Various Codespace Secrets endpoints failing when using a Personal Access Token or GitHub App #3000
Comments
|
Hmmm... thanks for the detailed writeup of the issues you are seeing. I'll leave this issue open in the hopes that someone else has tried the Codespace APIs. Maybe @artificial-aidan who wrote the initial implementation in #2803 has some ideas. |
|
I didn't end up using the implementation in my companies product, so other than initial testing I don't have much info. What I would do is replicate the same process with bare http calls and see if you get the same process. I think there is a logging setting in the Go library to print all http calls. |
|
Thanks, @artificial-aidan ! Along the same lines, this package is frequently helpful to debug the |
|
Thanks for the suggestions. I am seeing the same errors when using the curl commands directly, such as using a PAT for the organization codespace public key: Providing an incorrect PAT changes the error message to I'll see what options I have available regarding bringing this up with GitHub directly. |
To preface this, I'm not sure if I'm simply doing something incorrectly, if there's an issue in the library, or if there's an issue in GitHub's API. I figure this is the best spot to start with.
I am getting several different kinds of errors when trying to use the Codespace Secrets feature via GitHub App. For example, when trying to access User secrets via the app, I get the following error when trying to obtain the User Codespace secrets public key:
https://api.github.com/user/codespaces/secrets/public-key: 403 Resource not accessible by integrationThe permissions explained here say that the App needs the
codespaces_user_secretsuser permission. You can see in this screenshot that the permission is indeed set:I also noticed updating permissions in the Account section of a GitHub App does not trigger the typical "app is requesting an update to its permissions." prompt that appears when Repository or Organization permissions are changed, so I'm leaning towards this being a GitHub-side issue.
Next, I am unable to start or stop a Codespace in a repository, once again as a GitHub App. This time I am able to authenticate and fully access the repository Codespace secrets as the GitHub App however. I get the following error when calling start:
https://api.github.com/user/codespaces/<random_gh_codespace_name>/start: 404 Not FoundThe permissions explained here say that the App needs the
codespaces_lifecycle_adminrepository permission. You can see again in this screenshot that the permission is indeed set:Lastly, the final issue with Codespace secrets. This time, it fails Personal Access Tokens (+it seems GitHub doesn't support Apps for these Org secrets at all). Like the first issue, when trying to obtain the public key of the Organization Codespace secrets it fails:
https://api.github.com/orgs/<org_name>/codespaces/secrets/public-key: 404 Not FoundThe permissions explained here say that the Access Token needs the
admin:orgorganization permission. You can see in the screenshot one final time that the permission is set:I found it a bit strange this one supposedly doesn't require "organization codespace secrets" permissions to be set like the others all require, however adding that permission and in fact all permissions to the PAT still gives the same public key error.
My hunch is this is all likely on GitHub's side but as mentioned I figured I'd start here first, and I can point to this post as a later reference if I need to open up an issue with GitHub directly.
The text was updated successfully, but these errors were encountered: