleConfig.findOrNull(SimpleConfig.java:174)
at com.typesafe.config.impl.SimpleConfig.findOrNull(SimpleConfig.java:180)
at com.typesafe.config.impl.SimpleConfig.findOrNull(SimpleConfig.java:180)
at com.typesafe.config.impl.SimpleConfig.find(SimpleConfig.java:188)
at com.typesafe.config.impl.SimpleConfig.find(SimpleConfig.java:193)
at com.typesafe.config.impl.SimpleConfig.getBoolean(SimpleConfig.java:218)
at controllers.CentralLogoutController.<init>(CentralLogoutController.java:26)
at controllers.CentralLogoutController$$FastClassByGuice$$900ad7a4.newInstance(<generated>)
at com.google.inject.internal.DefaultConstructionProxyFactory$FastClassProxy.newInstance(DefaultConstructionProxyFactory.java:89)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:114)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.InjectorImpl$1.get(InjectorImpl.java:1050)
at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1086)
at play.api.inject.guice.GuiceInjector.instanceOf(GuiceInjectorBuilder.scala:409)
at play.api.inject.ContextClassLoaderInjector$$anonfun$instanceOf$3.apply(Injector.scala:118)
at play.api.inject.ContextClassLoaderInjector.withContext(Injector.scala:126)
at play.api.inject.ContextClassLoaderInjector.instanceOf(Injector.scala:118)
at play.api.inject.RoutesProvider$$anonfun$2.apply(BuiltinModule.scala:107)
at play.api.inject.RoutesProvider$$anonfun$2.apply(BuiltinModule.scala:107)
at scala.Option.fold(Option.scala:158)
at play.api.inject.RoutesProvider.get$lzycompute(BuiltinModule.scala:107)
at play.api.inject.RoutesProvider.get(BuiltinModule.scala:103)
at play.api.inject.RoutesProvider.get(BuiltinModule.scala:102)
at com.google.inject.internal.ProviderInternalFactory.provision(ProviderInternalFactory.java:85)
at com.google.inject.internal.BoundProviderFactory.provision(BoundProviderFactory.java:77)
at com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.java:59)
at com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.java:61)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
at com.google.inject.internal.FactoryProxy.get(FactoryProxy.java:62)
at com.google.inject.internal.SingleParameterInjector.inject(SingleParameterInjector.java:42)
at com.google.inject.internal.SingleParameterInjector.getAll(SingleParameterInjector.java:65)
at com.google.inject.internal.ConstructorInjector.provision(ConstructorInjector.java:113)
at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:91)
at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:306)
at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40)
at com.google.inject.internal.SingletonScope$1.get(SingletonScope.java:168)
at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:39)
at com.google.inject.internal.InternalInjectorCreator.loadEagerSingletons(InternalInjectorCreator.java:211)
at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:182)
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:109)
at com.google.inject.Guice.createInjector(Guice.java:87)
at com.google.inject.Guice.createInjector(Guice.java:78)
at play.api.inject.guice.GuiceBuilder.injector(GuiceInjectorBuilder.scala:185)
at play.inject.guice.GuiceBuilder.injector(GuiceBuilder.java:221)
at play.inject.guice.GuiceApplicationBuilder.build(GuiceApplicationBuilder.java:156)
at play.inject.guice.GuiceApplicationLoader.load(GuiceApplicationLoader.java:34)
at play.api.ApplicationLoader$JavaApplicationLoaderAdapter$1.load(ApplicationLoader.scala:87)
at play.core.server.ProdServerStart$.start(ProdServerStart.scala:51)
at play.core.server.ProdServerStart$.main(ProdServerStart.scala:25)
at play.core.server.ProdServerStart.main(ProdServerStart.scala)
4 errors
at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:543)
at com.google.inject.internal.InternalInjectorCreator.injectDynamically(InternalInjectorCreator.java:186)
at com.google.inject.internal.InternalInjectorCreator.build(InternalInjectorCreator.java:109)
at com.google.inject.Guice.createInjector(Guice.java:87)
at com.google.inject.Guice.createInjector(Guice.java:78)
at play.api.inject.guice.GuiceBuilder.injector(GuiceInjectorBuilder.scala:185)
at play.inject.guice.GuiceBuilder.injector(GuiceBuilder.java:221)
at play.inject.guice.GuiceApplicationBuilder.build(GuiceApplicationBuilder.java:156)
at play.inject.guice.GuiceApplicationLoader.load(GuiceApplicationLoader.java:34)
at play.api.ApplicationLoader$JavaApplicationLoaderAdapter$1.load(ApplicationLoader.scala:87)
at play.core.server.ProdServerStart$.start(ProdServerStart.scala:51)
at play.core.server.ProdServerStart$.main(ProdServerStart.scala:25)
at play.core.server.ProdServerStart.main(ProdServerStart.scala)i
incalculable-ocean-74010
04/01/2022, 5:00 PMHello Ian,
Have you tried:
Copy code
extraEnvs:
- name: AUTH_OIDC_ENABLED
value: "true"s
strong-spoon-1980
04/01/2022, 5:03 PMLet me try that
strong-spoon-1980
04/01/2022, 5:13 PMThis results in the same error
i
incalculable-ocean-74010
04/01/2022, 5:16 PMThis is a k8s deployment right?
s
strong-spoon-1980
04/01/2022, 5:16 PMYup correct
i
incalculable-ocean-74010
04/01/2022, 5:16 PMCan you run
kubectl describe pod/<frontend-pod>s
strong-spoon-1980
04/01/2022, 5:16 PMSure one sec
strong-spoon-1980
04/01/2022, 5:17 PM Copy code
Name: datahub-datahub-frontend-6bfb64c7c-pmnnx
Namespace: default
Priority: 0
Node: ip-10-69-130-131.ec2.internal/10.69.130.131
Start Time: Fri, 01 Apr 2022 13:13:02 -0400
Labels: <http://app.kubernetes.io/instance=datahub|app.kubernetes.io/instance=datahub>
<http://app.kubernetes.io/name=datahub-frontend|app.kubernetes.io/name=datahub-frontend>
pod-template-hash=6bfb64c7c
Annotations: <http://kubernetes.io/psp|kubernetes.io/psp>: eks.privileged
Status: Running
IP: 10.69.130.20
IPs:
IP: 10.69.130.20
Controlled By: ReplicaSet/datahub-datahub-frontend-6bfb64c7c
Containers:
datahub-frontend:
Container ID: <docker://0884034909f02aca931c51374393e1144cf81005138064fc205f6e408b95cf5>b
Image: linkedin/datahub-frontend-react:v0.8.31
Image ID: <docker-pullable://linkedin/datahub-frontend-react@sha256:6250cf2c0f49bec64cf1635aca03366af6ebcdfb121b644dc523a5fb186f2d07>
Port: 9002/TCP
Host Port: 0/TCP
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 255
Started: Fri, 01 Apr 2022 13:16:12 -0400
Finished: Fri, 01 Apr 2022 13:16:16 -0400
Ready: False
Restart Count: 5
Liveness: http-get http://:http/admin delay=60s timeout=1s period=30s #success=1 #failure=4
Readiness: http-get http://:http/admin delay=60s timeout=1s period=30s #success=1 #failure=4
Environment:
DATAHUB_GMS_HOST: datahub-datahub-gms
DATAHUB_GMS_PORT: 8080
DATAHUB_SECRET: <set to the key 'datahub.gms.secret' in secret 'datahub-gms-secret'> Optional: false
DATAHUB_APP_VERSION: 1.0
DATAHUB_PLAY_MEM_BUFFER_SIZE: 10MB
DATAHUB_ANALYTICS_ENABLED: true
KAFKA_BOOTSTRAP_SERVER: <http://b-1.datahub.8orsjz.c20.kafka.us-east-1.amazonaws.com:9092|b-1.datahub.8orsjz.c20.kafka.us-east-1.amazonaws.com:9092>
ELASTIC_CLIENT_HOST: <http://vpc-datahub-elastic-kt7vx4gtqmg5qm6mkxuidvjex4.us-east-1.es.amazonaws.com|vpc-datahub-elastic-kt7vx4gtqmg5qm6mkxuidvjex4.us-east-1.es.amazonaws.com>
ELASTIC_CLIENT_PORT: 443
ELASTIC_CLIENT_USE_SSL: true
DATAHUB_TRACKING_TOPIC: DataHubUsageEvent_v1
METADATA_SERVICE_AUTH_ENABLED: true
DATAHUB_SYSTEM_CLIENT_ID: __datahub_system
DATAHUB_SYSTEM_CLIENT_SECRET: <set to the key 'token_service_signing_key' in secret 'datahub-auth-secrets'> Optional: false
NOP: NOP
AUTH_OIDC_ENABLED: 'true'
AUTH_OIDC_CLIENT_ID:
AUTH_OIDC_DISCOVERY_URI: <https://accounts.google.com/.well-known/openid-configuration>
AUTH_OIDC_BASE_URL:
AUTH_OIDC_SCOPE: openid profile email
AUTH_OIDC_USER_NAME_CLAIM: email
AUTH_OIDC_USER_NAME_CLAIM_REGEX: ([^@]+)
AUTH_OIDC_CLIENT_SECRET:
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-x8l9s (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-x8l9s:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: <http://node.kubernetes.io/not-ready:NoExecute|node.kubernetes.io/not-ready:NoExecute> op=Exists for 300s
<http://node.kubernetes.io/unreachable:NoExecute|node.kubernetes.io/unreachable:NoExecute> op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 4m5s default-scheduler Successfully assigned default/datahub-datahub-frontend-6bfb64c7c-pmnnx to ip-10-69-130-131.ec2.internal
Normal Pulled 2m22s (x5 over 4m4s) kubelet Container image "linkedin/datahub-frontend-react:v0.8.31" already present on machine
Normal Created 2m22s (x5 over 4m4s) kubelet Created container datahub-frontend
Normal Started 2m22s (x5 over 4m4s) kubelet Started container datahub-frontend
Warning BackOff 2m5s (x10 over 3m54s) kubelet Back-off restarting failed containerstrong-spoon-1980
04/01/2022, 5:17 PMIt's a quoted string, I also edited the output to remove the sensitive vars
i
incalculable-ocean-74010
04/01/2022, 5:19 PMYou used double quotes on the values.yaml and not 2 single quotes right?
incalculable-ocean-74010
04/01/2022, 5:19 PMThis is very strange, looks like a templating issue, not necessary datahub related.
s
strong-spoon-1980
04/01/2022, 5:19 PMIt's worked on previous versions though which is why I'm skeptical
strong-spoon-1980
04/01/2022, 5:20 PMAt least according to the issue I linked
strong-spoon-1980
04/01/2022, 5:20 PMBut yes double quoted
i
incalculable-ocean-74010
04/01/2022, 5:20 PMSo you deployed datahub in the past and it worked with the config you had before?
incalculable-ocean-74010
04/01/2022, 5:20 PMWhat version of the charts did you use?
incalculable-ocean-74010
04/01/2022, 5:20 PMthat worked
s
strong-spoon-1980
04/01/2022, 5:20 PMNo no, but the people in the linked issue said it worked
strong-spoon-1980
04/01/2022, 5:21 PMi
incalculable-ocean-74010
04/01/2022, 5:21 PMIf you deploy with
trues
strong-spoon-1980
04/01/2022, 5:22 PMI've already tried that and had gotten the same issue so I imagine it'll be quoted but let me run it again and I'll do the describe just to be sure
👍 1
strong-spoon-1980
04/01/2022, 5:29 PMYup, same result
Copy code
AUTH_OIDC_ENABLED: 'true'strong-spoon-1980
04/01/2022, 5:29 PMIt's weird because none of the other values are being quoted like that it's specifically on AUTH_OIDC_ENABLED
strong-spoon-1980
04/01/2022, 5:29 PM Copy code
AUTH_OIDC_DISCOVERY_URI: <https://accounts.google.com/.well-known/openid-configuration>strong-spoon-1980
04/01/2022, 5:29 PMFor instance
i
incalculable-ocean-74010
04/01/2022, 6:13 PMFor future reference: Issue was an indentation issue, problem is fixed :)
2 Views