tapir icon indicating copy to clipboard operation
tapir copied to clipboard
verified publisher icon PacoVK

Question about deploy keys

Open georgegil opened this issue 10 months ago • 4 comments

Is there a way to have more verbose debugging?

I am PoC'ing Tapir, and unable to upload a module.

i've got the deploy key scoped to the test namespace, and attempting to upload it with this command

curl -XPOST -H 'x-api-key: 4v5eupdxxx' --fail-with-body -F "[email protected]" "https://xxxx.eu-west-1.awsapprunner.com/terraform/modules/v1/test/vnet/azurerm/1.0.0

but response is 401

curl: (22) The requested URL returned error: 401

what am I missing?

georgegil avatar Feb 21 '25 16:02 georgegil

@georgegil you should be able to see more in Tapirs logs. You can increase log verbosity by setting the environment variable QUARKUS_LOG_LEVEL=DEBUG

Maybe you can share some of the logs

PacoVK avatar Feb 23 '25 11:02 PacoVK

happy yo share logs, i can't see anything untoward..

02-24-2025 11:26:26 AM 2025-02-24 11:26:26,275 DEBUG [sof.ama.aws.cor.int.ExecutionInterceptorChain] (vert.x-eventloop-thread-0) Creating an interceptor chain that will apply interceptors in the following order: [software.amazon.awssdk.core.internal.interceptor.HttpChecksumValidationInterceptor@21f50d2c, software.amazon.awssdk.awscore.interceptor.HelpfulUnknownHostExceptionInterceptor@8bc0696, software.amazon.awssdk.awscore.eventstream.EventStreamInitialRequestInterceptor@473847fb, software.amazon.awssdk.awscore.interceptor.TraceIdExecutionInterceptor@270f28cf, software.amazon.awssdk.services.dynamodb.auth.scheme.internal.DynamoDbAuthSchemeInterceptor@2e1add6f, software.amazon.awssdk.services.dynamodb.endpoints.internal.DynamoDbResolveEndpointInterceptor@467af68c, software.amazon.awssdk.services.dynamodb.endpoints.internal.DynamoDbRequestSetEndpointInterceptor@43786627, software.amazon.awssdk.enhanced.dynamodb.internal.ApplyUserAgentInterceptor@1d6f77d7]
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,277 DEBUG [sof.ama.aws.cor.int.ExecutionInterceptorChain] (vert.x-eventloop-thread-0) Interceptor 'software.amazon.awssdk.enhanced.dynamodb.internal.ApplyUserAgentInterceptor@1d6f77d7' modified the message with its modifyRequest method.
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,279 DEBUG [sof.ama.aws.cor.int.ExecutionInterceptorChain] (vert.x-eventloop-thread-0) Interceptor 'software.amazon.awssdk.services.dynamodb.endpoints.internal.DynamoDbRequestSetEndpointInterceptor@43786627' modified the message with its modifyHttpRequest method.
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,280 DEBUG [sof.ama.aws.ret.LegacyRetryStrategy] (vert.x-eventloop-thread-0) Request attempt 1 token acquired (backoff: 0ms, cost: 0, capacity: 500/500)
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,280 DEBUG [sof.ama.aws.request] (vert.x-eventloop-thread-0) Sending Request: DefaultSdkHttpFullRequest(httpMethod=POST, protocol=https, host=dynamodb.eu-west-1.amazonaws.com, encodedPath=/, headers=[amz-sdk-invocation-id, Content-Length, Content-Type, User-Agent, X-Amz-Target], queryParameters=[])
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,280 DEBUG [sof.ama.aws.cor.int.htt.pip.sta.SigningStage] (vert.x-eventloop-thread-0) Using SelectedAuthScheme: aws.auth#sigv4
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,282 DEBUG [sof.ama.aws.cor.int.io.SdkLengthAwareInputStream] (vert.x-eventloop-thread-0) Specified InputStream length of 226 has been reached. Returning EOF.
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,282 DEBUG [sof.ama.aws.htt.aut.aws.int.sig.DefaultV4RequestSigner] (vert.x-eventloop-thread-0) AWS4 Canonical Request: POST
02-24-2025 11:26:26 AM /
02-24-2025 11:26:26 AM amz-sdk-invocation-id:72dc9b36-7e3e-700e-6994-9629e3ce6795
02-24-2025 11:26:26 AM amz-sdk-request:attempt=1; max=9
02-24-2025 11:26:26 AM content-length:226
02-24-2025 11:26:26 AM content-type:application/x-amz-json-1.0
02-24-2025 11:26:26 AM host:dynamodb.eu-west-1.amazonaws.com
02-24-2025 11:26:26 AM x-amz-content-sha256:90cb22bbb03beeeeecfebf308e46c8b6f9001e3660cb54a5a11cbf72e49fb805
02-24-2025 11:26:26 AM x-amz-date:20250224T112626Z
02-24-2025 11:26:26 AM x-amz-security-token:IQoJb3JpZ2luX2VjEPT///xxxpxxx
02-24-2025 11:26:26 AM x-amz-target:DynamoDB_20120810.Scan
02-24-2025 11:26:26 AM amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-target
02-24-2025 11:26:26 AM 90cb22bbb03beeeeecfebf308e46c8b6f9001e3660cb54a5a11cbf72e49fb805
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,282 DEBUG [sof.ama.aws.htt.aut.aws.int.sig.DefaultV4RequestSigner] (vert.x-eventloop-thread-0) AWS4 Canonical Request Hash: 75499b0c5944581802ce49828debe0558552716530e4737b85907c3532cdbf6b
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,282 DEBUG [sof.ama.aws.htt.aut.aws.int.sig.DefaultV4RequestSigner] (vert.x-eventloop-thread-0) AWS4 String to sign: AWS4-HMAC-SHA256
02-24-2025 11:26:26 AM 20250224T112626Z
02-24-2025 11:26:26 AM 20250224/eu-west-1/dynamodb/aws4_request
02-24-2025 11:26:26 AM 75499b0c5944581802ce49828debe0558552716530e4737b85907c3532cdbf6b
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,297 DEBUG [jdk.eve.security] (vert.x-eventloop-thread-0) X509Certificate: Alg:SHA256withRSA, Serial:0b:c1:d8:57:0a:1b:26:9a:49:17:b0:30:e6:ae:05:e1, Subject:CN=dynamodb.eu-west-1.amazonaws.com, Issuer:CN=Amazon RSA 2048 M01, O=Amazon, C=US, Key type:RSA, Length:2048, Cert Id:2470952172, Valid from:11/19/24, 12:00 AM, Valid until:11/15/25, 11:59 PM
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,297 DEBUG [jdk.eve.security] (vert.x-eventloop-thread-0) X509Certificate: Alg:SHA256withRSA, Serial:07:73:12:38:0b:9d:66:88:a3:3b:1e:d9:bf:9c:cd:a6:8e:0e:0f, Subject:CN=Amazon RSA 2048 M01, O=Amazon, C=US, Issuer:CN=Amazon Root CA 1, O=Amazon, C=US, Key type:RSA, Length:2048, Cert Id:2438124516, Valid from:8/23/22, 10:21 PM, Valid until:8/23/30, 10:21 PM
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,297 DEBUG [jdk.eve.security] (vert.x-eventloop-thread-0) X509Certificate: Alg:SHA256withRSA, Serial:06:7f:94:4a:2a:27:cd:f3:fa:c2:ae:2b:01:f9:08:ee:b9:c4:c6, Subject:CN=Amazon Root CA 1, O=Amazon, C=US, Issuer:CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, Key type:RSA, Length:2048, Cert Id:668791387, Valid from:5/25/15, 12:00 PM, Valid until:12/31/37, 1:00 AM
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,298 DEBUG [jdk.eve.security] (vert.x-eventloop-thread-0) X509Certificate: Alg:SHA256withRSA, Serial:00:a7:0e:4a:4c:34:82:b7:7f, Subject:CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, Issuer:OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US, Key type:RSA, Length:2048, Cert Id:1766010387, Valid from:9/2/09, 12:00 AM, Valid until:6/28/34, 5:39 PM
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,299 DEBUG [jdk.eve.security] (vert.x-eventloop-thread-0) ValidationChain: 2822522334, 2438124516, 2470952172
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,302 DEBUG [jdk.eve.security] (vert.x-eventloop-thread-0)  TLSHandshake: dynamodb.eu-west-1.amazonaws.com:443, TLSv1.3, TLS_AES_256_GCM_SHA384, 2470952172
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,302 DEBUG [sun.net.www.pro.htt.HttpURLConnection] (vert.x-eventloop-thread-0) sun.net.www.MessageHeader@6e10d9114 pairs: {POST / HTTP/1.1: null}{amz-sdk-invocation-id: 72dc9b36-7e3e-700e-6994-9629e3ce6795}{amz-sdk-request: attempt=1; max=9}{Authorization: AWS4-HMAC-SHA256 Credential=ASIAT/eu-west-1/dynamodb/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date;x-amz-security-token;x-amz-target, Signature=3ace65ceacf218ae1a491ee39a0d7e7db09cdac896bb933ec19f9de7a7316421}{Content-Type: application/x-amz-json-1.0}{User-Agent: aws-sdk-java/2.29.14 md/io#sync md/http#UrlConnection ua/2.1 os/Linux#5.10.233-224.894.amzn2.x86_64 lang/java#21.0.6 md/OpenJDK_64-Bit_Server_VM#21.0.6+7-LTS md/vendor#Amazon.com_Inc. md/en_US exec-env/AWS_ECS_FARGATE cfg/auth-source#cont m/D,T,P,C,d}{x-amz-content-sha256: 90cb22bbb03beeeeecfebf308e46c8b6f9001e3660cb54a5a11cbf72e49fb805}{X-Amz-Date: 20250224T112626Z}{X-Amz-Security-Token: IQoJb3JpZ2luX2VjEPT//////////xxx}{X-Amz-Target: DynamoDB_20120810.Scan}{Accept: */*}{Host: dynamodb.eu-west-1.amazonaws.com}{Connection: keep-alive}{Content-Length: 226}
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,303 DEBUG [sof.ama.aws.cor.int.io.SdkLengthAwareInputStream] (vert.x-eventloop-thread-0) Specified InputStream length of 226 has been reached. Returning EOF.
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,323 DEBUG [sun.net.www.pro.htt.HttpURLConnection] (vert.x-eventloop-thread-0) sun.net.www.MessageHeader@54e8a7ff8 pairs: {null: HTTP/1.1 200 OK}{Server: Server}{Date: Mon, 24 Feb 2025 11:26:26 GMT}{Content-Type: application/x-amz-json-1.0}{Content-Length: 205}{Connection: keep-alive}{x-amzn-RequestId: SHB794RHRFQAJSAQPGG2MOQCHVVV4KQNSO5AEMVJF66Q9ASUAAJG}{x-amz-crc32: 2380333799}
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,324 DEBUG [sof.ama.aws.requestId] (vert.x-eventloop-thread-0) Received successful response: 200, Request ID: SHB794RHRFQAJSAQPGG2MOQCHVVV4KQNSO5AEMVJF66Q9ASUAAJG, Extended Request ID: not available
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,324 DEBUG [sof.ama.aws.request] (vert.x-eventloop-thread-0) Received successful response: 200, Request ID: SHB794RHRFQAJSAQPGG2MOQCHVVV4KQNSO5AEMVJF66Q9ASUAAJG, Extended Request ID: not available
02-24-2025 11:26:26 AM 2025-02-24 11:26:26,335 DEBUG [sof.ama.aws.ret.LegacyRetryStrategy] (vert.x-eventloop-thread-0) Request attempt 1 succeeded (cost: -1, capacity: 500/500)

georgegil avatar Feb 24 '25 11:02 georgegil

I am also experiencing this same issue, DynamoDB and S3 with Azure OIDC

JoeColeman95 avatar Apr 14 '25 18:04 JoeColeman95

Hello, were you able to resolve this problem? Regards

mnival avatar Sep 24 '25 16:09 mnival