Closed simplygeekuk closed 4 years ago
Hi @nmshadey, the encrypted server password is not supported with basic authentication and this is why vRDT requires the vro.username and vro.password to be specified in the maven profile.
However, if you change to vRA SSO auth (<vro.auth>vra</vro.auth>
), you use encrypted pass. Following is a sample profile with the required properties.
<servers>
<server>
<username>administrator@vsphere.local</username>
<password>{native+maven+encrypted+pass}</password>
<id>corp-dev-vro</id>
</server>
</servers>
....
<profile>
<id>corp-dev</id>
<properties>
<!--vRO Connection-->
<vro.host>10.29.26.18</vro.host>
<vro.port>8281</vro.port>
<vro.serverId>corp-dev-vro</vro.serverId>
<vro.auth>vra</vro.auth>
<vro.tenant>vsphere.local</vro.tenant>
</properties>
</profile>
You can check here how to encrypt the password.
Something interesting is happening here. If I set the auth to VRA then I get the following error:
[INFO] SSO authentication token has expired. Acquiring a new one. [ERROR] Unable to parse Json[
...bump
Any thoughts on my last comment?
VSCode executes maven command that is supposed to get a token from vRA and save it to a location given by vscode. The following is the maven command used to retrieve a token. Can you execute it and send the whole output?
cd <vrealize-project-root>
mvn vrealize:auth -P<yourMavenProfileName> -DoutputDir="<absolute-path-to-folder>" -N -e
Maybe the issue here is not related to the credentials, since if the wrong credentials were send to vRA, you'd see 401 instead of 404...
Not sure how much help this is:
[INFO] Error stacktraces are turned on. [INFO] Scanning for projects... [INFO] [INFO] ----------------< com.simplygeek.library.util:logger2 >----------------- [INFO] Building logger2 1.0.1-SNAPSHOT [INFO] ------------------------------[ package ]------------------------------- [INFO] [INFO] --- vrealize-package-maven-plugin:1.5.11:auth (default-cli) @ logger2 --- [WARNING] SSL: You are now ignoring certificate verification. [WARNING] SSL: You are now ignoring hostname verification. [INFO] Authentication strategy: VRA [ERROR] Unable to parse Json[
Some additional info regarding the usage of encrypted passwords. You stated ' the encrypted server password is not supported with basic authentication' However, myself and other devs have discovered that when using BASIC auth, it appears to expect the encrypted password to be set, else authentication does not work. The plain text username and password only appear to be used for the hints collection.
As you have stated, I would expect BASIC auth to only require the plaintext username and password.
Any update on this guys?
@simplygeekuk Apologies for the late reply! Have you found the cause of this 404 issue?
Looking at the implementation of the vrealize:auth
goal, it will try to acquire a token from the URL https://<vro.host>:<vro.port>/SAAS/t/<vro.tenant>/auth/oauthtoken?grant_type=password
, which according to your profile should be https://vro.sgroot.local:8281/SAAS/t/vsphere.local/auth/oauthtoken?grant_type=password
. Calls to this URL produce the 404. Are you using an external vRO or embedded? Can you try with port 443?
@simplygeekuk @virtualhobbit Regarding the encrypted password, if you specify a vro.serverId
property in your profile, all maven commands you run (either through the command line or via the vRDT tasks palette) will expect the encrypted password to be set. However, this is not the case with hint collection as it is not implemented through maven, therefore it cannot decrypt and use the password from settings.xml.
Following table shows what authentication methods are supported by vRDT (the vscode extension itself) and vRBT (the maven toolset used for building, packaging, pushing and pulling content).
Authentication | vRealize Developer Tools | vRealize Build Tools | Required keys in settings.xml profile |
---|---|---|---|
BASIC (without encryption) | Supported | Supported | vro.auth = basic vro.username vro.password |
BASIC (with encryption) | Not Supported | Supported | vro.auth = basic vro.serverId |
VRA SSO (without encryption) | Supported | Supported | vro.auth = vra vro.username vro.password vro.tenant |
VRA SSO (with encryption) | Supported | Supported | vro.auth = vra vro.serverId vro.tenant |
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.
Description
The documentation suggests that the/ and tags can be removed in favour of using the encrypted server passwords. However, this doesn't appear to be possible and an error is thrown in VSCode that the tags are missing.
Is this even possible?
Expected behavior: [What you expect to happen] To use the server encrypted credentials instead of plain text passwords in the profile section of settings.xml
Actual behavior: [What actually happens] Extension cannot seem to function without the plain text credential tags being present.
Reproduces how often: [What percentage of the time does it reproduce?] 100%
Environment
Client
Server
Failure Logs
Additional Context