Problem with Github plugin and Enterprise Github
1,020 views
Skip to first unread message
Brendan Maguire
Aug 11, 2014, 10:19:14 AM8/11/14
to repo-d...@googlegroups.com
Hi,
I am trying to run Gerrit with the Gerrit Github plugin against our enterprise Github instance. I am having trouble with OAuth it seems. I am hoping someone here can give me a push in the right direction on how to fix this.
The gerrit logs show the following error when I try to access my gerrit homepage (the actual page just shows Server Error):
[2014-08-11 15:00:24,060] INFO Â com.google.gerrit.pgm.Daemon : Gerrit Code Review 2.9 ready
[2014-08-11 15:00:25,168] DEBUG com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter : OAuthWebFilter(http://<my gerrit instance>:8080/) code=null
[2014-08-11 15:00:25,287] DEBUG com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter : OAuthWebFilter(http://<my gerrit instance>:8080/login/) code=null
[2014-08-11 15:00:25,288] DEBUG com.googlesource.gerrit.plugins.github.oauth.GitHubLogin : Login GitHubLogin [token=null, myself=null, scopes=null]
[2014-08-11 15:00:25,288] DEBUG com.googlesource.gerrit.plugins.github.oauth.GitHubLogin : Login-PHASE1 GitHubLogin [token=null, myself=null, scopes=[USER_EMAIL, PUBLIC_REPO]]
[2014-08-11 15:00:25,288] DEBUG com.googlesource.gerrit.plugins.github.oauth.OAuthProtocol : Initiating GitHub Login for ClientId=<client id from enterprise github applications page> Scopes=&scope=user:email,public_repo
[2014-08-11 15:00:25,406] DEBUG com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter : OAuthWebFilter(http://<my gerrit instance>:8080/oauth) code=7e889a2231b198e985df
[2014-08-11 15:00:25,407] DEBUG com.googlesource.gerrit.plugins.github.oauth.GitHubLogin : Login GitHubLogin [token=null, myself=null, scopes=[USER_EMAIL, PUBLIC_REPO]]
[2014-08-11 15:00:25,407] DEBUG com.googlesource.gerrit.plugins.github.oauth.GitHubLogin : Login-FINAL GitHubLogin [token=null, myself=null, scopes=[USER_EMAIL, PUBLIC_REPO]]
[2014-08-11 15:00:26,134] WARN Â org.eclipse.jetty.servlet.ServletHandler : /oauth
java.io.IOException: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
  at org.kohsuke.github.Requester.handleApiError(Requester.java:367)
  at org.kohsuke.github.Requester._to(Requester.java:202)
  at org.kohsuke.github.Requester.to(Requester.java:154)
  at org.kohsuke.github.GitHub.getMyself(GitHub.java:239)
  at org.kohsuke.github.GitHub.<init>(GitHub.java:128)
  at org.kohsuke.github.GitHub.<init>(GitHub.java:75)
  at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:181)
  at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:173)
  at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:135)
  at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.login(OAuthWebFilter.java:129)
  at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:92)
  at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:83)
  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
  at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
  at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
  at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
  at org.eclipse.jetty.server.Server.handle(Server.java:459)
  at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
  at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
  at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
  at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
  at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/user
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1626)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
  at org.kohsuke.github.Requester.parse(Requester.java:323)
  at org.kohsuke.github.Requester._to(Requester.java:200)
  ... 28 more
[2014-08-11 15:00:26,136] ERROR com.google.gerrit.pgm.http.jetty.HiddenErrorHandler : Error in GET /oauth?code=< a long code >&state=1618769965%2C%2Flogin%2F
java.io.IOException: {"message":"Bad credentials","documentation_url":"https://developer.github.com/v3"}
  at org.kohsuke.github.Requester.handleApiError(Requester.java:367)
  at org.kohsuke.github.Requester._to(Requester.java:202)
  at org.kohsuke.github.Requester.to(Requester.java:154)
  at org.kohsuke.github.GitHub.getMyself(GitHub.java:239)
  at org.kohsuke.github.GitHub.<init>(GitHub.java:128)
  at org.kohsuke.github.GitHub.<init>(GitHub.java:75)
  at org.kohsuke.github.GitHub.connectUsingOAuth(GitHub.java:181)
  at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:173)
  at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:135)
  at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.login(OAuthWebFilter.java:129)
  at com.googlesource.gerrit.plugins.github.oauth.OAuthWebFilter.doFilter(OAuthWebFilter.java:92)
  at com.googlesource.gerrit.plugins.github.oauth.OAuthFilter.doFilter(OAuthFilter.java:83)
  at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1539)
  at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:524)
  at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:219)
  at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1110)
  at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:453)
  at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
  at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1044)
  at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
  at org.eclipse.jetty.server.handler.RequestLogHandler.handle(RequestLogHandler.java:92)
  at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
  at org.eclipse.jetty.server.Server.handle(Server.java:459)
  at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:280)
  at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:229)
  at org.eclipse.jetty.io.AbstractConnection$1.run(AbstractConnection.java:505)
  at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
  at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
  at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/user
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1626)
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
  at org.kohsuke.github.Requester.parse(Requester.java:323)
  at org.kohsuke.github.Requester._to(Requester.java:200)
  ... 28 more
I'm only guessing here, but it seems to me from the above log that we are hitting api.github.com/user for our gerrit's user information, instead of hitting the enterprise github server I have specified. Does anyone know why that might be happening?
My versions are:
Gerrit 2.9
Gerrit Github Plugin: 2.9
My gerrit.conf looks like this:
[gerrit]
basePath = git
canonicalWebUrl = http://<my gerrit instance>:8080/
[database]
type = h2
database = db/ReviewDB
[index]
type = LUCENE
[sendemail]
smtpServer = localhost
[container]
user = gerrit
javaHome = /usr/lib/jvm/java-7-oracle/jre
[sshd]
listenAddress = *:29418
[httpd]
listenUrl = http://*:8080/
filterClass = com.googlesource.gerrit.plugins.github.oauth.OAuthFilter
[cache]
directory = cache
[auth]
type = HTTP
httpHeader = GITHUB_USER
[github]
url = http://<my enterprise github instance>
clientId = <client id from enterprise github applications page>
clientSecret = <secret from enterprise github applications page>
Any help and info would be greatly appreciated!
Thanks,
Brendan
Luca Milanesio
Aug 12, 2014, 6:39:25 AM8/12/14
to Brendan Maguire, repo-d...@googlegroups.com
Hi Brendan,
I think the GitHub API response should be clear enough :-)
"message":"Bad credentials"
The OAuth UserID / Password you configured in your etc/gerrit.config and etc/secure.config do not match the ones generated in GitHub:Enterprise.
Luca.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
David Ostrovsky
Aug 12, 2014, 8:02:29 AM8/12/14
to repo-d...@googlegroups.com, Luca Milanesio
I have no idea about GH plugin, but let's the code speak, it is open source and
you have provided complete stack trace, what do we need more?
The last call from the GH plugin is this line:
at com.googlesource.gerrit.plugins.github.oauth.GitHubLogin.login(GitHubLogin.java:173)
Looking at it:
==> 173 GitHub.connectUsingOAuth(authToken.access_token)
and the code behind it [1], reveals that the custom GH API URL from your GH Enterprise installation
is not reflected in Kohsuke's GH API call of GH plugin. Currently called method is using this constant
variable in the end [1]:
  private static final String GITHUB_URL = "https://api.github.com";
So this is a bug in GH plugin.
[1] https://github.com/kohsuke/github-api/blob/master/src/main/java/org/kohsuke/github/GitHub.java#L445
Luca Milanesio
Aug 12, 2014, 8:24:59 AM8/12/14
to David Ostrovsky, repo-d...@googlegroups.com
I remember we made the GitHub API URL configurable ... or am I wrong ?
Sent from my iPhone
Sent from my iPhone
David Ostrovsky
Aug 12, 2014, 8:49:41 AM8/12/14
to repo-d...@googlegroups.com
Am Dienstag, 12. August 2014 14:24:59 UTC+2 schrieb lucamilanesio:
I remember we made the GitHub API URL configurable ... or am I wrong ?
Was it in Gerrit core, where we've replaced Kosuke's GitHub API with simple
HTTP request where we've used GH API URL that was configured in Gerrit itself [1]?
Luca Milanesio
Aug 12, 2014, 8:52:04 AM8/12/14
to David Ostrovsky, repo and gerrit
Needs to be changed on the GitHub plugin as well then.
Luca.
Luca Milanesio
Aug 12, 2014, 9:02:53 AM8/12/14
to Brendan Maguire, repo and gerrit
@Brendan: it should be an easy fix. Do you want to contribute to it ?
Luca.
Begin forwarded message:
Brendan Maguire
Aug 12, 2014, 9:03:05 AM8/12/14
to Luca Milanesio, repo-d...@googlegroups.com
Hi Luca,
Thanks for the reply. That would be great if bad credentials is all it
is. Can you explain where I might be going wrong?
My [github] section in my etc/gerrit.config has three entries in it:
[github]
url = http://<my enterprise github instance>
clientId = <client id from enterprise github applications page>
clientSecret = <secret from enterprise github applications page>
The clientId and clientSecret values are taken from http://<my
enterprise github>/settings/applications/7 .
My Homepage URL and Authorization callback URL point to http://<my
gerrit instance>:8080 and http://<my gerrit instance>:8080/oauth
respectively.
I never touched my etc/secure.config file but I see it has one section
in there named auth with two keys, registerEmailPrivateKey and
restTokenPrivateKey.
The reason I thought my gerrit instance might be hitting
api.github.com at some stage is because of this entry in the log file:
Caused by: java.io.IOException: Server returned HTTP response
code: 401 for URL: https://api.github.com/user
Any thoughts on what I may have set up incorrectly? Are there some
other credentials I'm supposed to enter elsewhere?
Thanks,
Brendan
Thanks for the reply. That would be great if bad credentials is all it
is. Can you explain where I might be going wrong?
My [github] section in my etc/gerrit.config has three entries in it:
[github]
url = http://<my enterprise github instance>
clientId = <client id from enterprise github applications page>
clientSecret = <secret from enterprise github applications page>
enterprise github>/settings/applications/7 .
My Homepage URL and Authorization callback URL point to http://<my
gerrit instance>:8080 and http://<my gerrit instance>:8080/oauth
respectively.
I never touched my etc/secure.config file but I see it has one section
in there named auth with two keys, registerEmailPrivateKey and
restTokenPrivateKey.
The reason I thought my gerrit instance might be hitting
api.github.com at some stage is because of this entry in the log file:
Caused by: java.io.IOException: Server returned HTTP response
code: 401 for URL: https://api.github.com/user
other credentials I'm supposed to enter elsewhere?
Thanks,
Brendan
Luca Milanesio
Aug 12, 2014, 9:05:02 AM8/12/14
to Brendan Maguire, repo and gerrit, David Ostrovsky
Hi Brendan,
there is a bug in the plugin and the API URL doesn't get updated accordingly (as you've seen from the logs).
The fix should be easy, do you want to contribute to it ?
Luca.
there is a bug in the plugin and the API URL doesn't get updated accordingly (as you've seen from the logs).
The fix should be easy, do you want to contribute to it ?
Luca.
Brendan Maguire
Aug 12, 2014, 9:06:42 AM8/12/14
to repo-d...@googlegroups.com
Sorry, I did not see the previous replies.
I had suspected it was hardcoded but didn't go digging until I was sure it wasn't something configurable. I will have a look at fixing this.
Cheers,
Brendan
lucamilanesio
Aug 15, 2014, 6:12:25 AM8/15/14
to repo-d...@googlegroups.com
Hi Brendan, any news on this?
Did you manage to upload your fix?
Luca.
Brendan Maguire
Aug 15, 2014, 6:16:10 AM8/15/14
to lucamilanesio, repo-d...@googlegroups.com
Hi Luca,
I'm afraid I will not have the time to fix this as we have opted for a
different solution than Github-Gerrit integration.
Sorry,
Brendan
> https://groups.google.com/d/topic/repo-discuss/NgJEULMx3f4/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
I'm afraid I will not have the time to fix this as we have opted for a
different solution than Github-Gerrit integration.
Sorry,
Brendan
> --
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> You received this message because you are subscribed to a topic in the
> --
> To unsubscribe, email repo-discuss...@googlegroups.com
> More info at http://groups.google.com/group/repo-discuss?hl=en
>
> ---
> Google Groups "Repo and Gerrit Discussion" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/repo-discuss/NgJEULMx3f4/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
Luca Milanesio
Aug 15, 2014, 6:19:24 AM8/15/14
to Brendan Maguire, repo-d...@googlegroups.com
OK, no problem.
What was the alternative solution? Just to share experiences with others that may have the same problem and are looking for a common approach to resolve it :-)
Luca.
What was the alternative solution? Just to share experiences with others that may have the same problem and are looking for a common approach to resolve it :-)
Luca.
Brendan Maguire
Aug 15, 2014, 6:28:57 AM8/15/14
to Luca Milanesio, repo-d...@googlegroups.com
To get past this particular problem I hardcoded our server name into
the github-oauth code.
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
index 69f94da..9f3e5af 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
@@ -170,7 +170,8 @@ public class GitHubLogin {
public GitHub login(AccessToken authToken) throws IOException {
this.token = authToken;
- this.hub = GitHub.connectUsingOAuth(authToken.access_token);
+ this.hub = GitHub.connectToEnterprise("http://<our enterprise
github server>/api/v3", authToken.access_token);
this.myself = hub.getMyself();
return this.hub;
}
Thanks for your help in pointing out where in the code the issue was.
Overall, we are evaluating tools for our new process and have decided
to go with ReviewBoard.
the github-oauth code.
diff --git a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
index 69f94da..9f3e5af 100644
--- a/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
+++ b/github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java
@@ -170,7 +170,8 @@ public class GitHubLogin {
public GitHub login(AccessToken authToken) throws IOException {
this.token = authToken;
- this.hub = GitHub.connectUsingOAuth(authToken.access_token);
+ this.hub = GitHub.connectToEnterprise("http://<our enterprise
github server>/api/v3", authToken.access_token);
this.myself = hub.getMyself();
return this.hub;
}
Thanks for your help in pointing out where in the code the issue was.
Overall, we are evaluating tools for our new process and have decided
to go with ReviewBoard.
Reply all
Reply to author
Forward
0 new messages