Adding a new webhook for git results in failure



Recently , worked on a case where user had challenges in creating a webhook for git


We were hitting an exception stating



400 Bad Request from POST http://identity-service-prelide-sb.cluster.local:8000/csp/gateway/am/api/auth/api-tokens/authorize


When we fill all the information needed to save / create the webhook , we hit above exception. So what's happening in the background . We will find all the information w.r.t this error in codestream logs




--------------------------------------------------------------------------------------------------------------------------
When an API call is made to authorize 
--------------------------------------------------------------------------------------------------------------------------


2022-05-24T02:13:15.501Z DEBUG codestream [host='codestream-app-74cd595686-6vxfc' thread='parallel-9' user='' org='' trace='' parent='' span=''] o.s.w.r.f.client.ExchangeFunctions.traceDebug:119 - [4baaf594] HTTP POST http://identity-service.prelude.svc.cluster.local:8000/csp/gateway/am/api/auth/api-tokens/authorize


--------------------------------------------------------------------------------------------------------------------------
This returns a 400 response stating invalid refresh token 
--------------------------------------------------------------------------------------------------------------------------


2022-05-24T02:13:15.895Z INFO identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='pool-3-thread-1' user='' org='' trace=''] com.vmware.identity.rest.RestClient.lambda$logRequest$1:74 - POST https://sso.iaas.nz.service.test/SAAS/API/1.0/oauth2/token?grant_type=refresh_token 
2022-05-24T02:13:15.916Z ERROR identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='reactor-http-epoll-3' user='' org='' trace=''] c.v.i.c.RestResponseEntityExceptionHandler.logBriefError:213 - Handling bad request exception: java.lang.IllegalArgumentException: REST error received: { 
          "error": "invalid_grant", 
          "error_description": "Invalid refresh token: Njg3MDIxNjg2MjI0OmsuDq93TLejOHGxNc0uR5eMuskn" 
        }, status code: 400 BAD_REQUEST 
           thrown at com.vmware.identity.common.util.WebClientUtil.handleException:36 
2022-05-24T02:13:15.916Z INFO identity-service [host='identity-service-app-7857cb8674-4v5nq' thread='reactor-http-epoll-1' user='' org='' trace=''] reactor.netty.http.server.AccessLog.info:270 - 10.244.0.76 - - [24/May/2022:02:13:15 +0000] "POST /csp/gateway/am/api/auth/api-tokens/authorize HTTP/1.1" 400 303 8080 414 ms


--------------------------------------------------------------------------------------------------------------------------
After exception in identity-service, codestream throws the same exception 
--------------------------------------------------------------------------------------------------------------------------


2022-05-24T02:13:15.916Z DEBUG codestream [host='codestream-app-74cd595686-6vxfc' thread='reactor-http-epoll-12' user='' org='' trace='' parent='' span=''] o.s.w.r.f.client.ExchangeFunctions.traceDebug:119 - [4baaf594] [166c65f5-1] Response 400 BAD_REQUEST 
2022-05-24T02:13:15.918Z INFO codestream [host='codestream-app-74cd595686-6vxfc' thread='reactor-http-epoll-10' user='' org='' trace='' parent='' span='] reactor.netty.http.server.AccessLog.info:270 - 10.244.0.63 - - [24/May/2022:02:13:15 +0000] "POST /codestream/api/git-webhooks HTTP/1.1" 400 330 8000 438 ms

                                
                
                

The reason for exception is that there is a section called API Token in WebHooks. This API token is the refresh token generated from vRA


This token has to be valid





Once this was changed and a valid token was provided , we were able to save the webhook or create it.


One more method to verify if the token is expired is through the API response



The Expires HTTP header contains the date/time after which the response is considered expired. Invalid expiration dates with value 0 represent a date in the past and mean that the resource is already expired



 

8 views0 comments

Recent Posts

See All

vRealize Automation 8.8.1 was released last evening and here's my experience in implementing in my lab. I've attached Upgrade runbook vRA 8.8.1 Deep-Dive.pdf document which contains all of the steps