intellij icon indicating copy to clipboard operation
intellij copied to clipboard

Published 20 hours ago verified publisher icon bazelbuild

Bazel Intellij Plugin failed to use SSH agent forwarding when running remotely through Jetbrains Gateway

Open kevinh-canva opened this issue 2 years ago • 3 comments

Description of the bug:

When I tried to SSH to a remote host via Jetbrains Gateway (already enabling SSH agent forwarding (ForwardAgent=yes in ~/.ssh/config), then open the Bazel workspace, if the WORKSPACE file has a git_repository rule to fetch the external repo via SSH, it failed to fetch the repository.

This is unexpected, because with SSH agent forwarding enabled, bazel-spawned git process should have known to use the necessary credentials. This error is definitely with the plugin, because if we run bazel info/sync/fetch //... on the terminal then SSH agent forwarding works correctly, and the external repo is successfully pulled down. It showed a prompt like this

image

This is instead the error logs that we got

Updating VCS...
Command: bazel info --tool_tag=ijwb:IDEA:ultimate --curses=no --color=yes --progress_in_terminal_title=no --
Running Bazel info...
Command: git diff --name-status --no-renames ${someCommit}
Starting local Bazel server and connecting to it...
INFO: Invocation ID: a6e38150-2594-4c23-8058-f940a4e03571
WARNING: info command does not support starlark options. Ignoring options: [--@io_bazel_rules_go//go/config:pure=true, --@bazel_tools//tools/build_defs/pkg:incompatible_no_build_defs_pkg=true]
INFO: Repository my_repo_name instantiated at:
  /home/kevinh/work/infrastructure4/WORKSPACE:594:15: in <toplevel>
Repository rule git_repository defined at:
  /home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git.bzl:199:33: in <toplevel>
ERROR: An error occurred during the fetch of repository 'my_repo_name':
   Traceback (most recent call last):
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git.bzl", line 181, column 30, in _git_repository_implementation
		update = _clone_or_update(ctx)
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git.bzl", line 36, column 20, in _clone_or_update
		git_ = git_repo(ctx, directory)
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git_worker.bzl", line 91, column 12, in git_repo
		_update(ctx, git_repo)
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git_worker.bzl", line 103, column 10, in _update
		fetch(ctx, git_repo)
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git_worker.bzl", line 136, column 13, in fetch
		_git(
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git_worker.bzl", line 169, column 15, in _git
		_error(ctx.name, start + list(args), st.stderr)
	File "/home/kevinh/.cache/bazel/_bazel_kevinh/${repoHash}/external/bazel_tools/tools/build_defs/repo/git_worker.bzl", line 190, column 9, in _error
		fail("error running '%s' while working with @%s:\n%s" % (command_text, name, stderr))
Error in fail: error running 'git fetch origin refs/heads/*:refs/remotes/origin/* refs/tags/*:refs/tags/*' while working with @my_repo_name:
org-${orgId}@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

What's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.

  • Create a simple repository with a WORKSPACE containing a git_repository rule.
  • The git_repository remote should be in SSH format.
  • Clone the above repository in a remote host
  • Connects to this remote host via SSH via Jetbrains Gateway (make sure to add ForwardAgent=yes to the host's config in ~/.ssh/config)
  • Observe that the initial (or any further attempts) to sync using the UI failed with the above error. Additionally, the project tab on the LHS is not populated so you can't see any files in your repo.

Which Intellij IDE are you using? Please provide the specific version.

JetBrains Client 2023.1.3

What programming languages and tools are you using? Please provide specific versions.

N/A

What Bazel plugin version are you using?

bundled 2023.05.30.0.1-api-version-231

Have you found anything relevant by searching the web?

Not really

Any other information, logs, or outputs that you want to share?

The idea.log (found in ~/.cache/JetBrains/RemoteDev-IU/_home_kevinh_work_infrastructure4/log/idea.log shows that the SSH agent forwarding seems to work as expected

2023-07-10 18:13:22,600 [  14412]   INFO - #c.j.r.s.SshAgentSocketService - Controller connected. Starting SshAgentForwarder. Socket to reuse: 'null'
2023-07-10 18:13:22,604 [  14416]   INFO - #c.j.r.p.c.s.SshAgentForwarder - Binding unix socket to address /tmp/${socket_id}
....
2023-07-10 18:18:08,214 [ 300026]   INFO - #c.j.r.t.SshAgentForwardingTerminalEnvCustomizer - Agent forwarder is active. Pass SSH_AUTH_SOCK=/tmp/${socket_id} into VCS environment

This log that I found in ~/.cache/JetBrains/RemoteDev-IU/_home_kevinh_work_infrastructure4/log/stderr.log might be relevant to why the sync failed:

2023-07-10 18:13:34,056 [  25868] SEVERE - #com.google.idea.blaze.base.async.FutureUtil - com.google.idea.blaze.base.command.info.BlazeInfoException: Blaze info failed with exit code 1:
Stdout: java.io.FileOutputStream@58f961fe
Stderr: com.google.idea.blaze.base.async.process.LineProcessingOutputStream@5a2186a8
java.util.concurrent.ExecutionException: com.google.idea.blaze.base.command.info.BlazeInfoException: Blaze info failed with exit code 1:
Stdout: java.io.FileOutputStream@58f961fe
Stderr: com.google.idea.blaze.base.async.process.LineProcessingOutputStream@5a2186a8
	at com.google.common.util.concurrent.AbstractFuture.getDoneValue(AbstractFuture.java:588)
	at com.google.common.util.concurrent.AbstractFuture.get(AbstractFuture.java:567)
	at com.google.common.util.concurrent.FluentFuture$TrustedFuture.get(FluentFuture.java:91)
	at com.google.idea.blaze.base.async.FutureUtil$Builder.lambda$run$0(FutureUtil.java:109)
	at com.google.idea.blaze.base.scope.Scope.push(Scope.java:40)
	at com.google.idea.blaze.base.async.FutureUtil$Builder.run(FutureUtil.java:99)
	at com.google.idea.blaze.base.sync.ProjectStateSyncTask.getProjectState(ProjectStateSyncTask.java:135)
	at com.google.idea.blaze.base.sync.ProjectStateSyncTask.collectProjectState(ProjectStateSyncTask.java:67)
	at com.google.idea.blaze.base.sync.BlazeSyncManager.lambda$requestProjectSync$1(BlazeSyncManager.java:158)
	at com.google.idea.blaze.base.scope.Scope.push(Scope.java:57)
	at com.google.idea.blaze.base.scope.Scope.root(Scope.java:33)
	at com.google.idea.blaze.base.sync.BlazeSyncManager.lambda$requestProjectSync$2(BlazeSyncManager.java:130)
	at com.google.idea.blaze.base.async.executor.ProgressiveTaskWithProgressIndicator.lambda$submitTask$0(ProgressiveTaskWithProgressIndicator.java:83)
	at com.google.idea.blaze.base.async.executor.ProgressiveTaskWithProgressIndicator.lambda$submitTaskWithResult$4(ProgressiveTaskWithProgressIndicator.java:131)
	at com.intellij.openapi.progress.ProgressManager.lambda$runProcess$1(ProgressManager.java:70)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
	at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
	at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
	at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
	at com.intellij.openapi.progress.ProgressManager.runProcess(ProgressManager.java:70)
	at com.google.idea.blaze.base.async.executor.ProgressiveTaskWithProgressIndicator.lambda$submitTaskWithResult$5(ProgressiveTaskWithProgressIndicator.java:131)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:74)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
	at com.intellij.util.concurrency.BoundedTaskExecutor.doRun(BoundedTaskExecutor.java:248)
	at com.intellij.util.concurrency.BoundedTaskExecutor.access$200(BoundedTaskExecutor.java:28)
	at com.intellij.util.concurrency.BoundedTaskExecutor$1.executeFirstTaskAndHelpQueue(BoundedTaskExecutor.java:221)
	at com.intellij.util.ConcurrencyUtil.runUnderThreadName(ConcurrencyUtil.java:227)
	at com.intellij.util.concurrency.BoundedTaskExecutor$1.run(BoundedTaskExecutor.java:210)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: com.google.idea.blaze.base.command.info.BlazeInfoException: Blaze info failed with exit code 1:
Stdout: java.io.FileOutputStream@58f961fe
Stderr: com.google.idea.blaze.base.async.process.LineProcessingOutputStream@5a2186a8
	at com.google.idea.blaze.base.command.CommandLineBlazeCommandRunner.runBlazeInfo(CommandLineBlazeCommandRunner.java:156)
	at com.google.idea.blaze.base.command.info.BlazeInfoRunnerImpl.lambda$runBlazeInfoGetBytes$0(BlazeInfoRunnerImpl.java:53)
	... 15 more
2023-07-10 18:13:34,058 [  25870] SEVERE - #com.google.idea.blaze.base.async.FutureUtil - IntelliJ IDEA 2023.1.3  Build #IU-231.9161.38
2023-07-10 18:13:34,058 [  25870] SEVERE - #com.google.idea.blaze.base.async.FutureUtil - JDK: 17.0.7; VM: OpenJDK 64-Bit Server VM; Vendor: JetBrains s.r.o.
2023-07-10 18:13:34,059 [  25871] SEVERE - #com.google.idea.blaze.base.async.FutureUtil - OS: Linux
2023-07-10 18:13:34,066 [  25878]   INFO - #com.google.idea.blaze.base.scope.scopes.TimingScope - ==== TIMING REPORT ====
2023-07-10 18:13:34,066 [  25878]   INFO - #com.google.idea.blaze.base.scope.scopes.TimingScope - BazelInfo: 14.5s
2023-07-10 18:13:34,067 [  25879] SEVERE - #com.google.idea.blaze.base.scope.Scope - com.google.idea.blaze.base.sync.SyncScope$SyncFailedException
com.google.common.base.VerifyException: com.google.idea.blaze.base.sync.SyncScope$SyncFailedException
	at com.google.idea.blaze.base.sync.BlazeSyncManager.lambda$requestProjectSync$1(BlazeSyncManager.java:168)
	at com.google.idea.blaze.base.scope.Scope.push(Scope.java:57)
	at com.google.idea.blaze.base.scope.Scope.root(Scope.java:33)
	at com.google.idea.blaze.base.sync.BlazeSyncManager.lambda$requestProjectSync$2(BlazeSyncManager.java:130)
	at com.google.idea.blaze.base.async.executor.ProgressiveTaskWithProgressIndicator.lambda$submitTask$0(ProgressiveTaskWithProgressIndicator.java:83)
	at com.google.idea.blaze.base.async.executor.ProgressiveTaskWithProgressIndicator.lambda$submitTaskWithResult$4(ProgressiveTaskWithProgressIndicator.java:131)
	at com.intellij.openapi.progress.ProgressManager.lambda$runProcess$1(ProgressManager.java:70)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$runProcess$2(CoreProgressManager.java:186)
	at com.intellij.openapi.progress.impl.CoreProgressManager.lambda$executeProcessUnderProgress$13(CoreProgressManager.java:604)
	at com.intellij.openapi.progress.impl.CoreProgressManager.registerIndicatorAndRun(CoreProgressManager.java:679)
	at com.intellij.openapi.progress.impl.CoreProgressManager.computeUnderProgress(CoreProgressManager.java:635)
	at com.intellij.openapi.progress.impl.CoreProgressManager.executeProcessUnderProgress(CoreProgressManager.java:603)
	at com.intellij.openapi.progress.impl.ProgressManagerImpl.executeProcessUnderProgress(ProgressManagerImpl.java:60)
	at com.intellij.openapi.progress.impl.CoreProgressManager.runProcess(CoreProgressManager.java:173)
	at com.intellij.openapi.progress.ProgressManager.runProcess(ProgressManager.java:70)
	at com.google.idea.blaze.base.async.executor.ProgressiveTaskWithProgressIndicator.lambda$submitTaskWithResult$5(ProgressiveTaskWithProgressIndicator.java:131)
	at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
	at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:74)
	at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
	at com.intellij.util.concurrency.BoundedTaskExecutor.doRun(BoundedTaskExecutor.java:248)
	at com.intellij.util.concurrency.BoundedTaskExecutor.access$200(BoundedTaskExecutor.java:28)
	at com.intellij.util.concurrency.BoundedTaskExecutor$1.executeFirstTaskAndHelpQueue(BoundedTaskExecutor.java:221)
	at com.intellij.util.ConcurrencyUtil.runUnderThreadName(ConcurrencyUtil.java:227)
	at com.intellij.util.concurrency.BoundedTaskExecutor$1.run(BoundedTaskExecutor.java:210)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:702)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1$1.run(Executors.java:699)
	at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
	at java.base/java.util.concurrent.Executors$PrivilegedThreadFactory$1.run(Executors.java:699)
	at java.base/java.lang.Thread.run(Thread.java:833)
Caused by: com.google.idea.blaze.base.sync.SyncScope$SyncFailedException
	at com.google.idea.blaze.base.sync.ProjectStateSyncTask.getProjectState(ProjectStateSyncTask.java:138)
	at com.google.idea.blaze.base.sync.ProjectStateSyncTask.collectProjectState(ProjectStateSyncTask.java:67)
	at com.google.idea.blaze.base.sync.BlazeSyncManager.lambda$requestProjectSync$1(BlazeSyncManager.java:158)
	... 30 more

kevinh-canva avatar Jul 10 '23 10:07 kevinh-canva

This is still an issue in recent versions of IJ and the Bazel plugin. Any updates @liucijus?

sfc-gh-abalik avatar Feb 21 '24 23:02 sfc-gh-abalik

Any update on this? This is blocking our adoption of remote development with intellij and due to this our org is leaning towards preferring vscode over intellij as the recommended tool to use given that the killer feature of bazel integration does not work with intellij remote.

tgeng avatar Apr 10 '24 05:04 tgeng