-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 Bug Report: Techdocs returning 401 after enabling permissions flag #24791
Comments
My backend
Furthermore, techdocs renders fine when logged in as guest but I had to add the following flag
However, in my higher envs, Guests login are disabled. |
What's going on here is that TechDocs is using the new cookie auth and plugin service auth. When using those two are used in combination it's important that all parts of the system is using the new plugin service auth, or this might happen. When the user makes a request to the TechDocs static assets they'll use a cookie with a limited user token. This limited user token then in turn can only be converted into a valid service token to make a request to the catalog backend if both the TechDocs and Catalog plugins use the new plugin service auth. The logic for all of that is here. You're running everything in one backend though, so I don't expect that things being out of sync to be the actual issue here. Couple of things to check: do you have any Second thing, how's the |
Hi @Rugvip , thanks for the reply. I'm trying to ascertain the situation.
else if no other profiles are found, it will resolve with
I'm trying to replicate the issue locally here but seems to be working as expected while the promoted envs are not. |
I also noticed that this is creeping heavily in the logs from our higher environments.
Could this todo with the undici proxy? We do have that since inception, furthermore with NO_PROXY set with localhost as recommended in this issue. I noticed there's a patch been made but not due for release until the next version. Also, here's my full file content for
|
@darrenyung it's possible that the There's a workaround here: nodejs/undici#1650 (comment) but we were discussing potentially bringing some of this logic closer to the framework over in #24841 too. EDIT: It also looks like |
Hi @benjdlambert , thanks. The error seems to no longer be existent in our logs and also the perms are working again. This workaround unblocks our work for now. |
Hi, reopening this issue as the workaround seems to have broken scaffolder github actions now. 😭 The template produces the following output
|
@darrenyung which workaround did you use? Are you using public github or on prem? |
Hi @benjdlambert , I've used this workaround, it worked for this case but not the other. I'm using public github but I'm behind corporate proxy. |
Hmm it's unfortunate that we can't see what the actual issue is with the I wonder if your version of You should be able to reproduce the issue pretty easily and see what works, by just creating a Playing around with the workarounds in that file to see which one allows you to talk through to public github. It's also possible that if Octokit is not using |
Thanks. I'll take a deeper look tomorrow. Strange enough that the github discovery function is working as intended which I believe also uses the octokit library but not the git related scaffolder action. |
Hmm it's possible that they could be using different versions of octokit in the |
📜 Description
When permissions flag is enabled via config, the techdocs pages returns 401 response when trying to retrieve docs from GCS.
👍 Expected behavior
Techdocs renders just fine.
👎 Actual Behavior with Screenshots
One of many web responses from the network tab
👟 Reproduction steps
📃 Provide the context for the Bug.
🖥️ Your Environment
OS: Darwin 23.4.0 - darwin/x64
node: v20.11.0
yarn: 1.22.19
cli: 0.26.4 (installed)
backstage: 1.26.0
Dependencies:
@backstage/app-defaults 1.5.4
@backstage/backend-app-api 0.5.14, 0.7.2
@backstage/backend-common 0.19.10, 0.21.7
@backstage/backend-defaults 0.2.17
@backstage/backend-dev-utils 0.1.4
@backstage/backend-openapi-utils 0.1.10
@backstage/backend-plugin-api 0.6.17
@backstage/backend-tasks 0.5.22
@backstage/backend-test-utils 0.3.7
@backstage/catalog-client 1.6.4
@backstage/catalog-model 1.4.5
@backstage/cli-common 0.1.13
@backstage/cli-node 0.2.5
@backstage/cli 0.25.2, 0.26.4
@backstage/config-loader 1.8.0
@backstage/config 1.2.0
@backstage/core-app-api 1.12.4
@backstage/core-compat-api 0.2.4
@backstage/core-components 0.11.2, 0.13.10, 0.14.6
@backstage/core-plugin-api 1.9.2
@backstage/dev-utils 1.0.31
@backstage/e2e-test-utils 0.1.1
@backstage/errors 1.2.4
@backstage/eslint-plugin 0.1.7
@backstage/frontend-plugin-api 0.6.4
@backstage/integration-aws-node 0.1.12
@backstage/integration-react 1.1.26
@backstage/integration 1.10.0
@backstage/plugin-api-docs 0.11.4
@backstage/plugin-app-backend 0.3.65
@backstage/plugin-app-node 0.1.17
@backstage/plugin-auth-backend-module-atlassian-provider 0.1.9
@backstage/plugin-auth-backend-module-aws-alb-provider 0.1.9
@backstage/plugin-auth-backend-module-azure-easyauth-provider 0.1.0
@backstage/plugin-auth-backend-module-bitbucket-provider 0.1.0
@backstage/plugin-auth-backend-module-cloudflare-access-provider 0.1.0
@backstage/plugin-auth-backend-module-gcp-iap-provider 0.2.12
@backstage/plugin-auth-backend-module-github-provider 0.1.14
@backstage/plugin-auth-backend-module-gitlab-provider 0.1.14
@backstage/plugin-auth-backend-module-google-provider 0.1.14
@backstage/plugin-auth-backend-module-guest-provider 0.1.3
@backstage/plugin-auth-backend-module-microsoft-provider 0.1.12
@backstage/plugin-auth-backend-module-oauth2-provider 0.1.14
@backstage/plugin-auth-backend-module-oauth2-proxy-provider 0.1.10
@backstage/plugin-auth-backend-module-oidc-provider 0.1.8
@backstage/plugin-auth-backend-module-okta-provider 0.0.10
@backstage/plugin-auth-backend 0.22.4
@backstage/plugin-auth-node 0.2.19, 0.4.12
@backstage/plugin-auth-react 0.1.1
@backstage/plugin-badges-backend 0.4.1
@backstage/plugin-badges 0.2.59
@backstage/plugin-catalog-backend-module-github-org 0.1.12
@backstage/plugin-catalog-backend-module-github 0.6.0
@backstage/plugin-catalog-backend-module-scaffolder-entity-model 0.1.15
@backstage/plugin-catalog-backend-module-unprocessed 0.4.4
@backstage/plugin-catalog-backend 1.21.1
@backstage/plugin-catalog-common 1.0.22
@backstage/plugin-catalog-graph 0.4.4
@backstage/plugin-catalog-import 0.10.10
@backstage/plugin-catalog-node 1.11.1
@backstage/plugin-catalog-react 1.11.3
@backstage/plugin-catalog-unprocessed-entities-common 0.0.1
@backstage/plugin-catalog-unprocessed-entities 0.2.3
@backstage/plugin-catalog 1.19.0
@backstage/plugin-cost-insights-common 0.1.3
@backstage/plugin-cost-insights 0.12.24
@backstage/plugin-devtools-backend 0.3.3
@backstage/plugin-devtools-common 0.1.9
@backstage/plugin-devtools 0.1.13
@backstage/plugin-entity-validation 0.1.20
@backstage/plugin-events-node 0.3.3
@backstage/plugin-explore-common 0.0.2, 0.0.3
@backstage/plugin-explore-react 0.0.38, 0.0.39
@backstage/plugin-explore 0.4.21
@backstage/plugin-github-actions 0.6.16
@backstage/plugin-github-issues 0.4.2
@backstage/plugin-github-pull-requests-board 0.2.1
@backstage/plugin-home-react 0.1.12
@backstage/plugin-home 0.7.3
@backstage/plugin-kubernetes-backend 0.17.0
@backstage/plugin-kubernetes-common 0.7.5
@backstage/plugin-kubernetes-node 0.1.11
@backstage/plugin-kubernetes-react 0.3.4
@backstage/plugin-kubernetes 0.11.9
@backstage/plugin-org 0.6.24
@backstage/plugin-permission-backend 0.5.41
@backstage/plugin-permission-common 0.7.13
@backstage/plugin-permission-node 0.7.28
@backstage/plugin-permission-react 0.4.22
@backstage/plugin-playlist-backend 0.3.22
@backstage/plugin-playlist-common 0.1.16
@backstage/plugin-playlist 0.2.9
@backstage/plugin-proxy-backend 0.4.15
@backstage/plugin-scaffolder-backend-module-azure 0.1.9
@backstage/plugin-scaffolder-backend-module-bitbucket-cloud 0.1.7
@backstage/plugin-scaffolder-backend-module-bitbucket-server 0.1.7
@backstage/plugin-scaffolder-backend-module-bitbucket 0.2.7
@backstage/plugin-scaffolder-backend-module-gerrit 0.1.9
@backstage/plugin-scaffolder-backend-module-gitea 0.1.7
@backstage/plugin-scaffolder-backend-module-github 0.2.7
@backstage/plugin-scaffolder-backend-module-gitlab 0.3.3
@backstage/plugin-scaffolder-backend 1.22.5
@backstage/plugin-scaffolder-common 1.5.1
@backstage/plugin-scaffolder-node 0.4.3
@backstage/plugin-scaffolder-react 1.8.4
@backstage/plugin-scaffolder 1.19.3
@backstage/plugin-search-backend-module-catalog 0.1.23
@backstage/plugin-search-backend-module-elasticsearch 1.4.0
@backstage/plugin-search-backend-module-pg 0.5.26
@backstage/plugin-search-backend-module-techdocs 0.1.22
@backstage/plugin-search-backend-node 1.2.21
@backstage/plugin-search-backend 1.5.7
@backstage/plugin-search-common 1.2.11
@backstage/plugin-search-react 1.7.10
@backstage/plugin-search 1.4.10
@backstage/plugin-shortcuts 0.3.24
@backstage/plugin-tech-insights-backend-module-jsonfc 0.1.50
@backstage/plugin-tech-insights-backend 0.5.32
@backstage/plugin-tech-insights-common 0.2.13
@backstage/plugin-tech-insights-node 0.6.1
@backstage/plugin-tech-insights 0.3.27
@backstage/plugin-tech-radar 0.7.4
@backstage/plugin-techdocs-addons-test-utils 1.0.31
@backstage/plugin-techdocs-backend 1.10.4
@backstage/plugin-techdocs-module-addons-contrib 1.1.9
@backstage/plugin-techdocs-node 1.12.3
@backstage/plugin-techdocs-react 1.2.3
@backstage/plugin-techdocs 1.10.4
@backstage/plugin-todo-backend 0.3.17
@backstage/plugin-todo 0.2.39
@backstage/plugin-user-settings 0.8.5
@backstage/release-manifests 0.0.11
@backstage/repo-tools 0.8.0
@backstage/test-utils 1.5.4
@backstage/theme 0.2.19, 0.5.3
@backstage/types 1.1.1
@backstage/version-bridge 1.0.8
✨ Done in 4.37s.
👀 Have you spent some time to check if this bug has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
None
The text was updated successfully, but these errors were encountered: