-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support authentication to private maven repositories (Artifactory) #95
Comments
Hope its not too late but you can use |
Does that imply the credentials would be in in the clear in the generated workspace.bzl? Is there any trick to pick up the credentials from an external source (.m2/settings.xml would be ideal.) Thanks! |
Maybe we could look in an environmental variable for Auth or ask the user
to enter auth at s prompt?
We use certificates at Stripe so I have not been in this situation.
On Thu, Apr 19, 2018 at 06:41 Warren Strange ***@***.***> wrote:
Does that imply the credentials would be in in the clear in the generated
workspace.bzl? Is there any trick to pick up the credentials from an
external source (.m2/settings.xml would be ideal.)
Thanks!
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#95 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAEJduJBdjuuzXZOLwh0aKBRcyWMpzeOks5tqL49gaJpZM4QbHRk>
.
--
P. Oscar Boykin, Ph.D. | http://twitter.com/posco | http://pobox.com/~boykin
|
This doesn't work either. Even though I can clearly see that url contains username/password:
|
I've seen just that with our setup; the repo doesn't cope with auth in the url, it really has to go into headers. I've been using a hack described in bazelbuild/bazel#5452 (comment) TLDR: Flag private repos and fall back to shelling out to mvn & letting it handle authentication for me. It's not a great approach & not in a form I'd consider floating it as a patch, but it's been good enough to unblock us for now. |
I patched the workspace to shell out to curl, but it still requires plaintext password in deps.yml and workspace itself, but at least i'm unblocked. |
@diacone Are you open to share your patch? I'm in a similar spot trying to fetch from a password protected Nexus. |
|
Thanks a lot @diacone. Just to confirm, this diff is for the "runtime" build part, i.e. when Bazel is downloading dependencies? It does not deal with the "resolution" part, i.e. when bazel-deps is supposed to resolve artifacts from a privat Nexus server which requires authentication? |
Yes @guw, this is for the runtime part. |
For resolution, I’d rather prompt for a password if a flag is given, since I’d rather not be checking in auth credentials. I can help you get started on a patch if you like. The first thing to look at would be making an optional flag to ask the user for user/password. Then we can see about passing authentication data to the resolver. |
@johnynek Thanks! I'm certainly interested in providing a patch. I'm converting a fairly large legacy project. So far I'm running into resolution issue with Coursier and trying Aether now. Prompting is not something that's going to work as we need to run this on CI. Ideally, I'd like to re-use authentication information stored in |
Interesting that you run resolution on CI. We don’t do that since it is pretty slow. For downloading on build, you can pretty easily change how resolution works by adjusting the callback .bzl function that processes the resolved artifacts. |
You can pass any function you want in which can use any method you need to set up the dependencies after resolution. |
FYI: Bazel |
Any progress now that bazelbuild/bazel#7469 is resolved? |
FWIW, the issue became less pressing for us since we started using https://github.com/salesforce/bazel-maven-proxy/ |
Happy to accept a PR, but I am personally not working on this issue. I'm also happy to answer questions and guide someone through making the PR |
I've just hit this issue and I don't know what to do. So far from what I've read there are a number of avenues:
That's a tough cookie to say the least. Update: |
Wait a minute! Wasn't this solved by #293 ? |
Maybe? I merged the PR I think but actually we don't use that feature so I don't really know. Sorry it isn't more clear in the docs or that I didn't remember. |
I found out that regardless of the version,
This means these 3 files require adjustment:
|
I have made this PR with the hopes of fixing this issue: #387
|
I tried to use a private Artifactory repository that requires authentication.
I have the appropriate credentials in my ~/.m2/settings.xml, but it looks like the resolver does not reference these credentials. The http request for the artifact gets a 401 unauthorized response.
The text was updated successfully, but these errors were encountered: