I am trying to login to ECR from aws codebuild. Buit is says Cannot perform an interactive login from a non TTY device. I have attached AmazonEC2ContainerRegistryFullAccess and AmazonEC2ContainerRegistryPowerUser policy with the service role of codebuild. Still it says
"An error occurred (UnrecognizedClientException) when calling the GetAuthorizationToken operation: The security token included in the request is invalid.
Error: Cannot perform an interactive login from a non TTY device"
I am trying to implement CI/CD using AWS pipeline. On codebuild am trying to build docker image and push it to ECR.
Related
Minio is configured with LDAP and am generating credentials of user
with AssumeRoleWithLDAPIdentity using STS API (reference)
From above values, I'm setting the variables AWS_ACCESS_KEY, AWS_SECRET_KEY, AWS_SESSION_TOKEN (reference)
I'm getting error when am trying to push model to mlflow to store in minio artifact
S3UploadFailedError: Failed to upload /tmp/tmph68xubhm/model/MLmodel to mlflow/1/xyz/artifacts/model/MLmodel: An error occurred (InvalidTokenId) when calling the PutObject operation: The security token included in the request is invalid
Below is the error coming while creating a cluster:
(gcloud.container.clusters.create) ResponseError: code=403, message=Request had insufficient authentication
scopes
Check the IAM roles for the "Compute Engine default service account" and make sure it has enough permission to run the command [2]. Usually it would have an owner or editor role.
If you are on the Google Cloud Console, when creating an instance you need to look for the 'Identity and API access' section, and select 'Allow full access to all Cloud APIs' [1]
[1]https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances?hl=en_US&_ga=2.168486115.-390700867.1538154355
[2]https://cloud.google.com/iam/docs/granting-roles-to-service-accounts
I am using Docker to run containers for an app that uses Angular, Identity Server, and an API(using a Compose.yml file to run them all together).
The API is responsible for returning database info, based on the user logged in through Identity Server. Locally, the API returns the user info after login without any issues. However, when I use Docker to run the app, the user can login but not have their db info returned to the angular page. I checked the logs for the API container, and am receiving the following errors:
fail: Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler[3]
fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
So it appears to me that there is an issue with the API receiving the token. I only see these error messages after I login through ID server. The ID server container logs do not display any errors before or after I login.
Can someone help me resolve this issue?
In my work I give support to users, and the following problem has been sent to me.
Logs Jenkins: (Automated tests that run in the night)
[HttpAuthenticationRequestFilter$UPDCredentialsProvider] Domain
request authentication with the realm 'dolmen'
Logs Server:
23/01/2018 01:28:25.637 [http-thread-pool-8080(15)] WARN java.util.logging.Logger.doLog WEB9102: Web Login Failed:
com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Security Exception
23/01/2018 01:28:25.646 [http-thread-pool-8080(29)] ERROR java.util.logging.Logger.doLog jdbcrealm.invaliduserreason
Via asadmin I've checked that the realm dolmen exists
asadmin> list-auth-realms
Authentication failed with password from login store: /root/.asadminpass
Enter admin password for user "admin">
admin-realm
file
certificate
dolmen
pnf-realm
Command list-auth-realms executed successfully.
asadmin>
What could be the problem?
UPDATE 1)
I was able to reproduce the error in SOAPUI. During the call to the web service, I noticed that if I change a letter in the login user or password, I can see the error message : " request authentication with the realm 'dolmen'"
Log SOAPUI:
But as you can see, in the image "Log SOAPUI:" I also have a HTTP 401.
In SoapUI Preferences, I notice that the option "Authenticate Preemptively" was disable. After enable the option "Authenticate Preemptively" I was able to finish a test in my local machine without error.
In the machine where Jenkins is installed (Where the Automated tests run in the night), I notice that the file soapui-preferences.xml does not exist. So maybe the solution for the problem is here.
I'm waiting for a time frame to be able to test without impacting testers.
I will keep you posted.
UPDATE 2)
To get rid of this problem I've rebuild my glassfish domain.
I have set anonymous access enabled for the read operations in the docker. But when I try to pull an image from the repository it asks for an authentication password.
What is the correct way to set anonymous read access to the docker repository ? I have followed this documentation
https://www.jfrog.com/confluence/display/RTF/Managing+Permissions
Following is the error
Error response from daemon: Get https://my-repo/v2/nginx/manifests/latest: unknown: Unauthorized