Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Git Integration with RTC using NodeJS resulting in CRRTC8814E: You are not authorized to perform that Git operation.

Hi,

During configuration of Git integration with RTC using Node JS I have reached point where I receive error after accessing repository via URL http://spserver:8888/git/Demo.git.

CRRTC8814E: You are not authorized to perform that Git operation.

I am not able to do git clone or anything else.

2 votes

Comments

Please check if the authentication configuration is correct in config.json.

 Lily,


Config is correct as I am able to login to the server using AD credentials and error message is diplayed after successful authentication. 

If the error is reported when you tried to access URL "http://spserver:8888/git/Demo.git" from a browser, it most likely something wrong in config.json file.
Please follow the wiki https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode and forum discussion https://jazz.net/forum/questions/235317/rtc-and-git-integration-using-nodejs-authentication-ldap to have a check your current configuration.



3 answers

Permanent link

 Lily,


Problem is that wiki  https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode is not mentioning not even single word about LDAP as it is using Basic CLM authentication. 

I already went through this discussion https://jazz.net/forum/questions/235317/rtc-and-git-integration-using-nodejs-authentication-ldap and me issue is mentioned there once but without any explenation what was changed in the config file to make it work.

Here is my config

           {
    "_Comment": "The is an example configuration file used by the Node application. This file is in JSON format and every property (say, X) has a corresponding description property (X-Description), which provides a simple explanation about the property itself. To start using this file, fill in the required fields and delete this property from the file.",  
    "Version": 1,
    "Version-Description": "Version number of this config file",
    "Server-Use-HTTPS": false,
    "Server-Use-HTTPS-Description": "Boolean value that determines whether to use secure socket layer for HTTP communication",
    "Server-Key-File-Path": "",
    "Server-Key-File-Path-Description": "Absolute Path on the server to the server key file; MUST when HTTPS protocol is to be used",
    "Server-Certificate-File-Path": "",
    "Server-Certificate-File-Path-Description": "Absolute Path on the server to the certificate file; MUST when HTTPS protocol is to be used",
    "Server-Setup-HTTP-Redirector": true,
    "Server-Setup-HTTP-Redirector-Description": "Boolean value that determines if an HTTP listener has to be setup; this listener simply diverts the incoming requests to same endpoint over HTTPS",
    "Server-Port": 8888,
    "Server-Port-Description": "Integer value that defines the port on which the server has to listen to",
    "Server-Socket-Timeout": 180000,
    "Server-Socket-Timeout-Description": "Timeout (in milliseconds) to be set for socket connection. Default is 3 minutes. Set to 0 for indefinite.",
    "Git-Executable-Path": "git",
    "Git-Executable-Path-Description": "Absolute path to the git executable on the server; provide the absolute path, if 'git' is not found on the PATH environment variable",
    "Git-Repositories-Root-Dir": "c:/gitrepo/",
    "Git-Repositories-Root-Dir-Description": "Absolute path to the directory on the server where the Git repositories are located",
    "Git-Use-NodeGit": true,
    "Git-Use-NodeGit-Description": "Boolean Value that determines if nodegit module is to be used for operating on Git repositories. Setting to true implies that nodegit module is installed and is available to this server.",
    "Auth-Profiles": {
        "Ldap-1": {
            "type": "LDAP",
            "url": "ldap://spserver:389",
            "bindDn": "CN=Administrator,CN=Users,DC=sp,DC=local",
            "bindCredentials": "mypassword",
            "searchBase": "CN=Users,DC=sp,DC=local",
            "searchFilter": "(sAMAccountName={{username}})",
            "searchAttributes": null
        },
        "Basic-1": {
            "type": "BASIC",
            "url": "<url to the auth server, for example if RTC is used as the auth server the URL could be https://<rtcserver>:<port>/ccm/secure/authenticated/identity",
            "method": "GET"
        }
    },
    "Auth-Profiles-Description": "Set of authentication profiles available. It is a map - with the profile name itself being the key, and the properties being the value. The value object must contain 'type' property as one of 'LDAP', 'BASIC' (Please note that it is case-sensitive). In case of LDAP authentication, the value object should have properties pertaining LDAP authentication. Some basic properties are listed here. However, you can add others if needed. The list of properties is documented here: https://github.com/vesse/node-ldapauth-fork#ldapauth-config-options. In case of BASIC authentication, the value object should have 'url' and 'method' properties against which the HTTP Basic authentication is done. If 'method' property is absent, 'GET' is assumed.",
    "Git-URL-Prefixes": {
        "/git": {
            "authProfile": "Ldap-1"
        }
    },
    "Git-URL-Prefixes-Description": "Set of URL prefixes to be considered for the Git request. It is a map - with the prefix itself being the key, and the properties being the value. Right now the only supported property is 'authProfile' and its value can be one of the profile names in 'Auth-Profiles' configuration property. If 'authProfile' property is defined, the corresponding auth profile is applied; otherwise, no authentication is performed. In this case for example, the auth profile 'Ldap-1' will be applied for a Git repository having a url http://gitserver:9999/git/MyRepo.git since /git is the prefix to the git repository MyRepo.git"
}

2 votes

Comments

I don't see obvious problem in the config.json. Could you please clarify what operation did you do to get the error "CRRTC8814E: You are not authorized to perform that Git operation"?
The error code is reported from RTC. You should not get such error code if you just accessed the git repository from web browser.

 I am getting this message after opening GIT repository page and entering credentials in te web bowser. Using GIT clone is not working as well.


Permanent link

 I'm getting the same message but I'm using the phyton scipts. In the script rtcprocess.py which runs on the GitLab server in the validatePush method it tries to do an http request to the RTC server

 
    req = urllib.request.Request(PushUtil.getValidatePushUrl(jazzRepoUrl), binary_data, HttpUtil.getHeaders())
    urllib.request.urlopen(req)  <----this fails with an error code 403 

It seems that the error is comming from the RTC server. I'm assuming it is attempting an gitCommand to the GITLab server and failing on. 

Which user will it use to execute it from the RTC server to GIT server? Is there a way to turn on logging on the RTC to trace this. 

0 votes

Comments

apologies. I should have posted this as a comment

I confirmed that the user that I'm using to do the commit has access to the gitLab repository and is able to push changes.

Is there some debug options on RTC that we can enable to get more info on the error?

I'm using IBM's NodeJS scripts for vanilla Git integration using just SSH clients (the replacement for the Python scripts.)

I also was receiving CRRTC8814E: You are not authorized to perform that Git operation. whenever I tried to do a push or pre-receive check from the Git NodeJS triggers to RTC.

I don't know how the Python scripts are setup, but I had to do several things to get it working with NodeJS you may want to check:
1. The NodeJS scripts try to calculate the Git username of who kicked off the Git command, then attempts to do some e-mail/username lookup. It checks for the value of an assumed environment variable REMOTE_USER which did not exist anywhere in my setup. I had to edit this line to just pull the user's login name.
2. The name calculated from #1 above is passed in the HTTP params to RTC to check on authorization, therefore you must make sure that the names are going to match RTC usernames with at least a contributor license type setup.
3. RTC uses two pieces of data to authenticate: the username from #1 above plus the Git repo secret key, once both match your setup should be good.


Permanent link
I also got the error 'CRRTC8814E: You are not authorized to perform that Git operation' when trying to clone a GIT repository after completing the setup of Nodejs and RTC/Git integration. Confirmed that the configurations in config.json are correct. Found out that the error was because I did not grant access to git request in CCM. It's the last step in the 'Setup: Configuring the RTC Server' section of the following wiki:
https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 10,938
× 97

Question asked: Mar 22 '17, 6:33 p.m.

Question was seen: 4,950 times

Last updated: Sep 20 '18, 6:04 p.m.

Confirmation Cancel Confirm