Comments (11)
The user also needs cloud controller admin rights. Has that been set up?
from firehose-to-syslog.
Hi,
Thanks for the hint, I'm using syslog1 as the account.
I just run the uaac update command to add the cloud controller admin to this account.
PS C:\PCF_Soft\firehose-to-syslog> uaac client update syslog1 --authorities "oauth.login,doppler.firehose,cloud_controller.admin"
scope: cloud_controller.admin doppler.firehose oauth.approvals openid
client_id: syslog1
resource_ids: none
authorized_grant_types: authorization_code client_credentials refresh_token
autoapprove:
action: none
authorities: oauth.login doppler.firehose cloud_controller.admin
name: syslog1
lastmodified: 1458222800000
However the issue remains. When i checked the uaac context of this account, it shows the scope is just oauth.login doppler.firehose
PS C:\PCF_Soft\firehose-to-syslog> uaac context syslog1
[0]*[https://uaa.system.cf55.fbdldomain.local]
skip_ssl_validation: true
[2]*[syslog1]
client_id: syslog1
access_token: eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI0YmFjOWI0ZC04MjI2LTRlMWUtOWI5Ni04YzY1NWIzZTE4MDEiLCJzdWIiOiJzeXNsb2c
xIiwiYXV0aG9yaXRpZXMiOlsib2F1dGgubG9naW4iLCJkb3BwbGVyLmZpcmVob3NlIl0sInNjb3BlIjpbIm9hdXRoLmxvZ2luIiwiZG9wcGxlci5maXJlaG9
zZSJdLCJjbGllbnRfaWQiOiJzeXNsb2cxIiwiY2lkIjoic3lzbG9nMSIsImF6cCI6InN5c2xvZzEiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWx
zIiwicmV2X3NpZyI6ImU2NjRhZjg1IiwiaWF0IjoxNDU4MjIwNTcyLCJleHAiOjE0NTgyNjM3NzIsImlzcyI6Imh0dHBzOi8vdWFhLnN5c3RlbS5jZjU1LmZ
iZGxkb21haW4ubG9jYWwvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsic3lzbG9nMSIsIm9hdXRoIiwiZG9wcGxlciJdfQ.HOZtj_zpQtr_PRTd
vLC_8lMPTILGR0xgdvfOwkBOCX9l-WnwqdoqWp_E93w9wyZuLtqGv7cneZM9lS6mAxJ5VIQ-ExXTY6q0Q5C6wy701gH9cQscE2NXHRbWxLH7xPNDkWP-fhqA
Un8KSoY7sIIFBgKXo6nOnLWk3NyIYU_LHjLo9gqKIxYlJPyChUYdkZ3C9aaa55e49xptixs37yPzeJarabh4t-cRhBhsyzGHaTvouPRnD0jcNu8hgyoy_oEM
Mf5GE3LrcC6vRm1lmNgTULSmZVMEuJaSb3cghBm8ZnkyAbwaOpGsnnFraIYY3tHyES8UT3wr6rrQyGdvPFVptQ
token_type: bearer
expires_in: 43199
scope: oauth.login doppler.firehose
jti: 4bac9b4d-8226-4e1e-9b96-8c655b3e1801
Could this be the root cause? If so, how to resolve this scope issue?
Thanks!
Silvester
from firehose-to-syslog.
Please check the README of the develop branch, and look for Create doppler.firehose enabled user
I will merge pretty soon
from firehose-to-syslog.
Hi,
Actually I run the exactly the same command to create the firehose enabled user account. I just forgot to mention that in the first place.
Silvester
from firehose-to-syslog.
OK, I re-created another account "syslog2" and ensured it has as much authorities as I can assign:
PS C:\PCF_Soft\firehose-to-syslog> uaac context syslog2
[0][https://uaa.system.cf55.fbdldomain.local]
skip_ssl_validation: true
[3][syslog2]
client_id: syslog2
access_token: eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI2OTBjOTk4Ni0yNzU3LTQ0ZTItOTM3Ny05ZjE3OWU2ODIxMjAiLCJzdWIiOiJzeXNsb2c
yIiwiYXV0aG9yaXRpZXMiOlsiY2xpZW50cy5yZWFkIiwicGFzc3dvcmQud3JpdGUiLCJjbGllbnRzLnNlY3JldCIsImNsaWVudHMud3JpdGUiLCJvYXV0aC5
sb2dpbiIsImRvcHBsZXIuZmlyZWhvc2UiLCJ1YWEuYWRtaW4iLCJzY2ltLndyaXRlIiwic2NpbS5yZWFkIl0sInNjb3BlIjpbImNsaWVudHMucmVhZCIsInB
hc3N3b3JkLndyaXRlIiwiY2xpZW50cy5zZWNyZXQiLCJjbGllbnRzLndyaXRlIiwib2F1dGgubG9naW4iLCJkb3BwbGVyLmZpcmVob3NlIiwidWFhLmFkbWl
uIiwic2NpbS53cml0ZSIsInNjaW0ucmVhZCJdLCJjbGllbnRfaWQiOiJzeXNsb2cyIiwiY2lkIjoic3lzbG9nMiIsImF6cCI6InN5c2xvZzIiLCJncmFudF9
0eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6IjNkY2Q0ZTU4IiwiaWF0IjoxNDU4NTQ5NDk0LCJleHAiOjE0NTg1OTI2OTQsImlzcyI6Imh
0dHBzOi8vdWFhLnN5c3RlbS5jZjU1LmZiZGxkb21haW4ubG9jYWwvb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJhdWQiOlsic3lzbG9nMiIsImNsaWVudHM
iLCJwYXNzd29yZCIsIm9hdXRoIiwiZG9wcGxlciIsInVhYSIsInNjaW0iXX0.dgI6GeKVLjMoiktjXA98Lt1FJSdiUS20XqreqWJdjCYyBQffYAjdC74labi
9gP_XvaCLO0qjfCMT-_HPdnJKq3yH8tHQZmT69oI8W85E1sNdBhhrcxa8VDg-UK-Or9KVKWeN8j-7AAXQU-0iGwFIcw5nBTupWl-p2PeuQkyxMJ5Je8ohFdF
VbBoZv0VYLghbMAsECX3vJvXIOz2oiygS9phLRwyW9jXB1dYwBA-j_d4CHODsb8c3ZqwMzIfp74bZMk3wjvfZX-y-ctBZXtDsDKBHkOB5LOq47Vwa9K2QMNB
tmTL9xuDDtf6A3miAUric6i9ovra7kCWFE7tU91fW1w
token_type: bearer
expires_in: 43199
scope: clients.read password.write clients.secret clients.write oauth.login doppler.firehose uaa.admin scim.write scim.read
jti: 690c9986-2757-44e2-9377-9f179e682120
Then I push this app again, this time it still give me "Invalid authorization" errors. However this time the error description is a little bit different:
////////////////////////////////////////////////////////////////////////log start/////////////////////////////////////////////////////////////
2016-03-21T08:49:11.000+00:00 [APP] OUT [2016-03-21 08:49:11.576247163 +0000 UTC] WEBSOCKET REQUEST:
2016-03-21T08:49:11.000+00:00 [APP] OUT [2016-03-21 08:49:11.576288944 +0000 UTC] GET /firehose/firehose-to-syslog5 HTTP/1.1
2016-03-21T08:49:11.000+00:00 [APP] OUT Host: wss://doppler.system.cf55.fbdldomain.local:443
2016-03-21T08:49:11.000+00:00 [APP] OUT Upgrade: websocket
2016-03-21T08:49:11.000+00:00 [APP] OUT Authorization: bearer eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJjY2IwMzI2NS0yZTg4LTQ4NjUtYmZjYi0zNGRlOGU4MjYyMjciLCJzdWIiOiI2ZmZkZGYzZi02YzIwLTQzNDUtYjYxNC1iM2RlMGIyZjQ5ZDMiLCJzY29wZSI6WyJvcGVuaWQiLCJzY2ltLnJlYWQiLCJjbG91ZF9jb250cm9sbGVyLmFkbWluIiwidWFhLnVzZXIiLCJjbG91ZF9jb250cm9sbGVyLnJlYWQiLCJwYXNzd29yZC53cml0ZSIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiLCJzY2ltLndyaXRlIl0sImNsaWVudF9pZCI6ImNmIiwiY2lkIjoiY2YiLCJhenAiOiJjZiIsImdyYW50X3R5cGUiOiJwYXNzd29yZCIsInVzZXJfaWQiOiI2ZmZkZGYzZi02YzIwLTQzNDUtYjYxNC1iM2RlMGIyZjQ5ZDMiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX25hbWUiOiJzeXNsb2cyIiwiZW1haWwiOiJ0ZXN0dXNlcmVtYy5jb20iLCJhdXRoX3RpbWUiOjE0NTg1NTAxNDgsInJldl9zaWciOiIyYjk4OWU0ZSIsImlhdCI6MTQ1ODU1MDE0OCwiZXhwIjoxNDU4NTU3MzQ4LCJpc3MiOiJodHRwczovL3VhYS5zeXN0ZW0uY2Y1NS5mYmRsZG9tYWluLmxvY2FsL29hdXRoL3Rva2VuIiwiemlkIjoidWFhIiwiYXVkIjpbImNmIiwib3BlbmlkIiwic2NpbSIsImNsb3VkX2NvbnRyb2xsZXIiLCJ1YWEiLCJwYXNzd29yZCJdfQ.KAizXSUFzkjdqLBdNgGWEK3u7JlZBPnVQpvIdaEZZt_soh12LKlWbFv0HB0pLn74QVnZQ25bwhoQA2hfOb9uQESJ0jrGhXq3CSLuSYeFYLfUSXJw0qxFHMT1sUJJUehIjXnPLgedtVfK-Ov3FNoNsY9pW74fFL_hiw18wkdwH6Fdhdb9eARW1XHtJhM0fksUBmSMEP8wnbnnNmVCmxHxeqbci1cfx3i5N9FJvc_O2mOcewsZYzS0lUz1q-uENhJJfz-PPQcglldHjnRLkvGoztlr9VogLc4xEc_GeCbE_wYuKM_ta-iNSqak_M7veAuweum3Wla1fRzX8ltVBeFSnA
2016-03-21T08:49:11.000+00:00 [APP] OUT Connection: Upgrade
2016-03-21T08:49:11.000+00:00 [APP] OUT Sec-WebSocket-Version: 13
2016-03-21T08:49:11.000+00:00 [APP] OUT Sec-WebSocket-Key: [HIDDEN]
2016-03-21T08:49:11.000+00:00 [APP] OUT Origin: http://localhost
2016-03-21T08:49:11.000+00:00 [APP] OUT [2016-03-21 08:49:11.631416789 +0000 UTC] WEBSOCKET RESPONSE:
2016-03-21T08:49:11.000+00:00 [APP] OUT [2016-03-21 08:49:11.631635225 +0000 UTC] HTTP/1.1 401 Unauthorized
2016-03-21T08:49:11.000+00:00 [APP] OUT Date: Mon, 21 Mar 2016 08:49:11 GMT
2016-03-21T08:49:11.000+00:00 [APP] OUT Content-Length: 52
2016-03-21T08:49:11.000+00:00 [APP] OUT Content-Type: text/plain; charset=utf-8
2016-03-21T08:49:11.000+00:00 [APP] OUT Www-Authenticate: Basic
2016-03-21T08:49:11.000+00:00 [APP] ERR [2016-03-21 08:49:11.632521549 +0000 UTC] Exception occurred! Message: Firehose Error! Details: Unauthorized error: You are not authorized. Error: Invalid authorization
2016-03-21T08:49:12.000+00:00 [APP] OUT Exit status 0
2016-03-21T08:49:12.000+00:00 [CELL] OUT Exit status 0
2016-03-21T08:49:12.000+00:00 [API] OUT App instance exited with guid c377046c-251b-42a4-9942-bf77d48d017e payload: {"instance"=>"49aa5479-dd82-4f2f-523a-b1d824afa226", "index"=>0, "reason"=>"CRASHED", "exit_description"=>"2 error(s) occurred:\n\n* Codependent step exited\n* cancelled", "crash_count"=>6, "crash_timestamp"=>1458550152152095067, "version"=>"bb824071-8f9d-4ed6-a82c-c88f7c5e1335"}
////////////////////////////////////////////////////////////////////////log end/////////////////////////////////////////////////////////////
I'm really out of my mind now. Is there anything I've missed?
Silvester
from firehose-to-syslog.
Hi,
You still need the doppler.firehose scope and according to the token you put in your comment this scope is not there
"scope": [
"openid",
"scim.read",
"cloud_controller.admin",
"uaa.user",
"cloud_controller.read",
"password.write",
"cloud_controller.write",
"scim.write"
],
These scope you be enough
openid,oauth.approvals,doppler.firehose,cloud_controller.admin
from firehose-to-syslog.
Hi,
I created the account using the following command according to README:
uaac client add syslog2 --scope 'openid,oauth.approvals,doppler.firehose,cloud_controller.admin' --authorized_grant_types 'authorization_code,client_credentials,refresh_token' --authorities 'clients.read,password.write,clients.secret,clients.write,uaa.admin scim.write,scim.read,oauth.login,doppler.firehose' --secret Password123!
Now I've delete and re-create the token using the command below to ensure the doppler.firehose exist in the scope of this account:
PS C:\PCF_Soft\firehose-to-syslog> uaac token delete
PS C:\PCF_Soft\firehose-to-syslog> uaac token client get syslog2 -s Password123!
Successfully fetched token via client credentials grant.
Target: https://uaa.system.cf55.fbdldomain.local
Context: syslog2, from client syslog2
PS C:\PCF_Soft\firehose-to-syslog> uaac token decode
Note: no key given to validate token signature
jti: f4f6fc80-ef92-4a62-bb0f-4fb2a78d375b
sub: syslog2
authorities: clients.read password.write clients.secret clients.write oauth.login doppler.firehose uaa.admin scim.write scim.read
scope: clients.read password.write clients.secret clients.write oauth.login doppler.firehose uaa.admin scim.write scim.read
client_id: syslog2
cid: syslog2
azp: syslog2
grant_type: client_credentials
rev_sig: 3dcd4e58
iat: 1458709820
exp: 1458753020
iss: https://uaa.system.cf55.fbdldomain.local/oauth/token
zid: uaa
aud: syslog2 clients password oauth doppler uaa scim
However the issue still remains. Is there anything else I need to setup?
Silvester
from firehose-to-syslog.
Where is cloud_controller.admin ?
from firehose-to-syslog.
Sorry, I forgot that.Now I run the uaac update command to add this cloud_controller admin to the scope and authorities.
Unfortunately, the same issue remains:(
PS C:\PCF_Soft\firehose-to-syslog> uaac token delete
PS C:\PCF_Soft\firehose-to-syslog> uaac token client get syslog2 -s Password123!
Successfully fetched token via client credentials grant.
Target: https://uaa.system.cf55.fbdldomain.local
Context: syslog2, from client syslog2
PS C:\PCF_Soft\firehose-to-syslog>** uaac token decode**
Note: no key given to validate token signature
jti: ac30f2c6-1c21-42a0-a6ad-18508aa29d97
sub: syslog2
authorities: clients.read password.write clients.secret clients.write oauth.login doppler.firehose uaa.admin scim.write scim.read cloud_controller.admin
scope: clients.read password.write clients.secret clients.write oauth.login doppler.firehose uaa.admin scim.write scim.read cloud_controller.admin
client_id: syslog2
cid: syslog2
azp: syslog2
grant_type: client_credentials
rev_sig: 3dcd4e58
iat: 1458713030
exp: 1458756230
iss: https://uaa.system.cf55.fbdldomain.local/oauth/token
zid: uaa
aud: syslog2 clients password oauth doppler uaa scim cloud_controller
PS C:\PCF_Soft\firehose-to-syslog>uaac context syslog2
[0]*[https://uaa.system.cf55.fbdldomain.local]
skip_ssl_validation: true
[3]*[syslog2]
client_id: syslog2
access_token: eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiJhYzMwZjJjNi0xYzIxLTQyYTAtYTZhZC0xODUwOGFhMjlkOTciLCJzdWIiOiJzeXNsb2cyIiwiYXV0aG9yaXRpZXMiOlsiY2xpZW50cy5yZWFkIiwicGFzc3dvcmQud3JpdGU
hvc2UiLCJ1YWEuYWRtaW4iLCJzY2ltLndyaXRlIiwic2NpbS5yZWFkIiwiY2xvdWRfY29udHJvbGxlci5hZG1pbiJdLCJzY29wZSI6WyJjbGllbnRzLnJlYWQiLCJwYXNzd29yZC53cml0ZSIsImNsaWVudHMuc2VjcmV0IiwiY2xpZW50cy53cm
CJzY2ltLnJlYWQiLCJjbG91ZF9jb250cm9sbGVyLmFkbWluIl0sImNsaWVudF9pZCI6InN5c2xvZzIiLCJjaWQiOiJzeXNsb2cyIiwiYXpwIjoic3lzbG9nMiIsImdyYW50X3R5cGUiOiJjbGllbnRfY3JlZGVudGlhbHMiLCJyZXZfc2lnIjoiM
c3lzdGVtLmNmNTUuZmJkbGRvbWFpbi5sb2NhbC9vYXV0aC90b2tlbiIsInppZCI6InVhYSIsImF1ZCI6WyJzeXNsb2cyIiwiY2xpZW50cyIsInBhc3N3b3JkIiwib2F1dGgiLCJkb3BwbGVyIiwidWFhIiwic2NpbSIsImNsb3VkX2NvbnRyb2xs
mJGKd_h5C99k9b1AUdWpUD34SjBDh_KDhbZGCZxQV04a-x-zzGI3IU9gr6WMCNQYOygJEId9wk0Gvim-aX044NlhvJ_AAD-dJsTHEQS1eshUCHauqvwQHYmGzHLCOuNYVUaMgnk5P6P_kn0MMFelZgAIYVRmf_XUJuzVFScHZcXrU5beMHFF0zvd
token_type: bearer
expires_in: 43199
scope: clients.read password.write clients.secret clients.write oauth.login doppler.firehose uaa.admin scim.write scim.read cloud_controller.admin
jti: ac30f2c6-1c21-42a0-a6ad-18508aa29d97
Silvester
from firehose-to-syslog.
After re-create the doppler.firehose user using the latest commands below, the issue is resolved.
uaac target https://uaa.[your cf system domain] --skip-ssl-validation
uaac token client get admin -s [your admin-secret]
cf create-user [firehose user] [firehose password]
uaac member add cloud_controller.admin [your firehose user]
uaac member add doppler.firehose [your firehose user]
You can close this thread
Thanks a lot!
Silvester
from firehose-to-syslog.
Cool!
from firehose-to-syslog.
Related Issues (20)
- " read: connection reset by peer" when connecting to Syslog server HOT 1
- Firehose Nozzle app experiences following issue sometimes HOT 2
- Splunk logs are missing in flight. HOT 4
- How can GoVersion be updated in nozzle v4.1.1? HOT 10
- Suffix Stripping using a Regex instead of HasSuffix Function HOT 4
- F2S Upgrade Question HOT 3
- Performance Discussion HOT 1
- ERR panic: runtime error: invalid memory address or nil pointer dereference^ HOT 47
- Failed to compile uaatokenrefresher
- F2S_DISABLE_LOGGING = true -- v5.0.0 -- does not disable logging HOT 8
- Exception occurred! Message: Missed Logs Details: HOT 6
- Connect to Pivotal Webservices HOT 1
- The process misses to send all the tags keys to syslog
- v5.0.0+ too slow logging with PCF/PAS 2.5 (no problem in v4.1.1) HOT 7
- Ingestor_Cloudfoundry_Firehose SIGSEGV: segmentation violation /Missing logs HOT 1
- where can i find documentation of available options, switches, and environment variables and their acceptable values HOT 1
- HttpStartStop invalid app id HOT 1
- Unable to Revert back to V1 loggregator due to performance concerns / And Cloud Foundry announcement
- Org, Space name and ID's not available.
- firehose-to-syslog arm64/aarch64 release
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from firehose-to-syslog.