I have an issue while trying to publish a java library (jar) to an AWS CodeArtifact Maven repository. I get HTTP Status code 401 (unauthorized) when I try to publish it. Which would indicate that I'm doing something wrong like a missing CODEARTIFACT_AUTH_TOKEN environment variable, or using the wrong aws credentials/profile, etc. But AWS CodeArtifact is very straightforward: we just need to:
...Super simple. Yet I get 401 Unauthorized when I try to "mvn deploy-file" with my setup... See my full setup below:
I set up an AWS CodeArtifact domain, and Maven repository through a Cloudformation template (ignore the NPM and upstream repos if you want):
AWSTemplateFormatVersion: "2010-09-09"
Description: CodeArtifact Domain, Maven repo, NPM repo, and upsteam repos
Resources:
CodeArtifactDomain:
Type: AWS::CodeArtifact::Domain
Properties:
DomainName: mydomain
PermissionsPolicyDocument:
Version: 2012-10-17
Statement:
- Action:
- codeartifact:CreateRepository
- codeartifact:DescribeDomain
- codeartifact:GetAuthorizationToken
- codeartifact:GetDomainPermissionsPolicy
- codeartifact:ListRepositoriesInDomain
- sts:GetServiceBearerToken
- codeartifact:DescribePackageVersion
- codeartifact:DescribeRepository
- codeartifact:GetPackageVersionReadme
- codeartifact:GetRepositoryEndpoint
- codeartifact:ListPackageVersionAssets
- codeartifact:ListPackageVersionDependencies
- codeartifact:ListPackageVersions
- codeartifact:ListPackages
- codeartifact:ReadFromRepository
- codeartifact:PublishPackageVersion
- codeartifact:PutPackageMetadata
Effect: Allow
Principal:
AWS:
- "arn:aws:iam::123456788904:root"
- "arn:aws:iam::123456789098:root"
- "arn:aws:iam::123456789087:root"
Resource: "*"
Tags:
- Key: Name
Value: CodeArtifact Domain
ArtifactUpstreamRepositoryMaven:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: maven-upstream-repo
DomainName: !GetAtt CodeArtifactDomain.Name
ExternalConnections:
- public:maven-central
ArtifactRepositoryMaven:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: maven-repo
Description: Maven CodeArtifact Repository
DomainName: !GetAtt CodeArtifactDomain.Name
Upstreams:
- !GetAtt ArtifactUpstreamRepositoryMaven.Name
Tags:
- Key: Name
Value: Maven CodeArtifact Repository
ArtifactUpstreamRepositoryNPM:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: npm-upstream-repo
DomainName: !GetAtt CodeArtifactDomain.Name
ExternalConnections:
- public:npmjs
ArtifactRepositoryNPM:
Type: AWS::CodeArtifact::Repository
Properties:
RepositoryName: npm-repo
Description: NPM CodeArtifact Repository
DomainName: !GetAtt CodeArtifactDomain.Name
Upstreams:
- !GetAtt ArtifactUpstreamRepositoryNPM.Name
Tags:
- Key: Name
Value: NPM CodeArtifact Repository
Outputs:
CodeArtifactDomain:
Description: The CodeArtifact Domain
Value: !Ref CodeArtifactDomain
Export:
Name: CodeArtifactDomain
I ran the above cloudformation template and confirmed that it completed successfully then navigated to CodeArtifact to check that the CodeArtifact Domain and Repositories were successfully created (they are). I then looked up the connection instructions for my repository. Using these conneciton instructions I first cut and paste the first one:
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain mydomain --domain-owner <MY_ACCOUNT_NUMBER --query authorizationToken --output text`
I then go setup my maven settings in ~/.m2/settings.xml and put all the settings shown on the connection instructions (in the AWS Console) for my repository:
<?xml version="1.0" encoding="UTF-8"?>
<settings xmlns="http://maven.apache.org/SETTINGS/1.2.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 https://maven.apache.org/xsd/settings-1.2.0.xsd">
<servers>
<server>
<id>mydomain-maven-repo</id>
<username>aws</username>
<password>${env.CODEARTIFACT_AUTH_TOKEN}</password>
</server>
</servers>
<profiles>
<profile>
<id>mydomain-maven-repo</id>
<activation>
<activeByDefault>true</activeByDefault>
</activation>
<repositories>
<repository>
<id>mydomain-maven-repo</id>
<url>https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/</url>
</repository>
</repositories>
</profile>
</profiles>
</settings>
Finally, I try to mvn:deploy one of my libraries to the AWS CodeArtifact maven repo:
mvn deploy:deploy-file \
-DgroupId=com.myorg \
-DartifactId=my-client_2.12 \
-Dversion=1.0.1-play28 \
-Dfile=./my-client_2.12-1.0.1-play28.jar \
-Dsources=./my-client_2.12-1.0.1-play28-sources.jar \
-Djavadoc=./my-client_2.12-1.0.1-play28-javadoc.jar \
-Dpackaging=jar \
-DrepositoryId=maven-repo \
-Durl=https://mydomain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/
And I get this error:
[INFO] Scanning for projects...
[INFO]
[INFO] ------------------< org.apache.maven:standalone-pom >-------------------
[INFO] Building Maven Stub Project (No POM) 1
[INFO] --------------------------------[ pom ]---------------------------------
[INFO]
[INFO] --- maven-deploy-plugin:2.7:deploy-file (default-cli) @ standalone-pom ---
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar
Uploading to maven-repo: https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 1.319 s
[INFO] Finished at: 2021-09-27T15:10:56-04:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.7:deploy-file (default-cli) on project standalone-pom: Failed to deploy artifacts: Could not transfer artifact my-client_2.12:jar:1.0.1-play28 from/to maven-repo (https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/): Transfer failed for https://my-domain-<MY_ACCOUNT_NUMBER>.d.codeartifact.us-east-1.amazonaws.com/maven/maven-repo/.../my-client_2.12/1.0.1-play28/my-client_2.12-1.0.1-play28.jar 401 Unauthorized -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
I can confirm that I'm using the correct credentials in my ~/.aws/credentials by running
aws sts get-caller-identity
I also confirm that I
I have no idea why I get 401 unauthorized when I mvn deploy-file... Any ideas?
Arg, found it. The issue is in one of the "mvn deploy:deploy-file" arguments:
The:
-DrepositoryId=maven-repo
... needs to match the server id in ~/.m2/settings.xml:
<id>mydomain-maven-repo</id>
If I change my mvn command to put:
-DrepositoryId=mydomain-maven-repo
... The error 401 Unauthorized goes away:,, Argg AWS? shouldn't this be a 404, 400. or other. This is not an unauthorized. it's an unknown repository. It's pushing the definition of 401...
Anyway, dear Inte.net: if CodeArtifact ever returns 401 on you, be aware you might have misconfigured something. It might not be an authorization issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.