AWS CodeArtifact:mvn deploy:deploy-file 无法部署工件:无法传输工件 401 Unauthorized

Posted

技术标签:

【中文标题】AWS CodeArtifact:mvn deploy:deploy-file 无法部署工件:无法传输工件 401 Unauthorized【英文标题】:AWS CodeArtifact: mvn deploy:deploy-file Failed to deploy artifacts: Could not transfer artifact 401 Unauthorized 【发布时间】:2021-11-19 22:55:10 【问题描述】:

我在尝试将 java 库 (jar) 发布到 AWS CodeArtifact Maven 存储库时遇到问题。当我尝试发布它时,我得到 HTTP 状态代码 401(未经授权)。这表明我做错了什么,比如缺少 CODEARTIFACT_AUTH_TOKEN 环境变量,或者使用了错误的 aws 凭证/配置文件等。但是 AWS CodeArtifact 非常简单:我们只需要:

生成新的 CODEARTIFACT_AUTH_TOKEN 并将其设置为环境变量, 使用 username=aws 和 password=$env.CODEARTIFACT_AUTH_TOKEN 更新我们的本地 Maven .m2/settings.xml 以指向 AWS CodeArtifact 服务器 确保我们从有权访问 AWS CodeArtifact 域和 Maven 存储库的帐户生成该令牌(如果我们无权访问,则会出错)。

...超级简单。然而,当我尝试使用我的设置“mvn deploy-file”时,我得到 401 Unauthorized ......请参阅下面的完整设置:

我通过 Cloudformation 模板设置了 AWS CodeArtifact 域和 Maven 存储库(如果需要,请忽略 NPM 和上游存储库):

AWSTemplateFormatVersion: "2010-09-09"

Description: CodeArtifact Domain, Maven repo, NPM repo, and upsteam repos 

Resources:
  CodeArtifactDomain:
    Type: AWS::CodeArtifact::Domain
    Properties:
      DomainName: mydomain
      PermissionsPolicyDocument:
        Version: 2012-10-17
        Statement:
          - Action:
              - codeartifact:CreateRepository
              - codeartifact:DescribeDomain
              - codeartifact:GetAuthorizationToken
              - codeartifact:GetDomainPermissionsPolicy
              - codeartifact:ListRepositoriesInDomain
              - sts:GetServiceBearerToken
              - codeartifact:DescribePackageVersion
              - codeartifact:DescribeRepository
              - codeartifact:GetPackageVersionReadme
              - codeartifact:GetRepositoryEndpoint
              - codeartifact:ListPackageVersionAssets
              - codeartifact:ListPackageVersionDependencies
              - codeartifact:ListPackageVersions
              - codeartifact:ListPackages
              - codeartifact:ReadFromRepository
              - codeartifact:PublishPackageVersion
              - codeartifact:PutPackageMetadata
            Effect: Allow
            Principal:
              AWS:
                - "arn:aws:iam::123456788904:root" 
                - "arn:aws:iam::123456789098:root"
                - "arn:aws:iam::123456789087:root"
            Resource: "*"
      Tags:
        - Key: Name
          Value: CodeArtifact Domain

  ArtifactUpstreamRepositoryMaven:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: maven-upstream-repo
      DomainName: !GetAtt CodeArtifactDomain.Name
      ExternalConnections:
        - public:maven-central
  ArtifactRepositoryMaven:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: maven-repo
      Description: Maven CodeArtifact Repository
      DomainName: !GetAtt CodeArtifactDomain.Name
      Upstreams:
        - !GetAtt ArtifactUpstreamRepositoryMaven.Name
      Tags:
        - Key: Name
          Value: Maven CodeArtifact Repository

  ArtifactUpstreamRepositoryNPM:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: npm-upstream-repo
      DomainName: !GetAtt CodeArtifactDomain.Name
      ExternalConnections:
        - public:npmjs
  ArtifactRepositoryNPM:
    Type: AWS::CodeArtifact::Repository
    Properties:
      RepositoryName: npm-repo
      Description: NPM CodeArtifact Repository
      DomainName: !GetAtt CodeArtifactDomain.Name
      Upstreams:
        - !GetAtt ArtifactUpstreamRepositoryNPM.Name
      Tags:
        - Key: Name
          Value: NPM CodeArtifact Repository

Outputs:
  CodeArtifactDomain:
    Description: The CodeArtifact Domain
    Value: !Ref CodeArtifactDomain
    Export:
      Name: CodeArtifactDomain

我运行了上述 cloudformation 模板并确认它已成功完成,然后导航到 CodeArtifact 以检查 CodeArtifact 域和存储库是否已成功创建(它们是)。然后我查找了我的存储库的连接说明。使用这些连接说明,我首先剪切并粘贴了第一个:

export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain mydomain --domain-owner <MY_ACCOUNT_NUMBER --query authorizationToken --output text`

然后我在 ~/.m2/settings.xml 中设置我的 maven 设置,并将所有设置显示在我的存储库的连接说明中(在 AWS 控制台中):

<?xml version="1.0" encoding="UTF-8"?>

<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">

  <servers>
          <server>
                <id>mydomain-maven-repo</id>
                <username>aws</username>
                <password>$env.CODEARTIFACT_AUTH_TOKEN</password>
          </server>
  </servers>

  <profiles>
          <profile>
                <id>mydomain-maven-repo</id>
                <activation>
                  <activeByDefault>true</activeByDefault>
                </activation>
                <repositories>
                  <repository>
                        <id>mydomain-maven-repo</id>
                        <url>https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/</url>

                  </repository>
                </repositories>
          </profile>
  </profiles>
</settings>

最后,我尝试 mvn:将我的一个库部署到 AWS CodeArtifact maven 存储库:

  mvn deploy:deploy-file \
    -DgroupId=com.myorg \
    -DartifactId=my-client_2.12 \
    -Dversion=1.0.1-play28    \
    -Dfile=./my-client_2.12-1.0.1-play28.jar   \
    -Dsources=./my-client_2.12-1.0.1-play28-sources.jar \
    -Djavadoc=./my-client_2.12-1.0.1-play28-javadoc.jar \
    -Dpackaging=jar                \
    -DrepositoryId=maven-repo    \
    -Durl=https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/

我得到这个错误:

[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy-file (default-cli) @ standalone-pom ---
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.319 s
[INFO] Finished at: 2021-09-27T15:10:56-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact my-client_2.12:jar:1.0.1-play28 from/to maven-repo (https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/): Transfer failed for https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar 401 Unauthorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException

我可以通过运行确认我在 ~/.aws/credentials 中使用了正确的凭据

aws sts get-caller-identity

我也确认我

拥有最新的 mvn 可执行文件 将 M2_HOME 设置为指向我的 ~/.m2 获得最近的令牌(不超过 12 小时)

我不知道为什么我在 mvn deploy-file 时得到 401 未授权...有什么想法吗?

【问题讨论】:

【参考方案1】:

Arg,找到了。问题在于“mvn deploy:deploy-file”参数之一:

-DrepositoryId=maven-repo

...需要匹配~/.m2/settings.xml中的服务器id:

<id>mydomain-maven-repo</id>

如果我将 mvn 命令更改为 put:

-DrepositoryId=mydomain-maven-repo

... 401 Unauthorized 错误消失了!!! Argg AWS:这不应该是 404、400 还是其他?这不是未经授权的,它是一个未知的存储库。它正在推动 401 的定义……

无论如何,亲爱的互联网:如果 CodeArtifact 曾经对您返回 401,请注意您可能配置错误。这可能不是授权问题。

【讨论】:

以上是关于AWS CodeArtifact:mvn deploy:deploy-file 无法部署工件:无法传输工件 401 Unauthorized的主要内容,如果未能解决你的问题,请参考以下文章

如何拥有公共 AWS CodeArtifact 存储库策略

如何在云上创建自己的 Artifactory,例如 AWS 的 Codeartifact、Jfrog 的 Artifactory

缺少 AWS CodeArtifact 公共 npm 包版本

执行命令时出错:mvn test。原因:退出状态 1 - AWS

powershell 来自http://www.abhinavrastogi.com/powershell_for_remote_tomcat_deployment.html

powershell 来自http://www.abhinavrastogi.com/powershell_for_remote_tomcat_deployment.html