search

AzBuilder / terrakube

Open source IaC Automation and Collaboration Software.
https://docs.terrakube.io
Apache License 2.0
451 stars 34 forks source link

Gitlab CE integration assumes HTTPS deployment of Terrakube #1014

Open AlejandroGarcia95 opened 3 weeks ago

AlejandroGarcia95 commented 3 weeks ago

Bug description 🐞

We have noticed this while trying to integrate Terrakube with our own Gitlab CE instance. The GitlabToken classes that implement the VCS integration with Gitlab assume Terrakube is deployed with HTTPS enabled, and they have the https URL scheme hardcoded (for example, here). Of course, this might not be the case, as Terrakube can be deployed without enabling HTTPS. Additionally, this is inconsistent with the redirect_uri shown in the Terrakube UI, as the UI itself can correctly detect the http scheme.

The result is that the integration itself fails with the following page on the Terrakube UI: image

Inspecting the logs on Gitlab, you can see the problem is that the redirect_uri used is using https: 

2024-06-18 18:39:45.903 ERROR 1 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.reactive.function.client.WebClientResponseException$BadRequest: 400 Bad Request from POST http://whitecicd-webservice.tcloud.whitestack.com/oauth/token?client_id=e0075541692aa5bd73962df9469842e0605262a01f35e2c5b35ec3e5340bc074&client_secret=gloas-2e182eb2d98328494584bac7a2ff2bfb26cd54433ba1ae4a9bc3b2476b32c13a&code=cf43ddd3c96c888e596d10b276c6ca49cf2947b9907daf467f393ba3de72647c&grant_type=authorization_code&redirect_uri=https://terrakube-api.tcloud.whitestack.com/callback/v1/vcs/32bf4d70-2da0-11ef-824a-6d5dccf13a80] with root cause

If I understood well, this does not happen when using Gitlab cloud, as the redirect_uri is not used for that integration.

Also, I can confirm that if Terrakube is deployed with HTTPS enabled, the integration works.

Steps to reproduce

Expected behavior

Integration should work without HTTPS enabled on Terrakube.

Example repository

No response

Anything else?

No response

alfespa17 commented 3 weeks ago

I think it would be better if you install a certificate for your terrakube installation because there are several parts of terrakube that wont work without "https".

For example if you are using the terraform/tofu cli with the registry it will require "HTTPS" and if you want to use the CLI drive workflow will also require "HTTPS"

AlejandroGarcia95 commented 3 weeks ago

@alfespa17 we have indeed installed Terrakube with HTTPS and confirmed the integration works. However, I think it should be useful to add a note on the integration docs stating the integration will not work without HTTPS. I believe there is no reason for that particular integration to fail with HTTP, so we might like to make the requirement more explicit.