Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to fetch configuration: response status code does not match any response statuses defined for this endpoint in the swagger spec (status 401) #755

Closed
chvolkmann opened this issue Apr 19, 2021 · 6 comments
Closed

Failed to fetch configuration: response status code does not match any response statuses defined for this endpoint in the swagger spec (status 401) #755

chvolkmann opened this issue Apr 19, 2021 · 6 comments
Assignees
@BeryJu
Labels
bug Something isn't working

Comments

@chvolkmann
Copy link

chvolkmann commented Apr 19, 2021
edited

Describe the bug

I set up a fresh instance of authentik. After setting up traefik, I wanted to hide the traefik dashboard behind an outpost.

However, when I try to deploy the output to my Docker swarm, it crashes on startup with the following error

time="2021-04-19T16:09:26Z" level=panic msg="Failed to fetch configuration" error="response status code does not match any response statuses defined for this endpoint in the swagger spec (status 401): {}" logger=authentik.outpost.ak-api-controller,
panic: (*logrus.Entry) 0xc00010a460,
,
goroutine 1 [running]:,
github.com/sirupsen/logrus.(*Entry).log(0xc00010a3f0, 0x0, 0xc0003998a0, 0x1d),
	/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:259 +0x2e5,
github.com/sirupsen/logrus.(*Entry).Log(0xc00010a3f0, 0xc000000000, 0xc00041fc28, 0x1, 0x1),
	/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:293 +0x86,
github.com/sirupsen/logrus.(*Entry).Panic(...),
	/go/pkg/mod/github.com/sirupsen/logrus@v1.8.1/entry.go:331,
goauthentik.io/outpost/pkg/ak.NewAPIController(0xc00004400f, 0x5, 0x0, 0x0, 0x0, 0xc000044017, 0x11, 0xc000044028, 0x1, 0x0, ...),
	/work/pkg/ak/api.go:59 +0x4ae,
main.main(),
	/work/cmd/proxy/server.go:48 +0x2b8,

Version and Deployment (please complete the following information):

  • authentik version: 2021.04.02
  • Deployment: Docker 20.10.06, Swarm Deployment

docker-stack.yml

services:
  # ...
  traefikOutpost:
    image: beryju/authentik-proxy
    ports:
      - 4180:4180
      - 4443:4443
    environment:
      AUTHENTIK_HOST: https://sso.mydomain.com/
      AUTHENTIK_INSECURE: "false" # Let's Encrypt certificate provided
      AUTHENTIK_TOKEN: "TOKEN"
      LOG_LEVEL: debug
    deploy:
      placement:
        constraints:
          - node.labels.hostname == mydomain.com
      labels:
        - traefik.enable=true
        - traefik.http.routers.traefikOutpost.rule=Host(`traefik.mydomain.com`)
        - traefik.http.routers.traefikOutpost.service.loadbalancer.server.port=4180
@chvolkmann chvolkmann added the bug Something isn't working label Apr 19, 2021
@BeryJu BeryJu self-assigned this Apr 19, 2021
@BeryJu
Copy link
Member

BeryJu commented Apr 19, 2021

Hey, thanks for the error report. Could you post the logs of the authentik server container? There should be some info if the token is missing or invalid or some other error.

@chvolkmann
Copy link
Author

Not much more than


{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851408.7036428},
{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851448.125891},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 11, "request_id": "39b6a511152847f49ae2e756bcc65460", "runtime": 58, "scheme": "http", "size": 0.031, "status": 401, "timestamp": "2021-04-19T16:55:00.392640"},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 10, "request_id": "0d50968c5c1b458db39184f214399dda", "runtime": 58, "scheme": "http", "size": 0.051, "status": 401, "timestamp": "2021-04-19T16:56:48.705277"},
{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851415.6794574},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 11, "request_id": "1e229261321249278e35456747847ef8", "runtime": 58, "scheme": "http", "size": 0.03, "status": 401, "timestamp": "2021-04-19T16:56:55.680738"},
{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851422.2199204},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 10, "request_id": "bf74272f3fce4b96b3ab30ebf6b85a5c", "runtime": 58, "scheme": "http", "size": 0.034, "status": 401, "timestamp": "2021-04-19T16:57:02.221436"},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 9, "request_id": "5518d8ef1fa040daa939516b6f3411c7", "runtime": 58, "scheme": "http", "size": 0.029, "status": 401, "timestamp": "2021-04-19T16:57:08.644083"},
{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851428.642649},
{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851434.9715154},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 10, "request_id": "3e8a91bcfb554db2a78d9bc93bb0a4cb", "runtime": 58, "scheme": "http", "size": 0.027, "status": 401, "timestamp": "2021-04-19T16:57:14.972480"},
{"event": "Unauthorized: /api/v2beta/outposts/outposts/", "level": "warning", "logger": "django.request", "timestamp": 1618851441.4848037},
{"event": "/api/v2beta/outposts/outposts/", "host": "10.0.0.3", "level": "info", "logger": "authentik.asgi", "method": "GET", "pid": 11, "request_id": "250362d3a6e3419eafd7d3b54df337e3", "runtime": 58, "scheme": "http", "size": 0.032, "status": 401, "timestamp": "2021-04-19T16:57:21.486216"}

@BeryJu
Copy link
Member

BeryJu commented Apr 19, 2021

Hmm, this looks like the service account that is created for each outpost doesn't have the correct permissions yet. This is normally done (in the background) when saving an outpost. There is also the System task outpost_token_ensurer which periodically checks this. Can you check if that task has reported any errors/ran recently?

@chvolkmann
Copy link
Author

image

@chvolkmann
Copy link
Author

Found the issue. I regenerated the token by accident and didn't update it. Resetting it resolved this.

I'd suggest to print another error message though :)

@BeryJu
Copy link
Member

BeryJu commented Apr 19, 2021

Cheers, how would you except the error message to look like?

BeryJu added a commit that referenced this issue Apr 19, 2021
@BeryJu
api: make 401 messages clearer
464a1c0 
closes #755

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@BeryJu BeryJu

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@BeryJu @chvolkmann