search

vmware / vrealize-developer-tools

Extension for Visual Studio Code that provides code intelligence features and enables a more developer-friendly experience when creating vRealize content
Other
75 stars 23 forks source link

Not possible to remove vRO/vRA plain text credentials from settings.xml #33

Closed simplygeekuk closed 4 years ago

simplygeekuk commented 5 years ago

Description

The documentation suggests that the / and tags can be removed in favour of using the encrypted server passwords. However, this doesn't appear to be possible and an error is thrown in VSCode that the tags are missing.

Is this even possible?

Expected behavior: [What you expect to happen] To use the server encrypted credentials instead of plain text passwords in the profile section of settings.xml

Actual behavior: [What actually happens] Extension cannot seem to function without the plain text credential tags being present.

Reproduces how often: [What percentage of the time does it reproduce?] 100%

Environment

Client

Server

Failure Logs

Additional Context

nblagoev commented 5 years ago

Hi @nmshadey, the encrypted server password is not supported with basic authentication and this is why vRDT requires the vro.username and vro.password to be specified in the maven profile.

However, if you change to vRA SSO auth (<vro.auth>vra</vro.auth>), you use encrypted pass. Following is a sample profile with the required properties.

<servers>
    <server>
        <username>administrator@vsphere.local</username>
        <password>{native+maven+encrypted+pass}</password>
        <id>corp-dev-vro</id>
    </server>
</servers>
....
<profile>
    <id>corp-dev</id>
    <properties>
        <!--vRO Connection-->
        <vro.host>10.29.26.18</vro.host>
        <vro.port>8281</vro.port>
        <vro.serverId>corp-dev-vro</vro.serverId>
        <vro.auth>vra</vro.auth>
        <vro.tenant>vsphere.local</vro.tenant>
    </properties>
</profile>

You can check here how to encrypt the password.

simplygeekuk commented 5 years ago

Something interesting is happening here. If I set the auth to VRA then I get the following error:

[INFO] SSO authentication token has expired. Acquiring a new one. [ERROR] Unable to parse Json[

...
404
Not Found
In my settings.xml vro.sgroot.local 8281 development-vro vra vsphere.local Now, what is very interesting, is that if I add empty and tags and set the auth to basic, then it uses the server encrypted password, at least for the maven stuff (and pushes packages to vRO fine). But the issue is that the hints collector in VSCode will fail as it expected the plain text username and password to be specified. My vRO server is configured to use vRealize Automation as the auth provider, using vsphere.local as the tenant and my user is a member of the admins group. This works fine for normal vRA/vRO logins. I have had another developer reproduce this same issue.
simplygeekuk commented 5 years ago

bump

Any thoughts on my last comment?

nblagoev commented 5 years ago

VSCode executes maven command that is supposed to get a token from vRA and save it to a location given by vscode. The following is the maven command used to retrieve a token. Can you execute it and send the whole output? 

cd <vrealize-project-root>
mvn vrealize:auth -P<yourMavenProfileName> -DoutputDir="<absolute-path-to-folder>" -N -e

Maybe the issue here is not related to the credentials, since if the wrong credentials were send to vRA, you'd see 401 instead of 404...

simplygeekuk commented 5 years ago

Not sure how much help this is:

[INFO] Error stacktraces are turned on. [INFO] Scanning for projects... [INFO] [INFO] ----------------< com.simplygeek.library.util:logger2 >----------------- [INFO] Building logger2 1.0.1-SNAPSHOT [INFO] ------------------------------[ package ]------------------------------- [INFO] [INFO] --- vrealize-package-maven-plugin:1.5.11:auth (default-cli) @ logger2 --- [WARNING] SSL: You are now ignoring certificate verification. [WARNING] SSL: You are now ignoring hostname verification. [INFO] Authentication strategy: VRA [ERROR] Unable to parse Json[

replaceable image Created with Sketch.
404
Not Found
] com.google.gson.JsonSyntaxException: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 3 column 2 path $ at com.google.gson.JsonParser.parse (JsonParser.java:65) at com.google.gson.JsonParser.parse (JsonParser.java:45) at com.vmware.pscoe.iac.artifact.rest.helpers.JsonHelper.getPrettyJson (JsonHelper.java:19) at com.vmware.pscoe.iac.artifact.rest.RestClientFactory$1.handleError (RestClientFactory.java:81) at org.springframework.web.client.RestTemplate.handleResponse (RestTemplate.java:700) at org.springframework.web.client.RestTemplate.doExecute (RestTemplate.java:653) at org.springframework.web.client.RestTemplate.execute (RestTemplate.java:628) at org.springframework.web.client.RestTemplate.getForObject (RestTemplate.java:303) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.retrieveClientId (VraSsoAuth.java:77) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.acquireToken (VraSsoAuth.java:36) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.acquireToken (VraSsoAuth.java:31) at com.vmware.pscoe.maven.plugins.AuthMojo.execute (AuthMojo.java:58) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 3 column 2 path $ at com.google.gson.stream.JsonReader.syntaxError (JsonReader.java:1559) at com.google.gson.stream.JsonReader.checkLenient (JsonReader.java:1401) at com.google.gson.stream.JsonReader.doPeek (JsonReader.java:542) at com.google.gson.stream.JsonReader.peek (JsonReader.java:425) at com.google.gson.JsonParser.parse (JsonParser.java:60) at com.google.gson.JsonParser.parse (JsonParser.java:45) at com.vmware.pscoe.iac.artifact.rest.helpers.JsonHelper.getPrettyJson (JsonHelper.java:19) at com.vmware.pscoe.iac.artifact.rest.RestClientFactory$1.handleError (RestClientFactory.java:81) at org.springframework.web.client.RestTemplate.handleResponse (RestTemplate.java:700) at org.springframework.web.client.RestTemplate.doExecute (RestTemplate.java:653) at org.springframework.web.client.RestTemplate.execute (RestTemplate.java:628) at org.springframework.web.client.RestTemplate.getForObject (RestTemplate.java:303) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.retrieveClientId (VraSsoAuth.java:77) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.acquireToken (VraSsoAuth.java:36) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.acquireToken (VraSsoAuth.java:31) at com.vmware.pscoe.maven.plugins.AuthMojo.execute (AuthMojo.java:58) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) [ERROR]
replaceable image Created with Sketch.
404
Not Found
[INFO] ------------------------------------------------------------------------ [INFO] BUILD FAILURE [INFO] ------------------------------------------------------------------------ [INFO] Total time: 2.567 s [INFO] Finished at: 2019-07-11T11:25:08+01:00 [INFO] ------------------------------------------------------------------------ [ERROR] Failed to execute goal com.vmware.pscoe.maven.plugins:vrealize-package-maven-plugin:1.5.11:auth (default-cli) on project logger2: Execution default-cli of goal com.vmware.pscoe.maven.plugins:vrealize-package-maven-plugin:1.5.11:auth failed: 404 -> [Help 1] org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.vmware.pscoe.maven.plugins:vrealize-package-maven-plugin:1.5.11:auth (default-cli) on project logger2: Execution default-cli of goal com.vmware.pscoe.maven.plugins:vrealize-package-maven-plugin:1.5.11:auth failed: 404 at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: org.apache.maven.plugin.PluginExecutionException: Execution default-cli of goal com.vmware.pscoe.maven.plugins:vrealize-package-maven-plugin:1.5.11:auth failed: 404 at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:148) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) Caused by: java.lang.RuntimeException: 404 at com.vmware.pscoe.iac.artifact.rest.RestClientFactory$1.handleError (RestClientFactory.java:82) at org.springframework.web.client.RestTemplate.handleResponse (RestTemplate.java:700) at org.springframework.web.client.RestTemplate.doExecute (RestTemplate.java:653) at org.springframework.web.client.RestTemplate.execute (RestTemplate.java:628) at org.springframework.web.client.RestTemplate.getForObject (RestTemplate.java:303) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.retrieveClientId (VraSsoAuth.java:77) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.acquireToken (VraSsoAuth.java:36) at com.vmware.pscoe.iac.artifact.rest.auth.VraSsoAuth.acquireToken (VraSsoAuth.java:31) at com.vmware.pscoe.maven.plugins.AuthMojo.execute (AuthMojo.java:58) at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156) at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117) at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81) at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56) at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:305) at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192) at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105) at org.apache.maven.cli.MavenCli.execute (MavenCli.java:956) at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:288) at org.apache.maven.cli.MavenCli.main (MavenCli.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0 (Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke (NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke (DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke (Method.java:498) at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282) at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225) at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406) at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347) [ERROR] [ERROR] Re-run Maven using the -X switch to enable full debug logging. [ERROR] [ERROR] For more information about the errors and possible solutions, please read the following articles: [ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/PluginExecutionException
simplygeekuk commented 5 years ago

Some additional info regarding the usage of encrypted passwords. You stated ' the encrypted server password is not supported with basic authentication' However, myself and other devs have discovered that when using BASIC auth, it appears to expect the encrypted password to be set, else authentication does not work. The plain text username and password only appear to be used for the hints collection.

As you have stated, I would expect BASIC auth to only require the plaintext username and password.

virtualhobbit commented 4 years ago

Any update on this guys?

nblagoev commented 4 years ago

@simplygeekuk Apologies for the late reply! Have you found the cause of this 404 issue?

Looking at the implementation of the vrealize:auth goal, it will try to acquire a token from the URL https://<vro.host>:<vro.port>/SAAS/t/<vro.tenant>/auth/oauthtoken?grant_type=password, which according to your profile should be https://vro.sgroot.local:8281/SAAS/t/vsphere.local/auth/oauthtoken?grant_type=password. Calls to this URL produce the 404. Are you using an external vRO or embedded? Can you try with port 443?

@simplygeekuk @virtualhobbit Regarding the encrypted password, if you specify a vro.serverId property in your profile, all maven commands you run (either through the command line or via the vRDT tasks palette) will expect the encrypted password to be set. However, this is not the case with hint collection as it is not implemented through maven, therefore it cannot decrypt and use the password from settings.xml.

Following table shows what authentication methods are supported by vRDT (the vscode extension itself) and vRBT (the maven toolset used for building, packaging, pushing and pulling content).

Authentication vRealize Developer Tools vRealize Build Tools Required keys in settings.xml profile
BASIC (without encryption) Supported Supported vro.auth = basic
vro.username
vro.password
BASIC (with encryption) Not Supported Supported vro.auth = basic
vro.serverId
VRA SSO (without encryption) Supported Supported vro.auth = vra
vro.username
vro.password
vro.tenant
VRA SSO (with encryption) Supported Supported vro.auth = vra
vro.serverId
vro.tenant
no-response[bot] commented 4 years ago

This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.