search

aserto-dev / topaz

Cloud-native authorization for modern applications and APIs
https://www.topaz.sh
Apache License 2.0
1.12k stars 26 forks source link

Unable to start Topaz with the todo templates on the docs #479

Closed prisamuel closed 2 weeks ago

prisamuel commented 2 weeks ago

Went through the installation instructions

brew install aserto-dev/tap/topaz
topaz certs trust
topaz install
topaz templates install todo

came back with an error

➜  $ topaz templates install todo
Installing this template will completely reset your topaz configuration.
Do you want to continue? (y/N) y
>>> stopping topaz...
>>> topaz is not running
>>> configure policy
certs directory: /Users/samuel4/.local/share/topaz/certs
  FILE            ACTION                        
  gateway.crt     skipped, file already exists  
  gateway-ca.crt  skipped, file already exists  
  gateway.key     skipped, file already exists  
  grpc.crt        skipped, file already exists  
  grpc-ca.crt     skipped, file already exists  
  grpc.key        skipped, file already exists  
policy name: todo
Using configuration "todo"
>>> starting topaz "todo"...
0f8e15ae95623d4697f9ae6cc5506396a3b46d938fb2d153b00ea57fcbf48c3c
gRPC endpoint not SERVING

Retrying that came back with another error

$ topaz templates install todo
Installing this template will completely reset your topaz configuration.
Do you want to continue? (y/N) y
>>> stopping topaz...
>>> topaz is not running
>>> configure policy
certs directory: /Users/samuel4/.local/share/topaz/certs
  FILE            ACTION                        
  gateway.crt     skipped, file already exists  
  gateway-ca.crt  skipped, file already exists  
  gateway.key     skipped, file already exists  
  grpc.crt        skipped, file already exists  
  grpc-ca.crt     skipped, file already exists  
  grpc.key        skipped, file already exists  
policy name: todo
Using configuration "todo"
>>> starting topaz "todo"...
d8964238609618e6d9d7b396a53940ed0b644b329e9c9d03efc444b7c2ad4ec9
0.0.0.0:8080 closed

Starting in non-daemon mode shows up the logs, some ghcr errors with certificates

{"level":"error","component":"runtime","instance-id":"-","name":"todo","plugin":"bundle","time":"2024-10-31T14:53:07Z","message":"Bundle load failed: failed to pull ghcr.io/aserto-policies/policy-todo:3.0.0: download for 'ghcr.io/aserto-policies/policy-todo:3.0.0' failed: failed to resolve ghcr.io/aserto-policies/policy-todo:3.0.0: failed to do request: Head \"https://ghcr.io/v2/aserto-policies/policy-todo/manifests/3.0.0\": tls: failed to verify certificate: x509: certificate signed by unknown authority"}
gertd commented 2 weeks ago

@ prisamuel, are you behind a firewall that prevents connecting to ghcr.io?

prisamuel commented 2 weeks ago

Indeed, that was it.