spring-cloud / spring-cloud-config

External configuration (server and client) for Spring Cloud
Apache License 2.0
1.96k stars 1.29k forks source link

Git Backend makes first request to repo without credentials #1721

Open epignosisx opened 4 years ago

epignosisx commented 4 years ago

Describe the bug We are running Spring Cloud Config with the Git backend and we've identified that when we call /actuator/health it's first making a call to the git repo and receiving a 401 (Unauthorized), and right away a call that succeeds. It appears as if the first request is not sending the credentials, but the second is.

This doesn't seem right, am I missing something? I'm using a version a bit old (2.1.2.RELEASE), I looked through the issues but couldn't find any issue related to this.

Here is a screenshot of the outgoing calls that /actuator/health makes depicting the issue:

image

Notice how this is not an isolated incident, but rather, each failed attempt is followed by a successful one:

image

spencergibb commented 4 years ago

I'd say it's all up to your configuration. Can you share?

epignosisx commented 4 years ago

Thanks for the quick reply. We are running it inside a container, here are the environment variables we are setting:

SPRING_CLOUD_CONFIG_SERVER_GIT_USERNAME=some-username SPRING_CLOUD_CONFIG_SERVER_GIT_PASSWORD=some-password SPRING_CLOUD_CONFIG_SERVER_GIT_URI=https://some-org@dev.azure.com/some-org/some-project/_git/app-config SPRING_CLOUD_CONFIG_SERVER_GIT_FORCE-PULL=true SPRING_CLOUD_CONFIG_SERVER_GIT_BASEDIR=/opt/app-config ENCRYPT_KEY=some-key MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health

spencergibb commented 4 years ago

what version?

Seems odd that you have the username in the uri and env vars

epignosisx commented 4 years ago

what version?

2.1.2.RELEASE

Seems odd that you have the username in the uri and env vars

Indeed. I haven't noticed that. Let me check if there is a reason for it and remove it to see if it makes a difference.

spencergibb commented 4 years ago

That's an old version and I would suggest updating to Hoxton.SR8

epignosisx commented 4 years ago

Updated the git url to exclude the username, it did not make a difference. I'm in the process of updating the app to the latest version. I'll share the results.

epignosisx commented 4 years ago

We upgraded to the latest versions, but no luck: spring-boot-starter-parent from 2.1.5 to 2.3.4 spring-cloud-config-server from 2.1.2 to 2.2.5

Here is the whole pom file.

It does not seem to be a problem with just the /actuator/health endpoint, it also happens when requesting the configuration like /some-app/some-profile/some-label

image

avnerstr commented 2 years ago

@OlgaMaciaszek and @spencergibb any progress on this issue- I still see it happening 2020.0.4. any progress on that?

avnerstr commented 2 years ago

@spencergibb any update on that?

mdiskin commented 4 months ago
image

On springboot 3.3.1 SpringCloud 2023.0.2 Java21

cloud: config: server: bootstrap: ${CONFIGSERVER_BOOTSTRAP:true} encrypt: enabled: ${CONFIGSERVER_ENCRYPTENABLED:true} git: uri: https://gitlab.com/arctravel/arc-settlement/config/default-config.git basedir: ${CONFIGSERVER_BASEDIR}/default clone-on-start: ${CONFIGSERVER_CLONEONSTART} force-pull: ${CONFIGSERVER_FORCEPULL} username: ${GIT_USER} password: ${GIT_TOKEN}

mdiskin commented 3 months ago

@spencergibb is there anymore research I can provide to help in getting a fix for this one? This does limit our able to monitor for true production issues

image