bazelbuild
maven repository credential settings does not work (or missing correct example)
Description of the problem / feature request:
I try to use a maven repository which is protected with username and password. I got the tip that I may use the settings from coursier project. But also the documentation from this project has not helped me to solve the problem.
The only thing (which is ugly from a security point of view) is to set the username/password direct in the repositories definition like https://username:[email protected] in the WORKSPACE file (and check this file into git).
Can you give a clean example of what to do to setup correct the credentials for a maven repository? It would be fine to use credentials.properties file or using environment variable COURSIER_CREDENTIALS or setup something in .bazelrc file.
Feature requests: what underlying problem are you trying to solve with this feature?
Using protected maven repositories.
Bugs: what's the simplest, easiest way to reproduce this bug? Please provide a minimal example if possible.
Using a username/ password protected repository to download maven dependencies with bazel.
I have tried to following things (all them do not work):
- create a credentials.properties file under C:\Users\myUser.config\coursier\credentials.properties
- put something like this into the file:
username=YYYY password=XXXXX host=https://my.protected.io/nexus/content/groups/public auto=true - try to download the maven dependencies (now I get
unauthorizederrors)
The next thing I tried like from another issue https://github.com/bazelbuild/rules_jvm_external/issues/80 is to setup maven user name and password through .bazelrc file ... this fails also.
I tried also using coursier environment variable like this:
- env$:COURSIER_CREDENTIALS='my.protected.io username:password'
What operating system are you running Bazel on?
Windows 10
What's the output of bazel info release?
Replace this line with your answer.
If bazel info release returns "development version" or "(@non-git)", tell us how you built Bazel.
release 1.0.0
Very similar problem on my side.
I tried using https://username:[email protected] in WORKSPACE->maven_install->repositories and ~/Library/Preferences/Coursier/credentials.properties file.
In both cases I managed to pin dependencies with bazel run @maven//:pin but executing build fails with Download from https://ourartifactory/maven/repository/internala/guava/25.0-jre/guava-25.0-jre.jar failed: class com.google.devtools.build.lib.bazel.repository.downloader.UnrecoverableHttpException GET returned 401 Unauthorized.
Bazel version: 1.1.0-homebrew RULES_JVM_EXTERNAL_TAG = "2.10"
When I look at /private/var/tmp/_bazel_aczepil/80b4eaa0773b823006eb7f73f4662700/external/maven/defs.bzl I can see wrong URLs there, for example
https://ourrepo/maven/repository/internallogback-classic/1.2.3/logback-classic-1.2.3.jar but it should be https://ourrepo/maven/repository/internal/ch/qos/logback/logback-classic/1.2.3/logback-classic-1.2.3.jar
Group id /ch/qos/logback/ is missing from the URL.
mirror_urls in maven_install.json is invalid, my guess is it is tried as a fallback after authorization to the primary URL fails, so it might be a separate problem 🤦♂
Actually this is it. When I manually fixed mirror_urls in maven_install.json it started working, for example:
$ bazel fetch @maven//:org_hamcrest_hamcrest_core_1_3
INFO: All external dependencies fetched successfully.
Loading: 2 packages loaded
I'm running into a similar problem with maven_install.json except it downloads the artifacts properly using user/password in coursier.properties (credentials not in URL) and using same user to pin artifacts, but if another user tries to download artifacts on different machine, it fails. If we don't use the pinned maven_install.json, everything works.
It's also problematic that maven_install.json leaves USER in the URL for each artifact. The reason is because this is checked into source control and security flags user IDs in checked in files.
I'm using bazel 1.0.0 on mac and linux and 3.1 maven_install. See the same problems on both. This is a showstopper for migrating to bazel 2.0.
We moved to mvn_install 3.2 and set up $HOME/,netrc config with credentials and everything is working now.
