https://pact.io logo
Join Slack
Powered by
Hi. I'm seeing this in the pact broker logs: ```[p...
# pact-broker
d
Hi. I'm seeing this in the pact broker logs:
Copy code
[pact-broker-86f7555f4b-xsvp5] 22:31:58 I [security] -- Could not detect any credentials in cookies or headers
This appears to happen when we submit a pact publish or a can-i-deploy from the Pact Maven plugin. Is there a way for us to debug whether or not Pact Maven is picking up the token from the environment? We set it in the environment, but perhaps we didn't set it correctly. What's weird is the pact publish succeeds, but can-i-deploy fails:
Copy code
[ERROR] Failed to execute goal au.com.dius.pact.provider:maven:4.2.13:can-i-deploy (default-cli) on project storefrontxs-svc: Can you deploy? Computer says no �\_(?)_/� Request to path '/matrix?q[][pacticipant]=storefrontxs-svc&latestby=cvp&q[][version]=11c8924&latest=true&tag=master&ignore[][pacticipant]=fdbkexp' failed with response 'HTTP/1.1 401 Unauthorized' -> [Help 1]
When we run can-i-deploy locally it works fine. When I pass that path into the HAL browser it works fine. It's just a problem on Jenkins, but we can't figure out what the problem is
Also, I'm not seeing the 
can-i-deploy
command being received in the broker logs - just the pact publish and the pact verification and the webhooks firing
Not sure if this helps, but I see this in the Jenkins logs:
Copy code
22:47:31 WARNING: Invalid cookie header: "set-cookie: rack.session=eyJzZXNzaW9uX2lkIjoiOGY2OTcxMDkxZGFlZjc2ZjIyZWZmNDQ2MzFiMWVhNzAxZTFlNjRjYzZkNDE3ZjU2M2QxYjdiMDYxZDk5YTVmYSIsImNzcmYiOiJXZDdNcGRVVHlFcTQ2UDdNUFhYa2ZyVjMwUDVVL0wxTW9FZGQ5SmsxVW1vPSJ9--6ffdcd699ed83f60a0983d47002d0cc3971b8230; domain=<http://pactflow.qa.ebay.com|pactflow.qa.ebay.com>; path=/; expires=Tue, 15 Mar 2022 22:49:00 GMT; HttpOnly". Invalid 'expires' attribute: Tue, 15 Mar 2022 22:49:00 GMT
22:47:31 Mar 08, 2022 10:47:31 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies
22:47:31 WARNING: Invalid cookie header: "set-cookie: rack.session=eyJzZXNzaW9uX2lkIjoiOGY2OTcxMDkxZGFlZjc2ZjIyZWZmNDQ2MzFiMWVhNzAxZTFlNjRjYzZkNDE3ZjU2M2QxYjdiMDYxZDk5YTVmYSIsImNzcmYiOiJXZDdNcGRVVHlFcTQ2UDdNUFhYa2ZyVjMwUDVVL0wxTW9FZGQ5SmsxVW1vPSJ9--6ffdcd699ed83f60a0983d47002d0cc3971b8230; domain=<http://pactflow.qa.ebay.com|pactflow.qa.ebay.com>; path=/; expires=Tue, 15 Mar 2022 22:49:00 GMT; HttpOnly". Invalid 'expires' attribute: Tue, 15 Mar 2022 22:49:00 GMT
u
Pact-JVM uses the Apache HTTP client, which first tries an unauthenticated request, and then responds with the authenticated request after getting the challenge response. That may be causing the log entry you are seeing.
You can enable debug output from Maven with 
-X
command parameter
d
Yea that's already turned on, no real extra info
u
It should show the parameters passed to the Maven Mojo being executed
d
looking...
/opt/maven/maven-3.3.9/bin/mvn -f storefrontxs-svc/pom.xml -Dpactbroker.toTag=master -Dpactbroker.pacticipant=storefrontxs-svc -Dpactbroker.pacticipantVersion=11c8924 -Dpactbroker.url=${pactbroker.url} -Dpact.consumer.tags=mmukhsikaroyan/master/STRFRNT-2443 -Dignore=fdbkexp -U pact:can-i-deploy -B
But the token is set as an environment variable, so it won't show up in the call to the mo jo
Well, this is interesting - perhaps the token's not getting set...
Copy code
22:55:54 [DEBUG] Configuration: <?xml version="1.0" encoding="UTF-8"?>
22:55:54 <configuration>
22:55:54   <ignore>${ignore}</ignore>
22:55:54   <latest default-value="">${latest}</latest>
22:55:54   <pactBrokerAuthenticationScheme default-value="basic">bearer</pactBrokerAuthenticationScheme>
22:55:54   <pactBrokerInsecureTLS default-value="false">${pactBrokerInsecureTLS}</pactBrokerInsecureTLS>
22:55:54   <pactBrokerPassword>${pact.broker.password}</pactBrokerPassword>
22:55:54   <pactBrokerServerId>${pact.broker.serverId}</pactBrokerServerId>
22:55:54   <pactBrokerToken>${pactbroker.auth.token}</pactBrokerToken>
22:55:54   <pactBrokerUrl><https://pactflow.qa.ebay.com></pactBrokerUrl>
22:55:54   <pactBrokerUsername>${pact.broker.username}</pactBrokerUsername>
22:55:54   <pacticipant>storefrontxs-svc</pacticipant>
22:55:54   <pacticipantVersion>11c8924</pacticipantVersion>
22:55:54   <retriesWhenUnknown default-value="0">15</retriesWhenUnknown>
22:55:54   <retryInterval default-value="10">30</retryInterval>
22:55:54   <settings default-value="${settings}"/>
22:55:54   <to default-value="">master</to>
22:55:54 </configuration>
u
pactbroker.auth.token
is the JVM system property that needs to be set with the token from the environment
d
Understood. But other JVM system properties are getting set as a result of them being set in the environment... I believe. But now I don't know what I believe anymore. I have been successfully gaslighted 🙂
Well, I directly added it to the command-line and now it's working.
Even though other properties are not required that way, such as the toTag and the pacticipantVersion. Oh, except those are Jenkins parameters versus environment variables. Maybe Jenkins passes the parameters into the Maven build step automatically, but not so for environment variables...
u
I need to review all the system properties in Pact-JVM. Some have been added via PRs and they may not work in a consistent manor.
d
🏠
^^ a consistent manor
😆 2
OK, bad jokes aside, sounds good
Hey, I think we have an actual bug here
I had another user complaining about auth errors
In their case they set the token property directly in their POM and they were get 401 unauthorized. But when I passed in the token using -Dpactbroker.auth.token=<token> it worked
It's as if the Maven plugin only accepts the Java system property and completely ignores any settings in the pom
Actually, I would bet good money that's the problem 🙂
Copy code
<!-- pact broker -->
        <pactbroker.url><https://pactflow.qa.ebay.com></pactbroker.url>
        <pactbroker.auth.token>BBoKzIDUWtQp4w05DQgkdQ</pactbroker.auth.token>
        <pact.git.version>${git.commit.id.abbrev}</pact.git.version>
        <pact.tag>${git.branch}</pact.tag>
And then
Copy code
<configuration>
                            <systemPropertyVariables>
                                <pact.verifier.publishResults>false</pact.verifier.publishResults>
                                <pactbroker.url>${pactbroker.url}</pactbroker.url>
                                <pactBrokerAuthenticationScheme>bearer</pactBrokerAuthenticationScheme>
                                <pactBrokerToken>${pactbroker.auth.token}</pactBrokerToken>
Still got a 401. The only solution was 
-Dpactbroker.auth.token=<token>
on the command line
u
Can you raise a Github issue for this?
d
Sure, can you point me to the appropriate repo? There are a number of them, just want to make sure I've got the right one
u
a
Was an issue raised for this? I am seeing similar problems when trying to publish from a Gradle project
d
Sorry, I will do that now
🙂 1
32 Views
Open in Slack
PreviousNext
Powered by