Re: Gerrit GitHub plugin w/GitHub Enterprise

[Luca Milanesio]

Hi Jay,
first of all, it would be useful to share the Q&A on the Gerrit mailing list ... so hope you don't mind I am CCing the repo-discuss :-)

Secondly, thanks for having a look on the GitHub plugin ! Many people and organisations think GitHub:Enterprise as alternative and simpler solution to Gerrit ... I am convinced that this is wrong as they are just different solutions to different problems !
There has been discussions on allowing forks in Gerrit projects too, it could be in theory feasible but just not sensible for the majority of the company and teams using Gerrit.
The use of GitHub and Gerrit together allows two different type of use-cases to work magically together ;-)

Third, your point is correct: I designed the GitHub plugin having in mind the public GitHub as main use-case:
a) Support for GitHub OAuth-2
b) SSO with Gerrit and auto-provisioning of the Gerrit account from GitHub profile and keys
c) Semi-automatic import and configuration of GitHub repositories and their replication
d) Import and integration of the GitHub pull requests into Gerrit Patch-sets

When companies buy and use GitHub:Enterprise (a different branch of the public GitHub product), typically use it in conjunction with:
- existing LDAP infrastructure
- existing Security policies and User profiles (potentially even SSH keys)

This means that some of the contribution of the current plugins are not useful for the GitHub:Enterprise use-case:
a) Not needed: Gerrit already supports LDAP out of the box
b) Not needed: Gerrit already does auto-provisioning of LDAP accounts at first login (NOTE: SSH keys import is not supported yet though !)
c) Potentially useful *BUT* the current mechanism implemented relies on OAuth Tokens stored in secure.config (you may want to change / disable that when using GitHub:Enterprise)
d) This could stay as-is, but disabling the OAuth SSO

As you can see it is not just a matter of changing the GitHub API end-point :-)

The GitHub plugin started as open-source contribution for building the GerritHub service (http://gerrithub.io) that after only 2 months from its launch has already ~ 800 users !
Even if you are the very first user trying to configure it with GitHub:Enterprise, I am sure that your contributions are going to be useful to the entire OpenSource community.

Bottom line is: I don't have GitHub:Enterprise and have no immediate plan to install and develop against it, but if you can extend the plugin to support your scenario, I would be happy to review your changes !

Should you have any question, feel free to post your reply to the mailing list.

Luca.


On 16 Jan 2014, at 18:45, Jay Soffian <jayso...@gmail.com> wrote:

> Luca,
>
> I'm working on setting up Gerrit in a setting where we use GitHub
> Enterprise. I'd like to make use of your excellent GitHub plugin, but
> it seems to be designed to work only with github.com
>
> In particular, there's already an SSO system in place which handles
> the auth for both Gerrit and GitHub Enterprise. In this situation,
> OAuth is (I think) redundant. I'm also not sure if GitHub Enterprise
> properly supports being an OAuth service provider (the UI is there for
> configuring it, but I'm not clear whether it's actually available via
> the API, although it may just be at a different URL[1, 2]).
>
> [1] https://twitter.com/fernandezpablo/status/312389762017263617
> [2] https://github.com/jenkinsci/github-oauth-plugin/pull/11
>
> So minimally, it looks like I'm going to need to modify how the plugin
> "logs in" to GitHub Enterprise.
>
> Any thoughts, comments?
>
> BTW, I had to make a few small changes to work with Gerrit-2.8.1. How
> would you like me to send you these changes?
>
> Thanks,
>
> j.

[Jay Soffian]

On Thu, Jan 16, 2014 at 6:39 PM, Luca Milanesio
<luca.mi...@gmail.com> wrote:
> Hi Jay,

> first of all, it would be useful to share the Q&A on the Gerrit mailing list … so hope you don't mind I am CCing the repo-discuss :-)

Not at all!

> Third, your point is correct: I designed the GitHub plugin having in mind the public GitHub as main use-case:
> a) Support for GitHub OAuth-2
> b) SSO with Gerrit and auto-provisioning of the Gerrit account from GitHub profile and keys
> c) Semi-automatic import and configuration of GitHub repositories and their replication
> d) Import and integration of the GitHub pull requests into Gerrit Patch-sets

"c" and "d" are obviously the ones I'm interested in, more so (d).

> This means that some of the contribution of the current plugins are not useful for the GitHub:Enterprise use-case:
> a) Not needed: Gerrit already supports LDAP out of the box
> b) Not needed: Gerrit already does auto-provisioning of LDAP accounts at first login (NOTE: SSH keys import is not supported yet though !)
> c) Potentially useful *BUT* the current mechanism implemented relies on OAuth Tokens stored in secure.config (you may want to change / disable that when using GitHub:Enterprise)
> d) This could stay as-is, but disabling the OAuth SSO

Yup. But from what I can tell, disabling the OAuth SSO also breaks
"d". But I only just started diving into the code. The issue is that
the plugin obviously needs to be able to auth against
GitHub:Enterprise in order to access the API on behalf of the user.
The mechanism for that is via OAuth. But I don't see a way to disable
having the plugin handle authentication w/o that also disabling its
ability to use the API.

> As you can see it is not just a matter of changing the GitHub API end-point :-)

Right.

> The GitHub plugin started as open-source contribution for building the GerritHub service (http://gerrithub.io) that after only 2 months from its launch has already ~ 800 users !
> Even if you are the very first user trying to configure it with GitHub:Enterprise, I am sure that your contributions are going to be useful to the entire OpenSource community.
>
> Bottom line is: I don't have GitHub:Enterprise and have no immediate plan to install and develop against it, but if you can extend the plugin to support your scenario, I would be happy to review your changes !

Great, thanks. I assume you want contributions at
https://gerrit-review.googlesource.com/

j.

[Luca Milanesio]

On 17 Jan 2014, at 17:47, Jay Soffian <jayso...@gmail.com> wrote:

> On Thu, Jan 16, 2014 at 6:39 PM, Luca Milanesio
> <luca.mi...@gmail.com> wrote:
>> Hi Jay,
>> first of all, it would be useful to share the Q&A on the Gerrit mailing list … so hope you don't mind I am CCing the repo-discuss :-)
>
> Not at all!
>
>> Third, your point is correct: I designed the GitHub plugin having in mind the public GitHub as main use-case:
>> a) Support for GitHub OAuth-2
>> b) SSO with Gerrit and auto-provisioning of the Gerrit account from GitHub profile and keys
>> c) Semi-automatic import and configuration of GitHub repositories and their replication
>> d) Import and integration of the GitHub pull requests into Gerrit Patch-sets
>
> "c" and "d" are obviously the ones I'm interested in, more so (d).

That what I thought ;-)

>
>> This means that some of the contribution of the current plugins are not useful for the GitHub:Enterprise use-case:
>> a) Not needed: Gerrit already supports LDAP out of the box
>> b) Not needed: Gerrit already does auto-provisioning of LDAP accounts at first login (NOTE: SSH keys import is not supported yet though !)
>> c) Potentially useful *BUT* the current mechanism implemented relies on OAuth Tokens stored in secure.config (you may want to change / disable that when using GitHub:Enterprise)
>> d) This could stay as-is, but disabling the OAuth SSO
>
> Yup. But from what I can tell, disabling the OAuth SSO also breaks
> "d". But I only just started diving into the code. The issue is that
> the plugin obviously needs to be able to auth against
> GitHub:Enterprise in order to access the API on behalf of the user.

True, but should the two registry be using the same LDAP server, the credentials could be the same ones verified by Gerrit.
Alternatively the OAuth could still be performed as additional step: even when you use GitHub:Enterprise behind LDAP auth it acts as OAuth provider anyway.

> The mechanism for that is via OAuth. But I don't see a way to disable
> having the plugin handle authentication w/o that also disabling its
> ability to use the API.
>
>> As you can see it is not just a matter of changing the GitHub API end-point :-)
>
> Right.
>
>> The GitHub plugin started as open-source contribution for building the GerritHub service (http://gerrithub.io) that after only 2 months from its launch has already ~ 800 users !
>> Even if you are the very first user trying to configure it with GitHub:Enterprise, I am sure that your contributions are going to be useful to the entire OpenSource community.
>>
>> Bottom line is: I don't have GitHub:Enterprise and have no immediate plan to install and develop against it, but if you can extend the plugin to support your scenario, I would be happy to review your changes !
>
> Great, thanks. I assume you want contributions at
> https://gerrit-review.googlesource.com/

Yes, indeed.

One suggestions: do small changes to achieve small steps, one at a time.
That would make the review and approval much easier.

Luca.

[Randall Hand]

Was there ever any headway on this?  As part of an org that has a GitHub for Enterprise install running, we'ld like to deploy Gerrit for a better code-review tool (Pull-requests just aren't scaling for us anymore).  

We've got a working Gerrit VM, but it seems the Github plugin for Gerrit assumes all github's are the main github.com, and it fails to connect to our internal server.

[Luca Milanesio]

Dear Randall,

as mentioned in my last post, I would be more than happy to have you guys on-board contributing to the GitHub plugin project:

https://gerrit-review.googlesource.com/#/admin/projects/plugins/github

Changing the API endpoint URL and making it configurable shouldn't be a massive change.

Luca.

--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jay Soffian]

On Thu, Jul 17, 2014 at 9:51 AM, Randall Hand <rh...@magicleap.com> wrote:
> Was there ever any headway on this? As part of an org that has a GitHub for
> Enterprise install running, we'ld like to deploy Gerrit for a better
> code-review tool (Pull-requests just aren't scaling for us anymore).
>
> We've got a working Gerrit VM, but it seems the Github plugin for Gerrit
> assumes all github's are the main github.com, and it fails to connect to our
> internal server.

I ended up writing a stand-alone proxy that opens a PR in GitHub
Enterprise for every incoming change, then relays any status updates
to the PR back into Gerrit. This ended up making more sense for us
than the GitHub plugin

j.

[Abhishek Mitra]

Hi Luca,

I am really sorry to come to the party. Just recently started working with GitHub enterprise edition and Gerrit.

I am trying tointegrate the two and followed your instructions given in https://www.packtpub.com/books/content/using-gerrit-github.

I have created the github-oauth-2.8.jar and github-plugin-2.8.jar and have registered the in house Gerrit application in the enterprise GitHub .

But when I try to login to Gerrit, I get an error message "Request for access token not authorised".

While checking the log, I see the following trace:

[2017-10-11 02:49:30,639] ERROR com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol : POST https://github-lvs.corpzone.internalzone.com/login/oauth/access_token request for access token failed

java.io.IOException: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}

at org.kohsuke.github.Requester.handleApiError(Requester.java:367)

at org.kohsuke.github.Requester._to(Requester.java:202)

at org.kohsuke.github.Requester.to(Requester.java:154)

at org.kohsuke.github.GitHub.getMyself(GitHub.java:239)

at org.kohsuke.github.GitHub.<init>(GitHub.java:128)

at org.kohsuke.github.GitHub.<init>(GitHub.java:75)

at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:181)

at com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol.loginPhase2(OAuthProtocol.java:178)

at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:89)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1307)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:453)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1072)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:382)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1006)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)

at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:67)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)

at org.eclipse.jetty.server.Server.handle(Server.java:365)

at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)

at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:926)

at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:988)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:635)

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)

at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)

at java.lang.Thread.run(Unknown Source)

Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/user

at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)

at org.kohsuke.github.Requester.parse(Requester.java:323)

at org.kohsuke.github.Requester._to(Requester.java:200)

... 30 more

[2017-10-11 02:49:30,645] WARN  org.eclipse.jetty.servlet.ServletHandler : /oauth

java.lang.NullPointerException

at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:89)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1307)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:453)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:229)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1072)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:382)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1006)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)

at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:67)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)

at org.eclipse.jetty.server.Server.handle(Server.java:365)

at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:485)

at org.eclipse.jetty.server.AbstractHttpConnection.headerComplete(AbstractHttpConnection.java:926)

at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.headerComplete(AbstractHttpConnection.java:988)

at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:635)

at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235)

at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:627)

at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:51)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)

at java.lang.Thread.run(Unknown Source)

From the error message I can see it is due to Bad credentials, but I am not sure what that means.

I had created the ssh keys and have added it to GitHub under my user profile.

Can you please help me out? I will very much appreciate it.

Details of my application:

GitHub Enterprise 2.10

Gerrit 2.8

github-oauth-2.8.jar - in lib folder

github-plugin-2.8.jar - in plugins folder.

Content of gerrit.config:

[gerrit] basePath = git canonicalWebUrl = http://<Gerrit site>:8085/ [database] type = H2 database = db/ReviewDB [auth] type = HTTP httpHeader = GITHUB_USER loginUrl = /login httpDisplayNameHeader = GITHUB_NAME httpEmailHeader = GITHUB_EMAIL logoutUrl = /oauth/reset [sendemail] smtpServer = localhost [container] user = <admin user> javaHome = C:\\Program Files\\Java\\jre1.8.0_92 [sshd] listenAddress = *:29418 [httpd] listenUrl = http://<Gerrit site>:8085/

filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter [cache] directory = cache [github] url = <Enterprise GitHub url> clientId = <client ID created in enterprise GitHub> clientSecret = <client secret created in enterprise github>

P.S: If I repeat the process for https://github.com instead of the Entreprise offering, I am able to login without any issues.

Regards,

Abhishek

[Luca Milanesio]

On 11 Oct 2017, at 10:59, Abhishek Mitra <abhi....@gmail.com> wrote:

Hi Luca,

I am really sorry to come to the party.

Why? :-)

Just recently started working with GitHub enterprise edition and Gerrit.

Cool.

I am trying tointegrate the two and followed your instructions given in https://www.packtpub.com/books/content/using-gerrit-github.

Bearing in mind that the book is 4 years old :-)

I have created the github-oauth-2.8.jar and github-plugin-2.8.jar and have registered the in house Gerrit application in the enterprise GitHub .

Created?

Maybe you have the bad credentials configured?

You have just put the wrong OAuth credentials in the gerrit.config?

I had created the ssh keys and have added it to GitHub under my user profile.

Nothing to do with SSH here. OAuth is HTTP based.

Can you please help me out? I will very much appreciate it.

Details of my application:

GitHub Enterprise 2.10

Gerrit 2.8

github-oauth-2.8.jar - in lib folder

github-plugin-2.8.jar - in plugins folder.

2.8 is pretty much obsolete :-(

Not sure anyone would be willing to make any fix on it :-(

Content of gerrit.config:

[gerrit] basePath = git canonicalWebUrl = http://<Gerrit site>:8085/ [database] type = H2 database = db/ReviewDB [auth] type = HTTP httpHeader = GITHUB_USER loginUrl = /login httpDisplayNameHeader = GITHUB_NAME httpEmailHeader = GITHUB_EMAIL logoutUrl = /oauth/reset [sendemail] smtpServer = localhost [container] user = <admin user> javaHome = C:\\Program Files\\Java\\jre1.8.0_92 [sshd] listenAddress = *:29418 [httpd] listenUrl = http://<Gerrit site>:8085/

filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter [cache] directory = cache [github] url = <Enterprise GitHub url> clientId = <client ID created in enterprise GitHub> clientSecret = <client secret created in enterprise github>

P.S: If I repeat the process for https://github.com instead of the Entreprise offering, I am able to login without any issues.

Regards,

Abhishek

[Abhishek Mitra]

Hi Luca,

Thanks for your quick reply!!!!

I took your advice on board and tried with the latest stable release of Gerrit (2.14.4 ) and built the plugins (both ouath and github) from the stable-2.14 branch.

I then did an init after placing them in the lib and plugin folders .

However, this time around, I am encountering a different error:

o.e.j.s.ServletContextHandler@3e7940b3{/,null,AVAILABLE}

[2017-10-11 21:29:37,659] [main] INFO  org.eclipse.jetty.server.AbstractConnector : Started ServerConnector@7c74ef4a{HTTP/1.1,[http/1.1]}{openbuild2.mcafee.int:8085}

[2017-10-11 21:29:37,660] [main] INFO  org.eclipse.jetty.server.Server : Started @24635ms

[2017-10-11 21:29:37,662] [main] INFO  com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.14.4 ready

[2017-10-11 21:29:56,649] [HTTP-70] WARN  org.eclipse.jetty.servlet.ServletHandler : /oauth

java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/user

at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

at java.lang.reflect.Constructor.newInstance(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection$10.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)

at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)

at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)

at org.kohsuke.github.Requester.parse(Requester.java:461)

at org.kohsuke.github.Requester._to(Requester.java:227)

at org.kohsuke.github.Requester.to(Requester.java:194)

at org.kohsuke.github.GitHub.getMyself(GitHub.java:271)

at org.kohsuke.github.GitHub.<init>(GitHub.java:147)

at org.kohsuke.github.GitHubBuilder.build(GitHubBuilder.java:195)

at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.getHub(GitHubLogin.java:152)

at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:135)

at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:105)

at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.login(OAuthWebFilter.java:123)

at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:89)

at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:82)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:56)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)

at org.eclipse.jetty.server.Server.handle(Server.java:534)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:320)

When I hit https://api.github.com/user , I get the response : "message": "Requires authentication",

Is there something I am missing here?

Contents of my gerrit.config are as follows:

[gerrit]

basePath = git

serverId = 4f0520c9-b7eb-4fb2-ac5c-d8653198f5ec

canonicalWebUrl = <URL>

[database]

type = h2

database = db/ReviewDB

[index]

type = LUCENE

[auth]

type = HTTP

httpHeader = GITHUB_USER

loginUrl = /login

httpDisplayNameHeader = GITHUB_NAME

httpEmailHeader = GITHUB_EMAIL

logoutUrl = /oauth/reset

httpExternalIdHeader = GITHUB_OAUTH_TOKEN

loginText = Sign-in with GitHub

registerPageUrl = "/#/register"

[receive]

enableSignedPush = false

[sendemail]

smtpServer = localhost

[container]

user = amitra1

javaHome = C:\\Program Files\\Java\\jre1.8.0_92

[sshd]

listenAddress = *:29418

[httpd]

listenUrl = <URL>

filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter

[cache]

directory = cache

[github]

    url = <GITHub Enterprise URL>

    clientId = <Client ID>

    clientSecret = <Client Secret>

apiUrl = https://api.github.com

Regards,

Abhishek

--
--
To unsubscribe, email repo-discuss+unsubscribe@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss+unsubscribe@googlegroups.com.

[Luca Milanesio]

Yes, you made progress :-)

The issue now seems that your OAuth token been assigned by GitHub:Enterprise doesn't give you permissions to access your profile.

It is a problem, however, not necessarily blocking.

You should investigate into the GitHub:Enterprise to understand why.

If you try to access Gerrit, you should be logged in.

Luca.

[Abhishek Mitra]

Hi Luca,

Thanks for the reply. Will do.

But it IS blocking, as when I try to login to Gerrit , it throws me "Server Error"  and prevents me from logging in.

Do you have any thoughts as to why that's the case, considering that I double checked the Client ID and Client secret generated at GitHub side and it matches the entries in gerrit.config and secure.config files.

Really appreciate your help and quick response!!!!!!

Additionally, do we also have the option to integrate GerritHub with our GitHub Enterprise site? I tried out GerritHub but it is pulling data from Github side as opposed to the GitHub Enterprise side. SO all I see are list of my personal projects started in https://github.com.

Regards,

Abhishek

Regards,

Abhishek

[Luca Milanesio]

On 12 Oct 2017, at 10:30, Abhishek Mitra <abhi....@gmail.com> wrote:

Hi Luca,

Thanks for the reply. Will do.

But it IS blocking, as when I try to login to Gerrit , it throws me "Server Error"  and prevents me from logging in.

You would then to follow-up quite urgently with your GitHub:Enterprise Ops :-(

P.S. Have you configured the OAuth scope? which one?

Do you have any thoughts as to why that's the case, considering that I double checked the Client ID and Client secret generated at GitHub side and it matches the entries in gerrit.config and secure.config files.

Those are fine, because you passed the login OAuth handshake.

Really appreciate your help and quick response!!!!!!

Additionally, do we also have the option to integrate GerritHub with our GitHub Enterprise site? I tried out GerritHub but it is pulling data from Github side as opposed to the GitHub Enterprise side. SO all I see are list of my personal projects started in https://github.com.

GerritHub = Gerrit + GitHub plugin connected to GitHub.com

If you need Gerrit + GitHub plugin connected to your private GitHub Enterprise, you need to do the setup yourself.

[Abhishek Mitra]

Hi Luca,

I have the scopes public_repo, read:org and user:email assigned to my profile.

Will this sufice or do I need any other scope to be set?

Regards,

Abhishek

[Luca Milanesio]

GitHub scopes are defined at:

https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/about-scopes-for-oauth-apps/

user:email should be enough ... but apparently in your GitHub:Enterprise is not, whilst on GitHub.com is.

Try to change it to 'user' and see how it goes.

Luca.

[abhi....@gmail.com]

Hi Luca,

Thanks for the info. I will work with my Ops team to have the scope updated to user and test it.

Will get back to you with my findings.

Regards,

Abhishek 

Sent from my iPhone

[Abhishek Mitra]

Hi Luca,

Sorry for replying so late. Talks with Ops team took a while!!

I hafd them upgrade my scope to admin eventually and now, I a faced with a different error:

2017-10-26 23:45:51,568] [main] INFO  org.eclipse.jetty.server.AbstractConnector : Started ServerConnector@3119fcad{HTTP/1.1,[http/1.1]}{openbuild2.mcafee.int:8085}

[2017-10-26 23:45:51,570] [main] INFO  org.eclipse.jetty.server.Server : Started @41005ms

[2017-10-26 23:45:51,573] [main] INFO  com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.14.4 ready

[2017-10-26 23:47:02,819] [HTTP-70] WARN  org.eclipse.jetty.servlet.ServletHandler : /oauth

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.Handshaker.fatalSE(Unknown Source)

at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

at sun.security.ssl.Handshaker.processLoop(Unknown Source)

at sun.security.ssl.Handshaker.process_record(Unknown Source)

at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

I did some digging and looks like the GitHub enterprise site is not added as a trusted site in my Gerrit server.

I would have to import the certificate from the GitHub enterprise server.

Is my assumption correct? Is there a particular certificate(s) that I need to import?

Thanks and Regards,

Abhishek

[Abhishek Mitra]

Hi Luca,

Please ignore my previous mail.

I have got Gerrit working now in tandem with our enterprise GitHub instance and have configured Jenkins to kick off jobs when there's a push to the GitHub repository after the code review.

Took some time and a lot of googling but the integration is possible and is working fine.

Thanks for all your help through out the whole process.

Cheers,

Abhishek

On Tue, Nov 21, 2017 at 11:27 AM, Abhishek Mitra <abhi....@gmail.com> wrote:

Hi Luca,

Sorry for the late update. I was busy working with the Ops team to get the certificate issue resolved.

I have done so and have also got my user profile aligned to a higher scope and voila!! I can now login to Gerrit using my GitHub enterprise ID and import the repository that I am working on.

Just wanted to check with you if I need to enable/install any particular hooks to allow Gerrit intercept my Git pushes and turn them into code reviews? I did a dry run and the change got directly merged in the remote git repository instead of showing up in the Gerrit dashboard as a code review.

Thanks and Regards,

Abhishek

On Fri, Oct 27, 2017 at 12:32 PM, Luca Milanesio <luca.mi...@gmail.com> wrote:

Abhishek, your problem is not about Gerrit, GitHub ... you just have an invalid SSL certificate.

Please look on how to issue a valid SSL certificate or how to trust a self-signed on your JVM.

https://www.google.co.uk/search?dcr=0&source=hp&ei=vNnyWe6EFIG00gW1pYOIDQ&q=java+trust+ssl+certificate&oq=java+trust+ssl

[Abhishek Mitra]

Hi Luca,

Sorry to bother you again!!

I had earlier integrated Gerrit with our GitHub enterprise instance and any new review in Gerrit, when code reviewed successfully and submitted, was getting merged to GitHub repo successfully.

But lately, this integration has stopped working.. Now, when the change is submitted in Gerrit, it stays in Gerrit itself and do not get merged to Github.

If I clone the Gerrit repo, I see those changes but if I clone github repo, I do not.

Do you know why the integration has stopped working and how we can restore it back? I know that there were commits directly to the GitHub repo instead of going through Gerrit and we had integrated JIRA with the GitHub repo as well. Can these be responsible ?

Thanks in advance for your help!!

Regards,

Abhishek

[Xcaliber Infotech]

Hi Abhishek/Luca,

I am facing the same kind of issue can you guys help me with the integration process.

I was able to integrate GitHub and Gerrit smoothly whereas I am getting issue with Enterprise Integration.

Can you help me as I am trying this since long and now it's became serious issue in organization.

Thanks

Gaurav

Regards,

Abhishek

Regards,

Abhishek

Luca.

--
--
To unsubscribe, email rep...@googlegroups.com

More info at http://groups.google.com/group/repo-discuss?hl=en

---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.

To unsubscribe from this group and stop receiving emails from it, send an email to repo-d...@googlegroups.com.