Manage environments by CI/CD for Q&A

Hi

I’m trying to achieve a Devops workflow between our Q&A Kubernetes and Forest.

We are already creating DEV env from localhost. The purpose here is to generate a Forest environment for Q&A when our PR Github generate our app for Q&A too.

I have created the K8 Forest pod and everything is ok thanks to Forest Toolbet. But when I’m going to my Forest environment I see a popin telling me “Unable to authenticate you. We can’t reach your server. Please check that your admin backend is correctly configured and running.”

I’ve tried to create a CLIENT ID from here Running Forest Admin on multiple servers - Developer Guide but I get every time a 500 ERROR.

Screenshot 2023-08-31 at 10.31.37850×592 37 KB

I need to understand how I can connect my K8 Forest Admin app to my Forest environment when I generate it by the Forest Toolbet.

Thanks

Hello,
Can I have your project name please? It will help us to debug yourself.

This modal is displayed, when forestadmin does not have access to your agent. A lot of reasons can cause this problem (bad credentials, bad agent url etc.)

To find the cause of your problem, please,
Can you open your console and share the trace of the failing requests?
Can you see a request on your agent (admin backend) side?

Hi @Alban_Bertolini

My project: JULAYA_DASHBOARD

On the console the failed request is localhost. It’s weird:

http://localhost:3310/forest/authentication/callback?code=qboJE3bWTTdtsDo11eYS0Qc27g1ZHK77sNcntqWxaCHttf37cDs2G8DPERRCsBoV&state=%7B%22renderingId%22%3A217597%7D

Yes I can see logs when I’m refreshing the page with popin on Forest:

Your application is listening on port 3310.
[forest] 🌳🌳🌳  Checking need for apimap update...
Your admin panel is available here: https://app.forestadmin.com/projects
[forest] 🌳🌳🌳  No change in apimap, nothing sent to Forest.
POST /forest/authentication 200 1020 - 138.629 ms
POST /forest/authentication 200 1020 - 10.591 ms
POST /forest/authentication 200 1020 - 2.606 ms
POST /forest/authentication 200 1020 - 2.966 ms

A dev environment can be in localhost. Only “remote” environment like a Production or a Staging env must be in public.

Can you share the request response please?

Sorry, which request?

The frontend request, in your network section, you can find all the failing requests.

Sorry but no response.

Screenshot 2023-08-31 at 12.22.502880×1126 484 KB

Screenshot 2023-08-31 at 12.22.572880×1130 450 KB

Screenshot 2023-08-31 at 12.23.212880×1132 330 KB

Maybe I’m wrong in the workflow?

• I create environment by Forest Toolbet:

${FOREST_CMD} login -e ${FOREST_AUTH_LOGIN} -t ${FOREST_AUTH_TOKEN}
FOREST_ENV_CONFIG=$(${FOREST_CMD} environments:create -p ${FOREST_PROJECT_ID} -n "${ENVIRONMENT_NAME}" -u "https://${EXTERNAL_URL}" --disableRoles --format=json)

• I get the secret and id from create env command

  export FOREST_AUTH_SECRET=$(echo "${FOREST_ENV_CONFIG}" | ${JQ_CMD} -r '.authSecret')
  export FOREST_ENV_SECRET=$(echo "${FOREST_ENV_CONFIG}" | ${JQ_CMD} -r '.secretKey')
  export FOREST_ENVIRONMENT_ID=$(echo "${FOREST_ENV_CONFIG}" | ${JQ_CMD} -r '.id')

• I run the admin

npm start

• I try to get FOREST_CLIENT_ID but always get a 500 error

CODE=$(curl -o /dev/null -s -w '%{http_code}' \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer ${FOREST_ENV_SECRET}" \
  -X POST \
  -d "{\token_endpoint_auth_method\": \"none\", \"redirect_uris\": [\"${EXTERNAL_URL}/forest/authentication/callback\"]}" \
  https://api.forestadmin.com/oidc/reg)

if [[ "${CODE}" =~ ^4 || "${CODE}" =~ ^5 ]]; then
  echo "ERROR: server returned HTTP code $CODE"
  exit 1
fi

So maybe I’m wrong somewhere?

Just for try, can you disable your ad blocker if you have one?

Disabled and reloaded and nothing change

Does the request status is different? Because on your screenshot, the status was “(blocked:other)”.
Also, Can you share your environment name please?

Yes

Env name: Qovery | blueprint

Please, can you run the curl command to get the CLIENT_ID manually to check if the command works and avoid mistakes from your script?

I’ve fixed the client id request and now I can write my env var FOREST_CLIENT_ID.

But no luck, I have always Unable to authenticate you popin

Maybe I miss a step?

It should be good.
Can you share all the logs again ? Front + back.

Back

> node ./server.js
Your application is listening on port 3310.
[forest] 🌳🌳🌳  Checking need for apimap update...
[forest] 🌳🌳🌳  No change in apimap, nothing sent to Forest.
Your admin panel is available here: https://app.forestadmin.com/projects
OPTIONS /forest/authentication 204 0 - 2.428 ms
POST /forest/authentication 200 1056 - 152.652 ms
POST /forest/authentication 200 1056 - 11.927 ms
POST /forest/authentication 200 1056 - 3.148 ms
POST /forest/authentication 200 1056 - 3.693 ms
POST /forest/authentication 200 1056 - 2.529 ms

On the other hand, in the front it will always look for a localhost

{
    "errors": [
        {
            "status": 400,
            "detail": "The redirect uri must be one of https://myurl/forest/authentication/callback. Received \"http://localhost:3310/forest/authentication/callback\"",
            "meta": {},
            "name": "InvalidRedirectUriError"
        }
    ]
}

Can you anonymize your url please, because it can introduce securities issues.

Done, changed to myurl

@Alban_Bertolini Thank you very much for your time and patience for debugging with me. I have understand a little bit more thanks to you.

I’ve added APPLICATION_URL to my env var and all is working now

Great! I’m very happy to unblock you!