Specify username in password-auth repository mirroring

orcr12 · April 20, 2023, 3:45pm

Hi everyone,

I have an issue while configuring a push repository mirroring to CodeCommit.
Everything is fine on the other side, both IAM user and its permissions on the repository itself. If I try to ls-remote the CodeCommit repository without username in the URL, everything goes fine:

git ls-remote https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
7166b33079ff40dd375b353a39555e2cba770cd1	HEAD
e5fcd95f83f89d208fa00d0a8466bff2065593ce	refs/heads/develop
7166b33079ff40dd375b353a39555e2cba770cd1	refs/heads/main

(username and password inserted via terminal)

If, instead, I try with the username@URL, an error message appears:

git ls-remote https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
fatal: unable to access 'https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO/': The requested URL returned error: 403

The same command works if I specify username and password in the URL, but this is not currently feasible within the “Mirroring Repositories” section.
Is that possible to specify also the username (as input text) when using “Password” as authentication method?

Thank you in advance!

GitLab version: Community Edition 15.10.2

Here my sources:

Below the full details of the above “git clone” commands.

git ls-remote https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO                                               
17:23:59.608461 git.c:460               trace: built-in: git ls-remote https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:23:59.610079 run-command.c:655       trace: run_command: git remote-https https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:23:59.622209 git.c:750               trace: exec: git-remote-https https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:23:59.623305 run-command.c:655       trace: run_command: git-remote-https https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:23:59.664889 http.c:701              == Info: Couldn't find host git-codecommit.eu-south-1.amazonaws.com in the (nil) file; using defaults
17:23:59.700312 http.c:701              == Info:   Trying 52.119.129.48:443...
17:23:59.871844 http.c:701              == Info: Connected to git-codecommit.eu-south-1.amazonaws.com (52.119.129.48) port 443 (#0)
17:23:59.872074 http.c:701              == Info: ALPN: offers h2
17:23:59.872097 http.c:701              == Info: ALPN: offers http/1.1
17:23:59.884105 http.c:701              == Info:  CAfile: /etc/ssl/cert.pem
17:23:59.884122 http.c:701              == Info:  CApath: none
17:23:59.884332 http.c:701              == Info: [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1):
17:23:59.927922 http.c:701              == Info: [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2):
17:23:59.928784 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Certificate (11):
17:23:59.930150 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server key exchange (12):
17:23:59.930296 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server finished (14):
17:23:59.932884 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
17:23:59.932909 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
17:23:59.932941 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Finished (20):
17:23:59.976080 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
17:23:59.976206 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Finished (20):
17:23:59.976229 http.c:701              == Info: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
17:23:59.976235 http.c:701              == Info: ALPN: server accepted http/1.1
17:23:59.976241 http.c:701              == Info: Server certificate:
17:23:59.976252 http.c:701              == Info:  subject: CN=git-codecommit.eu-south-1.amazonaws.com
17:23:59.976258 http.c:701              == Info:  start date: Dec 18 00:00:00 2022 GMT
17:23:59.976262 http.c:701              == Info:  expire date: Dec  1 23:59:59 2023 GMT
17:23:59.976275 http.c:701              == Info:  subjectAltName: host "git-codecommit.eu-south-1.amazonaws.com" matched cert's "git-codecommit.eu-south-1.amazonaws.com"
17:23:59.976288 http.c:701              == Info:  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01
17:23:59.976292 http.c:701              == Info:  SSL certificate verify ok.
17:23:59.976370 http.c:648              => Send header, 0000000267 bytes (0x0000010b)
17:23:59.976388 http.c:660              => Send header: GET /v1/repos/MY_REPO/info/refs?service=git-upload-pack HTTP/1.1
17:23:59.976401 http.c:660              => Send header: Host: git-codecommit.eu-south-1.amazonaws.com
17:23:59.976404 http.c:660              => Send header: User-Agent: git/2.39.0
17:23:59.976407 http.c:660              => Send header: Accept: */*
17:23:59.976410 http.c:660              => Send header: Accept-Encoding: deflate, gzip
17:23:59.976412 http.c:660              => Send header: Accept-Language: en-US, *;q=0.9
17:23:59.976415 http.c:660              => Send header: Pragma: no-cache
17:23:59.976499 http.c:660              => Send header: Git-Protocol: version=2
17:23:59.976525 http.c:660              => Send header:
17:24:00.019968 http.c:701              == Info: Mark bundle as not supporting multiuse
17:24:00.020000 http.c:648              <= Recv header, 0000000027 bytes (0x0000001b)
17:24:00.020006 http.c:660              <= Recv header: HTTP/1.1 401 Unauthorized
17:24:00.020010 http.c:648              <= Recv header, 0000000056 bytes (0x00000038)
17:24:00.020013 http.c:660              <= Recv header: x-amzn-RequestId: 81e9217b-9576-4977-9e24-114661e84223
17:24:00.020018 http.c:648              <= Recv header, 0000000034 bytes (0x00000022)
17:24:00.020021 http.c:660              <= Recv header: WWW-Authenticate: Basic realm=""
17:24:00.020025 http.c:648              <= Recv header, 0000000024 bytes (0x00000018)
17:24:00.020028 http.c:660              <= Recv header: Content-Type: text/xml
17:24:00.020032 http.c:648              <= Recv header, 0000000020 bytes (0x00000014)
17:24:00.020035 http.c:660              <= Recv header: Content-Length: 95
17:24:00.020038 http.c:648              <= Recv header, 0000000037 bytes (0x00000025)
17:24:00.020087 http.c:660              <= Recv header: Date: Thu, 20 Apr 2023 15:24:00 GMT
17:24:00.020101 http.c:648              <= Recv header, 0000000002 bytes (0x00000002)
17:24:00.020105 http.c:660              <= Recv header:
17:24:00.020143 http.c:701              == Info: Ignoring the response-body
17:24:00.020164 http.c:701              == Info: Connection #0 to host git-codecommit.eu-south-1.amazonaws.com left intact
17:24:00.020183 http.c:701              == Info: Issue another request to this URL: 'https://MY_USER@git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO/info/refs?service=git-upload-pack'
17:24:00.020240 http.c:701              == Info: Couldn't find host git-codecommit.eu-south-1.amazonaws.com in the (nil) file; using defaults
17:24:00.020252 http.c:701              == Info: Found bundle for host: 0x6000019a8090 [serially]
17:24:00.020256 http.c:701              == Info: Can not multiplex, even if we wanted to
17:24:00.020270 http.c:701              == Info: Re-using existing connection #0 with host git-codecommit.eu-south-1.amazonaws.com
17:24:00.020283 http.c:701              == Info: Server auth using Basic with user 'MY_USER'
17:24:00.020346 http.c:648              => Send header, 0000000330 bytes (0x0000014a)
17:24:00.020355 http.c:660              => Send header: GET /v1/repos/MY_REPO/info/refs?service=git-upload-pack HTTP/1.1
17:24:00.020358 http.c:660              => Send header: Host: git-codecommit.eu-south-1.amazonaws.com
17:24:00.020361 http.c:660              => Send header: Authorization: Basic <redacted>
17:24:00.020364 http.c:660              => Send header: User-Agent: git/2.39.0
17:24:00.020367 http.c:660              => Send header: Accept: */*
17:24:00.020370 http.c:660              => Send header: Accept-Encoding: deflate, gzip
17:24:00.020372 http.c:660              => Send header: Accept-Language: en-US, *;q=0.9
17:24:00.020375 http.c:660              => Send header: Pragma: no-cache
17:24:00.020378 http.c:660              => Send header: Git-Protocol: version=2
17:24:00.020380 http.c:660              => Send header:
17:24:00.063970 http.c:701              == Info: Mark bundle as not supporting multiuse
17:24:00.063995 http.c:648              <= Recv header, 0000000024 bytes (0x00000018)
17:24:00.064014 http.c:660              <= Recv header: HTTP/1.1 403 Forbidden
17:24:00.064018 http.c:648              <= Recv header, 0000000056 bytes (0x00000038)
17:24:00.064022 http.c:660              <= Recv header: x-amzn-RequestId: 2aba505d-8604-4528-a90f-31dc8ae3f75a
17:24:00.064027 http.c:648              <= Recv header, 0000000024 bytes (0x00000018)
17:24:00.064030 http.c:660              <= Recv header: Content-Type: text/xml
17:24:00.064034 http.c:648              <= Recv header, 0000000020 bytes (0x00000014)
17:24:00.064038 http.c:660              <= Recv header: Content-Length: 87
17:24:00.064042 http.c:648              <= Recv header, 0000000037 bytes (0x00000025)
17:24:00.064045 http.c:660              <= Recv header: Date: Thu, 20 Apr 2023 15:24:00 GMT
17:24:00.064049 http.c:648              <= Recv header, 0000000002 bytes (0x00000002)
17:24:00.064052 http.c:660              <= Recv header:
17:24:00.064085 http.c:701              == Info: Connection #0 to host git-codecommit.eu-south-1.amazonaws.com left intact
fatal: unable to access 'https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO/': The requested URL returned error: 403
17:24:00.090721 git.c:460               trace: built-in: git config --get oh-my-zsh.hide-dirty

git ls-remote https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO                                
17:25:02.671422 git.c:460               trace: built-in: git ls-remote https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:25:02.672149 run-command.c:655       trace: run_command: git remote-https https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:25:02.685620 git.c:750               trace: exec: git-remote-https https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:25:02.686459 run-command.c:655       trace: run_command: git-remote-https https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO https://git-codecommit.eu-south-1.amazonaws.com/v1/repos/MY_REPO
17:25:02.706777 http.c:701              == Info: Couldn't find host git-codecommit.eu-south-1.amazonaws.com in the (nil) file; using defaults
17:25:02.716911 http.c:701              == Info:   Trying 52.119.129.48:443...
17:25:02.873805 http.c:701              == Info: Connected to git-codecommit.eu-south-1.amazonaws.com (52.119.129.48) port 443 (#0)
17:25:02.873986 http.c:701              == Info: ALPN: offers h2
17:25:02.874002 http.c:701              == Info: ALPN: offers http/1.1
17:25:02.881831 http.c:701              == Info:  CAfile: /etc/ssl/cert.pem
17:25:02.881851 http.c:701              == Info:  CApath: none
17:25:02.882074 http.c:701              == Info: [CONN-0-0][CF-SSL] (304) (OUT), TLS handshake, Client hello (1):
17:25:02.925251 http.c:701              == Info: [CONN-0-0][CF-SSL] (304) (IN), TLS handshake, Server hello (2):
17:25:02.925946 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Certificate (11):
17:25:02.926931 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server key exchange (12):
17:25:02.927086 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Server finished (14):
17:25:02.929695 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
17:25:02.929723 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
17:25:02.929755 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (OUT), TLS handshake, Finished (20):
17:25:02.971982 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
17:25:02.972122 http.c:701              == Info: [CONN-0-0][CF-SSL] TLSv1.2 (IN), TLS handshake, Finished (20):
17:25:02.972200 http.c:701              == Info: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
17:25:02.972214 http.c:701              == Info: ALPN: server accepted http/1.1
17:25:02.972221 http.c:701              == Info: Server certificate:
17:25:02.972232 http.c:701              == Info:  subject: CN=git-codecommit.eu-south-1.amazonaws.com
17:25:02.972237 http.c:701              == Info:  start date: Dec 18 00:00:00 2022 GMT
17:25:02.972242 http.c:701              == Info:  expire date: Dec  1 23:59:59 2023 GMT
17:25:02.972256 http.c:701              == Info:  subjectAltName: host "git-codecommit.eu-south-1.amazonaws.com" matched cert's "git-codecommit.eu-south-1.amazonaws.com"
17:25:02.972265 http.c:701              == Info:  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01
17:25:02.972269 http.c:701              == Info:  SSL certificate verify ok.
17:25:02.972353 http.c:648              => Send header, 0000000267 bytes (0x0000010b)
17:25:02.972369 http.c:660              => Send header: GET /v1/repos/MY_REPO/info/refs?service=git-upload-pack HTTP/1.1
17:25:02.972375 http.c:660              => Send header: Host: git-codecommit.eu-south-1.amazonaws.com
17:25:02.972379 http.c:660              => Send header: User-Agent: git/2.39.0
17:25:02.972384 http.c:660              => Send header: Accept: */*
17:25:02.972389 http.c:660              => Send header: Accept-Encoding: deflate, gzip
17:25:02.972393 http.c:660              => Send header: Accept-Language: en-US, *;q=0.9
17:25:02.972397 http.c:660              => Send header: Pragma: no-cache
17:25:02.972404 http.c:660              => Send header: Git-Protocol: version=2
17:25:02.972408 http.c:660              => Send header:
17:25:03.015899 http.c:701              == Info: Mark bundle as not supporting multiuse
17:25:03.015931 http.c:648              <= Recv header, 0000000027 bytes (0x0000001b)
17:25:03.015937 http.c:660              <= Recv header: HTTP/1.1 401 Unauthorized
17:25:03.015943 http.c:648              <= Recv header, 0000000056 bytes (0x00000038)
17:25:03.015947 http.c:660              <= Recv header: x-amzn-RequestId: c7e63886-118a-4385-b472-0eccc3435a4c
17:25:03.015953 http.c:648              <= Recv header, 0000000034 bytes (0x00000022)
17:25:03.015956 http.c:660              <= Recv header: WWW-Authenticate: Basic realm=""
17:25:03.015961 http.c:648              <= Recv header, 0000000024 bytes (0x00000018)
17:25:03.015964 http.c:660              <= Recv header: Content-Type: text/xml
17:25:03.015968 http.c:648              <= Recv header, 0000000020 bytes (0x00000014)
17:25:03.015972 http.c:660              <= Recv header: Content-Length: 95
17:25:03.015975 http.c:648              <= Recv header, 0000000037 bytes (0x00000025)
17:25:03.015978 http.c:660              <= Recv header: Date: Thu, 20 Apr 2023 15:25:02 GMT
17:25:03.015983 http.c:648              <= Recv header, 0000000002 bytes (0x00000002)
17:25:03.015986 http.c:660              <= Recv header:
17:25:03.016030 http.c:701              == Info: Connection #0 to host git-codecommit.eu-south-1.amazonaws.com left intact
17:25:03.016093 run-command.c:655       trace: run_command: 'git credential-osxkeychain get'
17:25:03.043122 git.c:750               trace: exec: git-credential-osxkeychain get
17:25:03.043993 run-command.c:655       trace: run_command: git-credential-osxkeychain get
17:25:03.090022 http.c:701              == Info: Found bundle for host: 0x60000192c000 [serially]
17:25:03.090051 http.c:701              == Info: Can not multiplex, even if we wanted to
17:25:03.090083 http.c:701              == Info: Re-using existing connection #0 with host git-codecommit.eu-south-1.amazonaws.com
17:25:03.090106 http.c:701              == Info: Server auth using Basic with user 'MY_USER'
17:25:03.090243 http.c:648              => Send header, 0000000390 bytes (0x00000186)
17:25:03.090256 http.c:660              => Send header: GET /v1/repos/MY_REPO/info/refs?service=git-upload-pack HTTP/1.1
17:25:03.090259 http.c:660              => Send header: Host: git-codecommit.eu-south-1.amazonaws.com
17:25:03.090263 http.c:660              => Send header: Authorization: Basic <redacted>
17:25:03.090265 http.c:660              => Send header: User-Agent: git/2.39.0
17:25:03.090268 http.c:660              => Send header: Accept: */*
17:25:03.090271 http.c:660              => Send header: Accept-Encoding: deflate, gzip
17:25:03.090274 http.c:660              => Send header: Accept-Language: en-US, *;q=0.9
17:25:03.090276 http.c:660              => Send header: Pragma: no-cache
17:25:03.090279 http.c:660              => Send header: Git-Protocol: version=2
17:25:03.090282 http.c:660              => Send header:
17:25:03.259241 http.c:701              == Info: Mark bundle as not supporting multiuse
17:25:03.259282 http.c:648              <= Recv header, 0000000017 bytes (0x00000011)
17:25:03.259303 http.c:660              <= Recv header: HTTP/1.1 200 OK
17:25:03.259310 http.c:648              <= Recv header, 0000000056 bytes (0x00000038)
17:25:03.259319 http.c:660              <= Recv header: x-amzn-RequestId: 41245695-9469-4c9b-9c33-a5a4d1046d0a
17:25:03.259325 http.c:648              <= Recv header, 0000000059 bytes (0x0000003b)
17:25:03.259329 http.c:660              <= Recv header: Content-Type: application/x-git-upload-pack-advertisement
17:25:03.259370 http.c:648              <= Recv header, 0000000021 bytes (0x00000015)
17:25:03.259419 http.c:660              <= Recv header: Content-Length: 315
17:25:03.259434 http.c:648              <= Recv header, 0000000037 bytes (0x00000025)
17:25:03.259452 http.c:660              <= Recv header: Date: Thu, 20 Apr 2023 15:25:03 GMT
17:25:03.259461 http.c:648              <= Recv header, 0000000002 bytes (0x00000002)
17:25:03.259467 http.c:660              <= Recv header:
17:25:03.259552 http.c:701              == Info: Connection #0 to host git-codecommit.eu-south-1.amazonaws.com left intact
17:25:03.259586 run-command.c:655       trace: run_command: 'git credential-osxkeychain store'
17:25:03.279778 git.c:750               trace: exec: git-credential-osxkeychain store
17:25:03.280518 run-command.c:655       trace: run_command: git-credential-osxkeychain store
17:25:03.329329 run-command.c:655       trace: run_command: 'git credential-osxkeychain store'
17:25:03.351635 git.c:750               trace: exec: git-credential-osxkeychain store
17:25:03.352544 run-command.c:655       trace: run_command: git-credential-osxkeychain store
7166b33079ff40dd375b353a39555e2cba770cd1	HEAD
e5fcd95f83f89d208fa00d0a8466bff2065593ce	refs/heads/develop
7166b33079ff40dd375b353a39555e2cba770cd1	refs/heads/main
17:25:03.431801 git.c:460               trace: built-in: git config --get oh-my-zsh.hide-dirty

orcr12 · May 5, 2023, 6:59am

Hi all,

any hint on this?