12 replies

Gitlab git functionality not working after token refresh after workspace is created

Hey all,

I'm using Gitlab external auth for my git functionality currently. The GIT_ASKPASS interraction works just fine when I create a new workspace, but after ~12h or so (seemingly this line up with the tokens expiration + renewal but I'm not positive) I start seeing the folowing error:

remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'MY_REPO'

remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'MY_REPO'

This is strange, as if I run

coder external-auth access-token gitlab

coder external-auth access-token gitlab

within that workspace the token it produces works with git if I simply set the user to

oauth2

oauth2

and the the password to that token in my git repo using

git remote set-url origin https://oauth2:MY_TOKEN@MY_REPO

git remote set-url origin https://oauth2:MY_TOKEN@MY_REPO

, but ofc once the token refreshes that no longer works. I'm not doing any of that on the workspace startup, but I am setting

GIT_USERNAME

GIT_USERNAME

and

GIT_PASSWORD

GIT_PASSWORD

since I'm using

envbuilder

envbuilder

: the git actions work during build with those and, once the workspace is created, I see no GIT-related environment variables other than those I'd expect with a vanilla configuration:

$ env | grep GIT
GIT_SSH_COMMAND=/tmp/coder.X2w8uz/coder gitssh --
GIT_COMMITTER_NAME=removed
GIT_ASKPASS=/tmp/coder.X2w8uz/coder
GIT_AUTHOR_EMAIL=removed
GIT_COMMITTER_EMAIL=removed
GIT_AUTHOR_NAME=removed

$ env | grep GIT
GIT_SSH_COMMAND=/tmp/coder.X2w8uz/coder gitssh --
GIT_COMMITTER_NAME=removed
GIT_ASKPASS=/tmp/coder.X2w8uz/coder
GIT_AUTHOR_EMAIL=removed
GIT_COMMITTER_EMAIL=removed
GIT_AUTHOR_NAME=removed

Any ideas?

Solution

This has been resolved in
https://github.com/coder/envbuilder/pull/141

GitHub

fix: do not inject GIT_USERNAME and GIT_PASSWORD into git clone URL...

Fixes #126
We had been writing the GIT_USERNAME and GIT_PASSWORD into the git auth URL as well as setting basic HTTP auth credentials.
This causes GIT_USERNAME and GIT_PASSWORD to be present in the...

Jump to solution

Coder.com•2y ago•

12 replies

mark

Gitlab git functionality not working after token refresh after workspace is created

remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'MY_REPO'

remote: HTTP Basic: Access denied. The provided password or token is incorrect or your account has 2FA enabled and you must use a personal access token instead of a password. See https://gitlab.com/help/topics/git/troubleshooting_git#error-on-git-fetch-http-basic-access-denied
fatal: Authentication failed for 'MY_REPO'

This is strange, as if I run

coder external-auth access-token gitlab

coder external-auth access-token gitlab

within that workspace the token it produces works with git if I simply set the user to

oauth2

oauth2

and the the password to that token in my git repo using

git remote set-url origin https://oauth2:MY_TOKEN@MY_REPO

git remote set-url origin https://oauth2:MY_TOKEN@MY_REPO

, but ofc once the token refreshes that no longer works. I'm not doing any of that on the workspace startup, but I am setting

GIT_USERNAME

GIT_USERNAME

and

GIT_PASSWORD

GIT_PASSWORD

since I'm using

envbuilder

envbuilder

: the git actions work during build with those and, once the workspace is created, I see no GIT-related environment variables other than those I'd expect with a vanilla configuration:

$ env | grep GIT
GIT_SSH_COMMAND=/tmp/coder.X2w8uz/coder gitssh --
GIT_COMMITTER_NAME=removed
GIT_ASKPASS=/tmp/coder.X2w8uz/coder
GIT_AUTHOR_EMAIL=removed
GIT_COMMITTER_EMAIL=removed
GIT_AUTHOR_NAME=removed

$ env | grep GIT
GIT_SSH_COMMAND=/tmp/coder.X2w8uz/coder gitssh --
GIT_COMMITTER_NAME=removed
GIT_ASKPASS=/tmp/coder.X2w8uz/coder
GIT_AUTHOR_EMAIL=removed
GIT_COMMITTER_EMAIL=removed
GIT_AUTHOR_NAME=removed

Any ideas?

Solution

This has been resolved in
https://github.com/coder/envbuilder/pull/141

GitHub

fix: do not inject GIT_USERNAME and GIT_PASSWORD into git clone URL...

Jump to solution

Gitlab git functionality not working after token refresh after workspace is created

Gitlab git functionality not working after token refresh after workspace is created

Similar Threads

Similar Threads

Similar Threads