Closed chris-codaio closed 2 years ago
Hi, which version of bazel-remote are you running? And is your bazel client talking to bazel-remote using http or grpc?
Sorry for not including those above
Version: buchgr/bazel-remote-cache:v2.3.9 Using HTTP
I assume there's a proxy in the picture here somewhere? I have a feeling that the problem may be with a proxy because I can't find any usage of the 403 error code (http.StatusForbidden
in go code) in either bazel-remote's source nor in the http basic authentication library that bazel-remote uses (https://github.com/abbot/go-http-auth).
Could be. I'll poke around in our ALB logs and see if there's anything meaningful in there. Will report back.
Looks like an overzealous WAF rule in our AWS configs was indeed the culprit. Kind of unfortunate that the bazel client doesn't tell you which file it's trying to write when the error happens - that would have been really useful to track this down.
Thanks for following up on this. Perhaps you could report this logging change as a feature request over in https://github.com/bazelbuild/bazel ?
Good call. I've filed a feature request for this here: https://github.com/bazelbuild/bazel/issues/16454
We're seeing intermittent 403 errors reported by the bazel client; works 99% of the time. We have bazel-remote setup to use htpasswd auth in a kubernetes deployment (single pod).
Flags are: