search

TRIMM / plugin-dependencytrack

Plugin for retrieving Dependencytrack metrics in Backstage
Apache License 2.0
16 stars 2 forks source link

Can not get information in backstage #84

Closed bjsee closed 2 months ago

bjsee commented 1 year ago

Hello, I'm having trouble getting it to run and I think it's related to a misconfiguration. Could you possibly provide an example for the values of the URLs in the README? I believe that the X-Api-Key should contain the api-key and not the DEPENDENCYTRACK_API_URL.

My configuration looks like this:

integrations:
  dependencytrack:
    baseUrl: https://dependencytrack.mycompany.com

proxy:
  '/dependencytrack':
    target: 'https://dependencytrack.mycompany.com/api/v1'
    allowedMethods: [ 'GET' ]
    headers:
      X-Api-Key: 'l5ktqUe9uyNmmfsYinrRJ9xHLfhPumBZ'

If I make a GET request with this information using Postman, I receive a successful response. However, in Backstage, I'm receiving the error message: "There is no Dependencytrack project with id 'dd89a9d0-49ff-42de-bffa-409ac1cadf0d'."

Here are the dependencytrack related log-entries:

[1] 2023-05-30T15:48:46.826Z proxy info [HPM] Proxy created: /dependencytrack  -> https://dependencytrack.mycompany.com/api/v1 type=plugin
[1] 2023-05-30T15:48:46.826Z proxy info [HPM] Proxy rewrite rule created: "^/api/proxy/dependencytrack/?" ~> "/" type=plugin
...
[1] 2023-05-30T15:48:54.021Z backstage info ::1 - - [30/May/2023:15:48:54 +0000] "GET /api/proxy/dependencytrack/api/v1/metrics/project/dd89a9d0-49ff-42de-bffa-409ac1cadf0d/current HTTP/1.1" 500 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" type=incomingRequest
...
[1] 2023-05-30T15:48:54.141Z backstage info ::1 - - [30/May/2023:15:48:54 +0000] "GET /api/proxy/dependencytrack/api/v1/finding/project/dd89a9d0-49ff-42de-bffa-409ac1cadf0d HTTP/1.1" 500 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36" type=incomingRequest

I am not sure if the configuration is really correct. Could you possibly provide an example for the values of the URLs in the README

Thanks, Björn

jplimack commented 10 months ago

@jdiepeveen im hitting this, as well - any advice ?

jplimack commented 10 months ago

the apiurl should really be the baseURL, as the funcs append /api/v1/... when making requests

Shane-OH commented 9 months ago

Commenting here as im also having issues with this, some clarification in the README's would be helpful. @bjsee @jplimack Did you get this working? What does you config look like?

PrashanthHRao commented 5 months ago

I’m also facing the same issue with exact configuration mentioned by @bjsee and new backend architecture of backstage.

Edit: I’ve not used /api/v1 in base url

Kindly let me know if there any updates or If anyone fixed this issue.

Regards Prashanth

ronaldtb commented 3 months ago

Hi all, version 0.3.1 has been released and has been tested with Backstage version 1.27.5. The readme has also been updated to reflect the additional endpoints level required underneath the proxy section.

For example:

proxy:
  endpoints:
    '/dependencytrack':
      target: ${DEPENDENCYTRACK_BASE_URL}
      allowedMethods: [ 'GET' ]
      headers:
        X-Api-Key: ${DEPENDENCYTRACK_API_KEY}

The variables should be replaced with the actual values for your specific environment.

michaelbarone commented 2 months ago

I have partial functionality working in backstage, but not getting any data for the Findings component:

image

It appears to be getting a 403 Forbidden access response to the v1/findings endpoint.

The Metrics component is loading as expected.

Thanks for the work on this.. much appreciated.

edit, not sure if this warrants a new issue, felt it was similar enough to the initial issue in this thread.

ronaldtb commented 2 months ago

@michaelbarone Which version of Dependency-Track are you using? And can you check the API Key permissions underneath the Administration > Teams > [Team] section to make sure the API Key has permissions to retrieve the findings?

We ourselves have granted the following permissions to the Team for the API Key we are using:

michaelbarone commented 2 months ago

@ronaldtb thank you, it was key permissions. after updating to what you have, its all working now. thank you.

ronaldtb commented 2 months ago

No problem