In some cases, a private gitlab with a valid certificate chain may fail validation when being added to Aria Automation. The error will be as follows in the UI as well as in the cgs-service-app logs:
Failed to validate credentials error: I/O on HEAD request for https://<GitLabFQDN>.com PKIX path validation failed. java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors.
Aria Automation 8.x
The CGS service is unable to validate the full chain of trust.
Execution of the following from the Aria Automation appliance will result in a successful validation:
openssl s_client -connect server.domain.com:443 -servername server.domain.com -verify_return_error </dev/null
Execution of the same command (from within the kubernetes pod that supports the cgs-service-app) fails to validate:
kubectl exec -n prelude cgs-service-app-<Your Pod ID> – openssl s_client -connect server.domain.com:443 -servername server.domain.com -verify_return_error </dev/null
To resolve this issue, add the integration endpoint using the API as it will bypass the certificate validation step.
Obtain a bearer token for the API call.
Using this bearer token for authentication, Perform a POST to Aria Automation with the following header and Body (in the body, only change the url, and provide your Gitlab Private Key): :
https://<Automation-FQDN>/iaas/api/integrations?apiVersion=2021-07-15
{
"integrationType": "com.gitlab.saas",
"integrationProperties": {
"url": "https://<GitLabFQDN>",
"privateKey": "<GitLabPrivateKey>",
"acceptSelfSignedCertificate": true
},
"customProperties": {
"isExternal": "true"
},
"privateKey": "<GitLabPrivateKey>",
"name": "gitlab-integration"
}
3. Submit the request and verify that it succeeds and adds the integration in Aria Automation.