Cannot log in with GitLab self-hosted

[lexi-o99]

I am having issues logging in with GitLab self-hosted, this issue might be the same as #34 however I'm not too sure as they didn't provide logs.

I have created the app in GitLab and that all works okay (after changing the redirect URI as mentioned in #34) the issue is when GitLab sends me back to my CodeCov instance.

I am using Traefik as a proxy so there may me issues there related to information, such as headers, not being passed through properly. When I'm redirected to CodeCov with the token I get a JSON 500 error page and the following logs;

gateway-1    | 192.168.0.1:38462 [14/Nov/2024:12:56:36.445] http be_default/s1 0/0/10/8/18 304 196 - - ---- 1/1/0/0/0 0/0 "GET / HTTP/1.1"
api-1        | /usr/local/lib/python3.12/site-packages/cerberus/validator.py:1666: UserWarning: No validation schema is defined for the arguments of rule 'check_aggregation_fields'
api-1        |   warn(
api-1        | {"message": "GraphQL Request", "asctime": "2024-11-14 12:56:41,893", "name": "graphql_api.views", "levelname": "INFO", "lineno": 243, "pathname": "/app/graphql_api/views.py", "funcName": "post", "threadName": "ThreadPoolExecutor-1_0", "taskName": "Task-1", "server_hostname": "8020834738cb", "request_method": "POST", "request_path": "/graphql/gh", "request_body": {"query": "query GetLoginProviders { config { loginProviders } }", "variables": {}}, "user": "AnonymousUser", "utctime": "2024-11-14T12:56:41.893000", "logger.name": "graphql_api.views", "logger.thread_name": "ThreadPoolExecutor-1_0", "level": "INFO"}
api-1        | {"message": "[GQL Rate Limit] - Setting new key", "asctime": "2024-11-14 12:56:41,897", "name": "graphql_api.views", "levelname": "INFO", "lineno": 354, "pathname": "/app/graphql_api/views.py", "funcName": "_check_ratelimit", "threadName": "ThreadPoolExecutor-1_0", "taskName": "Task-1", "key": "rl-ip:92.236.200.137", "user_id": null, "utctime": "2024-11-14T12:56:41.897000", "logger.name": "graphql_api.views", "logger.thread_name": "ThreadPoolExecutor-1_0", "level": "INFO"}
gateway-1    | 192.168.0.1:38462 [14/Nov/2024:12:56:37.950] http be_api/s1 0/0/1/3954/3955 200 952 - - ---- 1/1/0/0/0 0/0 "POST /graphql/gh HTTP/1.1"
api-1        | {"h": "192.168.0.8", "t": "[14/Nov/2024:12:56:41 +0000]", "r": "POST /graphql/gh HTTP/1.1", "s": "200", "b": "63", "f": "https://codecov.nps.onl/", "a": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0", "taskName": null}
api-1        | {"message": "Gitlab oauth with scope: 'api'", "asctime": "2024-11-14 12:56:48,360", "name": "codecov_auth.views.gitlab", "levelname": "INFO", "lineno": 46, "pathname": "/app/codecov_auth/views/gitlab.py", "funcName": "get_url_to_redirect_to", "threadName": "MainThread", "taskName": null, "utctime": "2024-11-14T12:56:48.360000", "logger.name": "codecov_auth.views.gitlab", "logger.thread_name": "MainThread", "level": "INFO"}
gateway-1    | 192.168.0.1:38462 [14/Nov/2024:12:56:48.330] http be_api/s1 0/0/1/113/114 302 1231 - - ---- 1/1/0/0/0 0/0 "GET /login/gle HTTP/1.1"
api-1        | {"h": "192.168.0.8", "t": "[14/Nov/2024:12:56:48 +0000]", "r": "GET /login/gle HTTP/1.1", "s": "302", "b": "0", "f": "https://codecov.nps.onl/", "a": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0", "taskName": null}
api-1        | {"message": "GitLab HTTP 200", "asctime": "2024-11-14 12:56:49,660", "name": "shared.torngit.gitlab", "levelname": "INFO", "lineno": 449, "pathname": "/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py", "funcName": "fetch_and_handle_errors", "threadName": "ThreadPoolExecutor-2_0", "taskName": "Task-4", "body": null, "utctime": "2024-11-14T12:56:49.660000", "logger.name": "shared.torngit.gitlab", "logger.thread_name": "ThreadPoolExecutor-2_0", "level": "INFO"}
api-1        | {"message": "GitLab HTTP 200", "asctime": "2024-11-14 12:56:50,277", "name": "shared.torngit.gitlab", "levelname": "INFO", "lineno": 449, "pathname": "/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py", "funcName": "fetch_and_handle_errors", "threadName": "ThreadPoolExecutor-2_0", "taskName": "Task-4", "body": null, "event": "api", "endpoint": "/user", "method": "get", "bot": null, "utctime": "2024-11-14T12:56:50.277000", "logger.name": "shared.torngit.gitlab", "logger.thread_name": "ThreadPoolExecutor-2_0", "level": "INFO"}
api-1        | {"message": "GitLab HTTP 200", "asctime": "2024-11-14 12:56:50,983", "name": "shared.torngit.gitlab", "levelname": "INFO", "lineno": 449, "pathname": "/usr/local/lib/python3.12/site-packages/shared/torngit/gitlab.py", "funcName": "fetch_and_handle_errors", "threadName": "ThreadPoolExecutor-2_0", "taskName": "Task-4", "body": null, "event": "api", "endpoint": "/groups", "method": "GET", "bot": null, "utctime": "2024-11-14T12:56:50.983000", "logger.name": "shared.torngit.gitlab", "logger.thread_name": "ThreadPoolExecutor-2_0", "level": "INFO"}
api-1        | {"message": "Compute Engine Metadata server unavailable on attempt 1 of 3. Reason: timed out", "asctime": "2024-11-14 12:56:54,073", "name": "google.auth.compute_engine._metadata", "levelname": "WARNING", "lineno": 141, "pathname": "/usr/local/lib/python3.12/site-packages/google/auth/compute_engine/_metadata.py", "funcName": "ping", "threadName": "MainThread", "taskName": null, "utctime": "2024-11-14T12:56:54.073000", "logger.name": "google.auth.compute_engine._metadata", "logger.thread_name": "MainThread", "level": "WARNING"}
api-1        | {"message": "Compute Engine Metadata server unavailable on attempt 2 of 3. Reason: timed out", "asctime": "2024-11-14 12:56:57,075", "name": "google.auth.compute_engine._metadata", "levelname": "WARNING", "lineno": 141, "pathname": "/usr/local/lib/python3.12/site-packages/google/auth/compute_engine/_metadata.py", "funcName": "ping", "threadName": "MainThread", "taskName": null, "utctime": "2024-11-14T12:56:57.075000", "logger.name": "google.auth.compute_engine._metadata", "logger.thread_name": "MainThread", "level": "WARNING"}
api-1        | {"message": "Compute Engine Metadata server unavailable on attempt 3 of 3. Reason: timed out", "asctime": "2024-11-14 12:57:00,077", "name": "google.auth.compute_engine._metadata", "levelname": "WARNING", "lineno": 141, "pathname": "/usr/local/lib/python3.12/site-packages/google/auth/compute_engine/_metadata.py", "funcName": "ping", "threadName": "MainThread", "taskName": null, "utctime": "2024-11-14T12:57:00.077000", "logger.name": "google.auth.compute_engine._metadata", "logger.thread_name": "MainThread", "level": "WARNING"}
api-1        | {"message": "Authentication failed using Compute Engine authentication due to unavailable metadata server.", "asctime": "2024-11-14 12:57:00,078", "name": "google.auth._default", "levelname": "WARNING", "lineno": 340, "pathname": "/usr/local/lib/python3.12/site-packages/google/auth/_default.py", "funcName": "_get_gce_credentials", "threadName": "MainThread", "taskName": null, "utctime": "2024-11-14T12:57:00.078000", "logger.name": "google.auth._default", "logger.thread_name": "MainThread", "level": "WARNING"}
api-1        | {"message": "Internal Server Error: /login/gle", "asctime": "2024-11-14 12:57:00,082", "name": "django.request", "levelname": "ERROR", "lineno": 241, "pathname": "/usr/local/lib/python3.12/site-packages/django/utils/log.py", "funcName": "log_response", "threadName": "MainThread", "exc_info": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/query.py\", line 916, in get_or_create\n    return self.get(**kwargs), False\n           ^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/query.py\", line 637, in get\n    raise self.model.DoesNotExist(\nshared.django_apps.codecov_auth.models.Owner.DoesNotExist: Owner matching query does not exist.\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n  File \"/usr/local/lib/python3.12/site-packages/django/core/handlers/exception.py\", line 55, in inner\n    response = get_response(request)\n               ^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/core/handlers/base.py\", line 197, in _get_response\n    response = wrapped_callback(request, *callback_args, **callback_kwargs)\n               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/views/generic/base.py\", line 104, in view\n    return self.dispatch(request, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/views/generic/base.py\", line 143, in dispatch\n    return handler(request, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/codecov_auth/views/gitlab.py\", line 98, in get\n    return self.actual_login_step(request)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/codecov_auth/views/gitlab.py\", line 78, in actual_login_step\n    user = self.get_and_modify_owner(user_dict, request)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/codecov_auth/views/base.py\", line 265, in get_and_modify_owner\n    upserted_orgs = [self.get_or_create_org(org) for org in formatted_orgs]\n                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/codecov_auth/views/base.py\", line 186, in get_or_create_org\n    owner, was_created = Owner.objects.get_or_create(\n                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/manager.py\", line 87, in manager_method\n    return getattr(self.get_queryset(), name)(*args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/query.py\", line 923, in get_or_create\n    return self.create(**params), True\n           ^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/query.py\", line 658, in create\n    obj.save(force_insert=True, using=self.db)\n  File \"/usr/local/lib/python3.12/site-packages/shared/django_apps/codecov_auth/models.py\", line 395, in save\n    super().save(*args, **kwargs)\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/base.py\", line 814, in save\n    self.save_base(\n  File \"/usr/local/lib/python3.12/site-packages/model_utils/tracker.py\", line 343, in inner\n    return original(instance, *args, **kwargs)\n           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/django/db/models/base.py\", line 892, in save_base\n    post_save.send(\n  File \"/usr/local/lib/python3.12/site-packages/django/dispatch/dispatcher.py\", line 177, in send\n    (receiver, receiver(signal=self, sender=sender, **named))\n               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/codecov_auth/signals.py\", line 53, in update_owner\n    ShelterPubsub.get_instance().publish(data)\n    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/app/utils/shelter.py\", line 22, in get_instance\n    cls._instance = cls()\n                    ^^^^^\n  File \"/app/utils/shelter.py\", line 27, in __init__\n    self.pubsub_publisher = pubsub_v1.PublisherClient()\n
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/google/cloud/pubsub_v1/publisher/client.py\", line 139, in __init__\n    super().__init__(**kwargs)\n  File \"/usr/local/lib/python3.12/site-packages/google/pubsub_v1/services/publisher/client.py\", line 492, in __init__\n    self._transport = Transport(\n                      ^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/google/pubsub_v1/services/publisher/transports/grpc.py\", line 153, in __init__\n    super().__init__(\n  File \"/usr/local/lib/python3.12/site-packages/google/pubsub_v1/services/publisher/transports/base.py\", line 104, in __init__\n    credentials, _ = google.auth.default(\n                     ^^^^^^^^^^^^^^^^^^^^\n  File \"/usr/local/lib/python3.12/site-packages/google/auth/_default.py\", line 692, in default\n    raise exceptions.DefaultCredentialsError(_CLOUD_SDK_MISSING_CREDENTIALS)\ngoogle.auth.exceptions.DefaultCredentialsError: Your default credentials were not found. To set up Application Default Credentials, see https://cloud.google.com/docs/authentication/external/set-up-adc for more information.", "taskName": null, "status_code": 500, "request": "<WSGIRequest: GET '/login/gle?code=<code>&state=<state>'>", "utctime": "2024-11-14T12:57:00.082000", "logger.name": "django.request", "logger.thread_name": "MainThread", "level": "ERROR"}
api-1        | {"h": "192.168.0.8", "t": "[14/Nov/2024:12:57:00 +0000]", "r": "GET /login/gle?code=<code>&state=<state> HTTP/1.1", "s": "500", "b": "31", "f": "https://gitlab.nps.onl/", "a": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36 OPR/114.0.0.0", "taskName": null}
gateway-1    | 192.168.0.1:38462 [14/Nov/2024:12:56:49.341] http be_api/s1 0/0/0/10825/10825 500 853 - - ---- 1/1/0/0/0 0/0 "GET /login/gle?code=<code>&state=<state> HTTP/1.1"

I can see it's erroring due to missing Google Cloud credentials. Should these be in the image?

[Alexsaphir]

I think they fixed it 👏

[Amir1453]

I am having the same exact problem, I changed the Redirect URI to gle instead of gitlab_enterprises, which brought me to the authentication window, but then I get missing Google Cloud credentials errors in my logs.

[Wazabiii]

In your docker-compose.yml
Try adding this environment variable for the worker and api services:

[...]
api:
    image: codecov/self-hosted-api:latest-calver #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    environment:
      - PUBSUB_EMULATOR_HOST=localhost
[...]
worker:
    image: codecov/self-hosted-worker:latest-calver #note: this is for setup purposes only, be sure to pin to the latest release from our changelog: https://docs.codecov.io/changelog
    environment:
      - PUBSUB_EMULATOR_HOST=localhost

[disberd]

Doing what @Wazabiii suggested remove the google auth error, but i brings me back to simply redirecting to the main login page :(

[BohdanK-W32]

@Wazabiii, you're a lifesaver! Thanks, it's working now, it was a last broken thing.

If I'll have more free time, I'll publish our repo with a complete configuration on @zapal-tech. But if not, I'll be ready to help anyone who struggles a few days with setup and horrible, unmaintained documentation.

[lexi-o99]

@Wazabiii You're the best. Thank you!