You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When re-syncing an OCI repository after a change, I noticed (while testing other code) that the sync job would fail with a 401 unauthorized as it attempts a public (no creds) HEAD for the Bitnami Application Catalog specific charts-index manifest. This is not happening when the repo is first added (the sync works fine), but only when updating/editing the repo.
The request in question is simply to test if the charts-index is available and should not be resulting in a failure if not (though we should also be ensuring that we use the credentials with the request).
To Reproduce
Steps to reproduce the behavior:
Add an OCI repository refering to a Harbor instance
Verify the successful sync
Edit the OCI repository, changing something trivial (description)
Check the logs of the new sync job
Expected behavior
New sync should also be successful. In reality, it fails as shown below.
Screenshots
I1027 01:06:42.036792 1 root.go:32] "The component 'asset-syncer' has been configured with" serverOptions={"DatabaseURL":"kubeapps-postgresql:5432","DatabaseName":"assets","DatabaseUser":"postgres","DatabasePassword":"REDACTED","Debug":false,"Namespace":"kubeapps","OciRepositories":[],"TlsInsecureSkipVerify":false,"FilterRules":"","PassCredentials":false,"UserAgent":"asset-syncer/ (kubeapps/DEVEL)","UserAgentComment":"kubeapps/DEVEL","GlobalPackagingNamespace":"kubeapps","KubeappsNamespace":"","AuthorizationHeader":"Basic **********","DockerConfigJson":"","OCICatalogURL":""}
I1027 01:06:42.100250 1 sync.go:90] Current checksum: "1bc64ddaa680f3f70b865674f2bee9ffb2ceb33342ad9f3062d127d00637c8ee". Previous checksum: "c6ef7f88750f44776ed186dcd31de21a54c160cbb587d93c953e7be6f6b0d6fb"
I1027 01:06:42.101197 1 utils.go:962] Starting 10 file importer workers
I1027 01:06:42.101235 1 utils.go:505] Getting tag https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest
I1027 01:06:43.358801 1 utils.go:584] Unable to find VAC index: GET request to [https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository"}]}
and oci-catalog service not configured
Error: error: GET request to [https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository"}]}
Usage:
asset-syncer sync [REPO NAME] [REPO URL] [REPO TYPE] [flags]
Flags:
-h, --help help for sync
--oci-repositories strings List of OCI Repositories in case the type is OCI
--version version for sync
Global Flags:
--add_dir_header If true, adds the file directory to the header of the log messages
--alsologtostderr log to standard error as well as files (no effect when -logtostderr=true)
--database-name string Name of the database to use (default "charts")
--database-url string Database URL (default "localhost:5432")
--database-user string Database user
--debug verbose logging
--filter-rules string JSON blob with the rules to filter assets
--global-repos-namespace string Namespace for global repos (default "kubeapps")
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory (no effect when -logtostderr=true)
--log_file string If non-empty, use this log file (no effect when -logtostderr=true)
--log_file_max_size uint Defines the maximum size a log file can grow to (no effect when -logtostderr=true). Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
--logtostderr log to standard error instead of files (default true)
--namespace string Namespace of the repository being synced
--one_output If true, only write logs to their native severity level (vs also writing to each lower severity level; no effect when -logtostderr=true)
--pass-credentials pass credentials to all domains
--skip_headers If true, avoid header prefixes in the log messages
--skip_log_headers If true, avoid headers when opening log files (no effect when -logtostderr=true)
--stderrthreshold severity logs at or above this threshold go to stderr when writing to files and stderr (no effect when -logtostderr=true or -alsologtostderr=false) (default 2)
--tls-insecure-skip-verify Skip TLS verification
--user-agent-comment string UserAgent comment used during outbound requests
-v, --v Level number for the log level verbosity (default 4)
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging
Error: error: GET request to [https://demo.goharbor.io/v2/kubeapps-test/charts-index/manifests/latest] failed due to status [401]: {"errors":[{"code":"UNAUTHORIZED","message":"authorize header needed to send HEAD to repository: authorize header needed to send HEAD to repository"}]}
The text was updated successfully, but these errors were encountered:
Describe the bug
When re-syncing an OCI repository after a change, I noticed (while testing other code) that the sync job would fail with a 401 unauthorized as it attempts a public (no creds) HEAD for the Bitnami Application Catalog specific charts-index manifest. This is not happening when the repo is first added (the sync works fine), but only when updating/editing the repo.
The request in question is simply to test if the charts-index is available and should not be resulting in a failure if not (though we should also be ensuring that we use the credentials with the request).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
New sync should also be successful. In reality, it fails as shown below.
Screenshots
The text was updated successfully, but these errors were encountered: