Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEVOPS-1901 Fix error: az login again to refresh permissions #4050

Merged
merged 8 commits into from May 7, 2024
Merged

DEVOPS-1901 Fix error: az login again to refresh permissions #4050

merged 8 commits into from May 7, 2024

Conversation

urbinaalex17
Copy link
Contributor

Type of change

- [X] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Split the remove docker images steps per registry since that's what causing the issue:

WARNING: Unable to get AAD authorization tokens with message: 2024-03-22 14:54:44.177986 An error occurred: CONNECTIVITY_REFRESH_TOKEN_ERROR
Access to registry 'bitwardenqa.azurecr.io' was denied. Response code: 403. Please try running 'az login' again to refresh permissions.

Code changes

  • .github/workflows/cleanup-after-pr.yml: Separate the removal of docker images per registry instead of using a list of registries.

Before you submit

  • Please check for formatting errors (dotnet format --verify-no-changes) (required)
  • If making database changes - make sure you also update Entity Framework queries and/or migrations
  • Please add unit tests where it makes sense to do so (encouraged but not required)
  • If this change requires a documentation update - notify the documentation team
  • If this change has particular deployment requirements - notify the DevOps team

@urbinaalex17 urbinaalex17 self-assigned this May 3, 2024
@urbinaalex17 urbinaalex17 requested a review from a team as a code owner May 3, 2024 17:51
@urbinaalex17 urbinaalex17 changed the title DEVOPS-1901 Fix az login' again to refresh permissions for multiple registries DEVOPS-1901 Fix az login again to refresh permissions for multiple registries May 3, 2024
@codecov Codecov
Copy link

codecov bot commented May 3, 2024
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 38.79%. Comparing base (2a535ac) to head (d1089d4).
Report is 9 commits behind head on main.

❗ Current head d1089d4 differs from pull request most recent head 355e6d8. Consider uploading reports for the commit 355e6d8 to get more accurate results

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4050   +/-   ##
=======================================
  Coverage   38.79%   38.79%           
=======================================
  Files        1216     1216           
  Lines       59175    59175           
  Branches     5648     5648           
=======================================
  Hits        22955    22955           
- Misses      35162    35163    +1     
+ Partials     1058     1057    -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 3, 2024
edited

Logo
Checkmarx One – Scan Summary & Details98a5966d-7048-4672-9b45-027a08aa3f4b

New Issues

Severity Issue Source File / Package Checkmarx Insight
MEDIUM Privacy_Violation /src/Api/Auth/Controllers/AccountsController.cs: 955 Attack Vector
MEDIUM Privacy_Violation /src/Api/Auth/Controllers/AccountsController.cs: 937 Attack Vector
MEDIUM Privacy_Violation /src/Api/Auth/Controllers/AccountsController.cs: 655 Attack Vector
MEDIUM Privacy_Violation /src/Api/Auth/Controllers/AccountsController.cs: 518 Attack Vector
LOW Log_Forging /src/Api/AdminConsole/Controllers/ProvidersController.cs: 82 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 929 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 947 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 510 Attack Vector
LOW Log_Forging /src/Api/Auth/Controllers/AccountsController.cs: 647 Attack Vector

Fixed Issues

Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 587
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 587
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 587
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 587
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 132
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProvidersController.cs: 141
MEDIUM CSRF /src/Api/SecretsManager/Controllers/AccessPoliciesController.cs: 229
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 309
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 161
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 161
MEDIUM CSRF /src/Api/Billing/Controllers/ProviderClientsController.cs: 30
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 190
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 331
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 331
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 710
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 686
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 891
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 173
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 752
MEDIUM CSRF /src/Api/Vault/Controllers/FoldersController.cs: 45
MEDIUM CSRF /src/Api/Controllers/SelfHosted/SelfHostedOrganizationLicensesController.cs: 51
MEDIUM CSRF /src/Api/Controllers/UsersController.cs: 22
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 70
MEDIUM CSRF /src/Api/Controllers/DevicesController.cs: 57
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 69
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/PoliciesController.cs: 49
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 92
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 49
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 142
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderOrganizationsController.cs: 52
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 148
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 78
MEDIUM CSRF /src/Api/AdminConsole/Controllers/PoliciesController.cs: 61
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 163
MEDIUM CSRF /bitwarden_license/src/Sso/Controllers/AccountController.cs: 96
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/UsersController.cs: 50
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 161
MEDIUM CSRF /src/Api/Auth/Controllers/EmergencyAccessController.cs: 159
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 98
MEDIUM CSRF /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 88
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 222
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 222
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 288
MEDIUM CSRF /src/Api/Controllers/SettingsController.cs: 36
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 411
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 193
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 362
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 766
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 375
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1100
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 244
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 571
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 284
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 303
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/OrganizationsController.cs: 308
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProvidersController.cs: 232
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 81
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 118
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 72
MEDIUM CSRF /src/Identity/Controllers/AccountsController.cs: 50
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 230
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 331
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 942
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 125
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 86
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 216
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 111
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 298
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 316
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 66
MEDIUM CSRF /src/Api/Tools/Controllers/ImportCiphersController.cs: 50
MEDIUM CSRF /src/Api/Public/Controllers/CollectionsController.cs: 64
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 408
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 550
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 607
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 607
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 159
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 299
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 586
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 433
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 222
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 702
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 967
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1023
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1023
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 563
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationsController.cs: 590
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 908
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 193
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/OrganizationController.cs: 42
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 313
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 244
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 174
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 187
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 257
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 284
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 447
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 613
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 303
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 411
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 791
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 323
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 144
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 878
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 805
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1046
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1046
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 815
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 375
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 550
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 274
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 150
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 150
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 133
MEDIUM CSRF /src/Api/Auth/Controllers/TwoFactorController.cs: 403
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 175
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 911
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 728
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1080
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 997
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 997
MEDIUM CSRF /src/Api/AdminConsole/Controllers/ProviderUsersController.cs: 188
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 196
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 187
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 156
MEDIUM CSRF /src/Api/Auth/Controllers/AccountsController.cs: 560
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 59
MEDIUM CSRF /src/Api/AdminConsole/Public/Controllers/MembersController.cs: 127
MEDIUM CSRF /src/Admin/AdminConsole/Controllers/ProviderOrganizationsController.cs: 39
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 101
MEDIUM CSRF /src/Api/Auth/Controllers/WebAuthnController.cs: 130
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 659
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 1100
MEDIUM CSRF /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 117
MEDIUM CSRF /src/Api/AdminConsole/Controllers/GroupsController.cs: 93
MEDIUM CSRF /src/Api/Controllers/CollectionsController.cs: 375
MEDIUM

More results are available on AST platform

@urbinaalex17 urbinaalex17 changed the title DEVOPS-1901 Fix az login again to refresh permissions for multiple registries DEVOPS-1901 Fix error: az login again to refresh permissions for multiple registries May 3, 2024
@urbinaalex17 urbinaalex17 changed the title DEVOPS-1901 Fix error: az login again to refresh permissions for multiple registries DEVOPS-1901 Fix error: az login again to refresh permissions May 3, 2024
mimartin12
mimartin12 requested changes May 3, 2024
View reviewed changes
Copy link
Contributor

@mimartin12 mimartin12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some of the fixes include references to a container registry that just isn't used, as shown in the build workflows. We don't need it and can remove.

.github/workflows/cleanup-after-pr.yml Outdated Show resolved Hide resolved
.github/workflows/cleanup-after-pr.yml Outdated Show resolved Hide resolved
@urbinaalex17
Copy link
Contributor Author

@mimartin12 , is the qa registry the one that we are not using?

@mimartin12
Copy link
Contributor

@mimartin12 , is the qa registry the one that we are not using?

Yes, the build workflow only pushes to prod.

server/.github/workflows/build.yml

Lines 13 to 14 in 5a5e5c5

env:
_AZ_REGISTRY: "bitwardenprod.azurecr.io"

@urbinaalex17 urbinaalex17 enabled auto-merge (squash) May 3, 2024 22:38
mimartin12
mimartin12 requested changes May 7, 2024
View reviewed changes
.github/workflows/cleanup-after-pr.yml Outdated Show resolved Hide resolved
@urbinaalex17 urbinaalex17 merged commit 1ede40d into main May 7, 2024
26 checks passed
@urbinaalex17 urbinaalex17 deleted the task/DEVOPS-1901 branch May 7, 2024 19:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mimartin12 mimartin12 mimartin12 approved these changes

Assignees

@urbinaalex17 urbinaalex17

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@urbinaalex17 @mimartin12