Bamboo Plans gadget does not load in Confluence due to Trusted App authentication errors
プラットフォームについて: Server および Data Center のみ。この記事は、Server および Data Center プラットフォームのアトラシアン製品にのみ適用されます。
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Fisheye および Crucible は除く
要約
Bamboo Plans Gadget not loading in Confluence pages.
環境
- Bamboo connected to Confluence through application links and using OAuth as the authentication method.
- Bamboo gadget feed added to Confluence.
診断
- Navigate to Confluence Administration > Logging and profiling
- Add org.apache.http and set to DEBUG, remember to click Save at the bottom to apply
- Refresh the page where the Bamboo gadget fails
Set org.apache.http back to WARN level or remove it
Checking the DEBUG logs, we can see that the gadget is found and retrieved:
2019-12-13 09:32:06,640 DEBUG [http-nio-8443-exec-298] [org.apache.http.wire] wire http-outgoing-499824 >> "GET /rest/gadgets/1.0/g/com.atlassian.bamboo.gadgets:gadgets.planStatus/status/planStatus.xml HTTP/1.1[\r][\n]"
...
2019-12-13 09:32:06,678 DEBUG [http-nio-8443-exec-298] [org.apache.http.wire] wire http-outgoing-499824 << "HTTP/1.1 200 OK[\r][\n]"Continuing the log review, this can be seen later on:
2019-12-13 09:32:08,859 DEBUG [http-nio-8443-exec-346] [http.impl.execchain.MainClientExec] execute Executing request GET /rest/api/latest/result/PRJ-KEY.json?expand=results%5B0%3A9%5D.result&max-results=10&nocache=1576258328693 HTTP/1.1
...
2019-12-13 09:32:08,916 DEBUG [http-nio-8443-exec-346] [org.apache.http.wire] wire http-outgoing-499833 << "X-Seraph-Trusted-App-Status: ERROR[\r][\n]"
...
2019-12-13 09:32:08,917 DEBUG [http-nio-8443-exec-346] [org.apache.http.wire] wire http-outgoing-499833 << "X-Seraph-Trusted-App-Error: APP_UNKNOWN;[0x9]Unknown Application: {0};[0x9]["confluence:14047965"][\r][\n]"
...
2019-12-13 09:32:08,925 DEBUG [http-nio-8443-exec-346] [org.apache.http.headers] onResponseReceived http-outgoing-499833 << HTTP/1.1 401 Unauthorized
...
2019-12-13 09:32:08,929 DEBUG [http-nio-8443-exec-346] [org.apache.http.headers] onResponseReceived http-outgoing-499833 << X-Seraph-Trusted-App-Error: APP_UNKNOWN; Unknown Application: {0}; ["confluence:14047965"]
...
2019-12-13 09:32:08,931 DEBUG [http-nio-8443-exec-346] [org.apache.http.headers] onResponseReceived http-outgoing-499833 << WWW-Authenticate: OAuth realm="https%3A%2F%2Fbamboo.url%3A443"
...
2019-12-13 09:32:08,948 DEBUG [http-nio-8443-exec-374] [http.impl.conn.DefaultHttpClientConnectionOperator] connect Connecting to bamboo.url/1.1.1.1:443
...
2019-12-13 09:32:08,954 DEBUG [http-nio-8443-exec-346] [org.apache.http.wire] wire http-outgoing-499833 << "{"message":"Access is denied","status-code":401}"Notice that access was denied due to a Trusted App error.
原因
The gadget itself can be loaded based on the logs, but Confluence is unable to fetch the contents to populate it due to that 401. Although OAuth is in use, we can see Trusted App errors on the logs. This indicates there are corrupted entries from old app links which used that authentication method in the past. To confirm, run the following queries on the Bamboo database:
SELECT * FROM trusted_apps_IPS;
SELECT * FROM trusted_apps_URLS;
SELECT * FROM trusted_apps;ソリューション
If the queries above return any results, remove those entries and recreate the app link as follows:
- Stop Bamboo
- Take a database backup
Run the following queries to clean up the trusted app entries:
DELETE FROM trusted_apps_IPS; DELETE FROM trusted_apps_URLS; DELETE FROM trusted_apps;- Restart the app
- Delete the current application link to Confluence
- Do the same on the Confluence side for the Bamboo link
- Try to recreate the link from any of the apps
- Check the results
More information on how app link data is stored in Bamboo can be found here: How to remove Application Links Manually from Bamboo