We Keep Coding

Installing external secrets operator on EKS - kubernetes-helm

I m installing the external secrets operator (https://charts.external-secrets.io) using helm.
Server Version : Major:"1", Minor:"21+"
operator version: 0.6.1
The install completes but I am unable to configure the Secretstore and ClusterSecretStore
Release "external-secrets-store" does not exist. Installing it now.
Error: Internal error occurred: failed calling webhook "validate.clustersecretstore.external-secrets.io": Post "https://external-secrets-operator-webhook.external-secrets.svc:443/validate-external-secrets-io-v1beta1-clustersecretstore?timeout=5s": Address is not allowed
Logs from webhook
{"level":"info","ts":1669207765.3453715,"logger":"setup","msg":"validating certs"}
{"level":"error","ts":1669207765.345434,"logger":"setup","msg":"invalid certs. retrying...","error":"stat /tmp/certs/tls.crt: no such file or directory","stacktrace":"github.com/external-secrets/external-secrets/cmd.waitForCerts\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:179\ngithub.com/external-secrets/external-secrets/cmd.glob..func3\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:73\ngithub.com/spf13/cobra.(*Command).execute\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra#v1.5.0/command.go:876\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra#v1.5.0/command.go:990\ngithub.com/spf13/cobra.(*Command).Execute\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra#v1.5.0/command.go:918\ngithub.com/external-secrets/external-secrets/cmd.Execute\n\t/home/runner/work/external-secrets/external-secrets/cmd/root.go:196\nmain.main\n\t/home/runner/work/external-secrets/external-secrets/main.go:21\nruntime.main\n\t/opt/hostedtoolcache/go/1.19.2/x64/src/runtime/proc.go:250"}
{"level":"info","ts":1669207775.3457878,"logger":"setup","msg":"validating certs"}
{"level":"error","ts":1669207775.3458376,"logger":"setup","msg":"invalid certs. retrying...","error":"stat /tmp/certs/tls.crt: no such file or directory","stacktrace":"github.com/external-secrets/external-secrets/cmd.waitForCerts\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:179\ngithub.com/external-secrets/external-secrets/cmd.glob..func3\n\t/home/runner/work/external-secrets/external-secrets/cmd/webhook.go:73\ngithub.com/spf13/cobra.(*Command).execute\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra#v1.5.0/command.go:876\ngithub.com/spf13/cobra.(*Command).ExecuteC\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra#v1.5.0/command.go:990\ngithub.com/spf13/cobra.(*Command).Execute\n\t/home/runner/go/pkg/mod/github.com/spf13/cobra#v1.5.0/command.go:918\ngithub.com/external-secrets/external-secrets/cmd.Execute\n\t/home/runner/work/external-secrets/external-secrets/cmd/root.go:196\nmain.main\n\t/home/runner/work/external-secrets/external-secrets/main.go:21\nruntime.main\n\t/opt/hostedtoolcache/go/1.19.2/x64/src/runtime/proc.go:250"}
{"level":"info","ts":1669207785.3466249,"logger":"setup","msg":"validating certs"}
{"level":"info","ts":1669207786.2514665,"logger":"controller-runtime.metrics","msg":"Metrics server is starting to listen","addr":":8080"}
{"level":"info","ts":1669207786.2521727,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1beta1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.252218,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"external-secrets.io/v1beta1, Kind=ExternalSecret","path":"/validate-external-secrets-io-v1beta1-externalsecret"}
{"level":"info","ts":1669207786.252368,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-external-secrets-io-v1beta1-externalsecret"}
{"level":"info","ts":1669207786.2527714,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/convert"}
{"level":"info","ts":1669207786.252854,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1beta1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.2528841,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1beta1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2529173,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"external-secrets.io/v1beta1, Kind=SecretStore","path":"/validate-external-secrets-io-v1beta1-secretstore"}
{"level":"info","ts":1669207786.2530055,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-external-secrets-io-v1beta1-secretstore"}
{"level":"info","ts":1669207786.253111,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1beta1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2531273,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1beta1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2531528,"logger":"controller-runtime.builder","msg":"Registering a validating webhook","GVK":"external-secrets.io/v1beta1, Kind=ClusterSecretStore","path":"/validate-external-secrets-io-v1beta1-clustersecretstore"}
{"level":"info","ts":1669207786.253226,"logger":"controller-runtime.webhook","msg":"Registering webhook","path":"/validate-external-secrets-io-v1beta1-clustersecretstore"}
{"level":"info","ts":1669207786.253325,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1beta1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2533405,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.253349,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, object does not implement admission.Validator or WithValidator wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.253387,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1alpha1, Kind=ExternalSecret"}
{"level":"info","ts":1669207786.2533972,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2534065,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, object does not implement admission.Validator or WithValidator wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2534387,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1alpha1, Kind=SecretStore"}
{"level":"info","ts":1669207786.2534492,"logger":"controller-runtime.builder","msg":"skip registering a mutating webhook, object does not implement admission.Defaulter or WithDefaulter wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2534566,"logger":"controller-runtime.builder","msg":"skip registering a validating webhook, object does not implement admission.Validator or WithValidator wasn't called","GVK":"external-secrets.io/v1alpha1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2534847,"logger":"controller-runtime.builder","msg":"Conversion webhook enabled","GVK":"external-secrets.io/v1alpha1, Kind=ClusterSecretStore"}
{"level":"info","ts":1669207786.2534919,"logger":"setup","msg":"starting manager"}
{"level":"info","ts":1669207786.2535942,"logger":"controller-runtime.webhook.webhooks","msg":"Starting webhook server"}
{"level":"info","ts":1669207786.2536635,"msg":"Starting server","kind":"health probe","addr":"[::]:8081"}
{"level":"info","ts":1669207786.2542117,"msg":"Starting server","path":"/metrics","kind":"metrics","addr":"[::]:8080"}
{"level":"info","ts":1669207786.2566836,"logger":"controller-runtime.certwatcher","msg":"Updated current TLS certificate"}
{"level":"info","ts":1669207786.257051,"logger":"controller-runtime.webhook","msg":"Serving webhook server","host":"","port":10250}
{"level":"info","ts":1669207786.2571428,"logger":"controller-runtime.certwatcher","msg":"Starting certificate watcher"}
{"level":"info","ts":1669208085.3479762,"logger":"setup","msg":"validating certs"}
{"level":"info","ts":1669208085.348762,"logger":"setup","msg":"certs are valid"}
Logs from cert-controller
{"level":"info","ts":1669207773.8279474,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207778.8282328,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207783.8275874,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207788.8318472,"logger":"controller-runtime.healthz","msg":"healthz check failed","statuses":[{},{}]}
{"level":"info","ts":1669207997.3274567,"logger":"controllers.webhook-certs-updater","msg":"updating webhook config","Webhookconfig":"/secretstore-validate"}
{"level":"info","ts":1669207997.3311808,"logger":"controllers.webhook-certs-updater","msg":"injecting ca certificate and service names","cacrt":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSakNDQWk2Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREEyTVJrd0Z3WURWUVFLRXhCbGVIUmwKY201aGJDMXpaV055WlhSek1Sa3dGd1lEVlFRREV4QmxlSFJsY201aGJDMXpaV055WlhSek1CNFhEVEl5TVRFeQpNekV4TkRneE5sb1hEVE15TVRFeU1ERXlORGd4Tmxvd05qRVpNQmNHQTFVRUNoTVFaWGgwWlhKdVlXd3RjMlZqCmNtVjBjekVaTUJjR0ExVUVBeE1RWlhoMFpYSnVZV3d0YzJWamNtVjBjekNDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk9wc00yeWYxZjBKd05XaGttWVlZb3MyOFFxMVNUOHNNY29sL2RwcGVQSwpmNVdDZkUyUlh2RVZ3emlFSHJoa0Uyd2JMYjlCaGcwZzNkUG9rZFJOR3Ixd3c4ajlNY3BVc0ZRTTVPZTZYbDl2CkVpTlV4WTZRUUd5dmdaYmo2NFVOY1hIQWJCMVh5eXJFMEtRelFCa0NiMWZWN0ZMMkRPRXZBMHZ5K1JFaGpoZUEKRHN5cWhQTjdjVkZuQytXbXVMYXVoNnNrNWxsdjVmamN5MVpvYVBKVmMvb2R1R3FDTis0UEV1b1U1V01nSW1JegpjeHVxOWpMcTE1eWhNYlV0NFVZK2ZSS29iUWNRcStIbmFTV3JYZXhTT2hab3psUy91L0RXckhOYUZ3ZkF1UUdzCnpOZldQdkdvd1BUbmFnZ3B4WnVkNmQ2VUNhTldXVTkxMUZwV2d2bjNZeVVDQXdFQUFhTmZNRjB3RGdZRFZSMFAKQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkoxckx6b3FYNWFSU3A2WgpScW96QW1veSsyK1BNQnNHQTFVZEVRUVVNQktDRUdWNGRHVnlibUZzTFhObFkzSmxkSE13RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFKY2dZSzBySzVIVTltVXQ5ZGZSS2dHVTNmOGV0NVpWQTJTQ1B2SUxRZk81NzRqNjh0ZUQKS2k1ZjFGdmtiM0I2eWM0b2tkN05ERDlpeEdXc3IxZXVCTTNXS2dJQUtlTllOUHRDWDJwSFYwWTgwVjdiWVlYdQpsdVFtc3lzWGhUT0xzT2NyTmphZVZxOVF5NHNOemRiN09NWmRrYnU4eGw1TmhiVUJYcXRna2M5N01hNC9QaEdJCmJUZ21yTnFQZG85akp6R0dUWXppL3FFV0dBWmluTWx5RkRwSTRuWlB4VlZDVXQ3bkxibW54YSsrNUZRK2R1aXQKUFNMam80N0JVR1lxV2hOZmlmOXNacXZtMm1sL01aRGFBS1krSnlGNVV5bysxM2lNanQ2Slk4NitmV3BkTkRNcQpxRU1RMXplanI2ZjhWaStkUzdwREdaTlZ0M243UmxSSTBiUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","name":"secretstore-validate"}
{"level":"info","ts":1669207997.3456585,"logger":"controllers.webhook-certs-updater","msg":"updated webhook config","Webhookconfig":"/secretstore-validate"}
{"level":"info","ts":1669207997.3611357,"logger":"controllers.webhook-certs-updater","msg":"updating webhook config","Webhookconfig":"/externalsecret-validate"}
{"level":"info","ts":1669207997.3660078,"logger":"controllers.webhook-certs-updater","msg":"injecting ca certificate and service names","cacrt":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSakNDQWk2Z0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREEyTVJrd0Z3WURWUVFLRXhCbGVIUmwKY201aGJDMXpaV055WlhSek1Sa3dGd1lEVlFRREV4QmxlSFJsY201aGJDMXpaV055WlhSek1CNFhEVEl5TVRFeQpNekV4TkRneE5sb1hEVE15TVRFeU1ERXlORGd4Tmxvd05qRVpNQmNHQTFVRUNoTVFaWGgwWlhKdVlXd3RjMlZqCmNtVjBjekVaTUJjR0ExVUVBeE1RWlhoMFpYSnVZV3d0YzJWamNtVjBjekNDQVNJd0RRWUpLb1pJaHZjTkFRRUIKQlFBRGdnRVBBRENDQVFvQ2dnRUJBTk9wc00yeWYxZjBKd05XaGttWVlZb3MyOFFxMVNUOHNNY29sL2RwcGVQSwpmNVdDZkUyUlh2RVZ3emlFSHJoa0Uyd2JMYjlCaGcwZzNkUG9rZFJOR3Ixd3c4ajlNY3BVc0ZRTTVPZTZYbDl2CkVpTlV4WTZRUUd5dmdaYmo2NFVOY1hIQWJCMVh5eXJFMEtRelFCa0NiMWZWN0ZMMkRPRXZBMHZ5K1JFaGpoZUEKRHN5cWhQTjdjVkZuQytXbXVMYXVoNnNrNWxsdjVmamN5MVpvYVBKVmMvb2R1R3FDTis0UEV1b1U1V01nSW1JegpjeHVxOWpMcTE1eWhNYlV0NFVZK2ZSS29iUWNRcStIbmFTV3JYZXhTT2hab3psUy91L0RXckhOYUZ3ZkF1UUdzCnpOZldQdkdvd1BUbmFnZ3B4WnVkNmQ2VUNhTldXVTkxMUZwV2d2bjNZeVVDQXdFQUFhTmZNRjB3RGdZRFZSMFAKQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRkoxckx6b3FYNWFSU3A2WgpScW96QW1veSsyK1BNQnNHQTFVZEVRUVVNQktDRUdWNGRHVnlibUZzTFhObFkzSmxkSE13RFFZSktvWklodmNOCkFRRUxCUUFEZ2dFQkFKY2dZSzBySzVIVTltVXQ5ZGZSS2dHVTNmOGV0NVpWQTJTQ1B2SUxRZk81NzRqNjh0ZUQKS2k1ZjFGdmtiM0I2eWM0b2tkN05ERDlpeEdXc3IxZXVCTTNXS2dJQUtlTllOUHRDWDJwSFYwWTgwVjdiWVlYdQpsdVFtc3lzWGhUT0xzT2NyTmphZVZxOVF5NHNOemRiN09NWmRrYnU4eGw1TmhiVUJYcXRna2M5N01hNC9QaEdJCmJUZ21yTnFQZG85akp6R0dUWXppL3FFV0dBWmluTWx5RkRwSTRuWlB4VlZDVXQ3bkxibW54YSsrNUZRK2R1aXQKUFNMam80N0JVR1lxV2hOZmlmOXNacXZtMm1sL01aRGFBS1krSnlGNVV5bysxM2lNanQ2Slk4NitmV3BkTkRNcQpxRU1RMXplanI2ZjhWaStkUzdwREdaTlZ0M243UmxSSTBiUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=","name":"externalsecret-validate"}
{"level":"info","ts":1669207997.374785,"logger":"controllers.webhook-certs-updater","msg":"updated webhook config","Webhookconfig":"/externalsecret-validate"}
Since at the end of the webhook log it says the certs are valid, I am unsure what is wrong here.

Related

I am using a flask client to perform openid authentication. However I get the following warning
Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
When fetching the token a request is done using requests.Session.requests here.
Adpating the request method of OAuth2Session fixes the warning.
def request(self, method, url, withhold_token=False, auth=None, **kwargs):
"""Send request with auto refresh token feature (if available)."""
if not withhold_token and auth is None:
if not self.token:
raise MissingTokenError()
auth = self.token_auth
return super(OAuth2Session, self).request(
method, url, auth=auth, verify=True, **kwargs)
Should verification not be enabled by default? Is there a more elegant way to pass verify=True?

You can pass verify directly to the methods of the registered RemoteApp when you fetch the token like this:
token = oauth.remote_app_name.authorize_access_token(verify=True)
I believe SSL verification is enabled by default, however, I use an env var to enable/disable the verification for the requests on a development environment.

I'm attempting to use a JWKS endpoint to supply a public key for verifying a JWT signature. In my application.properties, I've set the following:
mp.jwt.verify.publickey.location = http://localhost:1080/jwks
It appears that this is indeed being used:
2019-08-17 18:02:28,593 DEBUG [io.sma.jwt.con.JWTAuthContextInfoProvider] (executor-thread-1) init, mpJwtPublicKey=NONE, mpJwtIssuer=NONE, mpJwtLocation=http://localhost:1080/jwks
2019-08-17 18:02:28,599 DEBUG [io.sma.jwt.aut.AbstractBearerTokenExtractor] (executor-thread-1) tokenHeaderName = Authorization
2019-08-17 18:02:28,643 DEBUG [io.qua.sma.jwt.run.aut.JwtIdentityManager] (executor-thread-1) verify, id=null, credential=io.quarkus.smallrye.jwt.runtime.auth.JWTCredential#780ca7ed
2019-08-17 18:02:28,719 DEBUG [io.sma.jwt.aut.pri.KeyLocationResolver] (executor-thread-1) Trying location as JWK(S)...
When attempting a request to an endpoint in this app, it crashes with:
2019-08-17 18:02:29,048 WARN [io.sma.jwt.aut.pri.DefaultJWTTokenParser] (executor-thread-1) Token is invalid: JWT (claims->{"identityType":"user","authorities":[],"accountId":"0812081208","userId":"ybx8912jq59","iat":1566086374,"exp":1566089974}) rejected due to invalid claims. Additional details: [[17] Unexpected exception thrown from validator org.jose4j.jwt.consumer.IssValidator: java.lang.NullPointerException at org.jose4j.jwt.consumer.IssValidator.expectedValue(IssValidator.java:72); org.jose4j.jwt.consumer.IssValidator.validate(IssValidator.java:59); ...omitted...]
2019-08-17 18:02:29,050 DEBUG [io.qua.sma.jwt.run.aut.JwtIdentityManager] (executor-thread-1) failed, id=null, credential=io.quarkus.smallrye.jwt.runtime.auth.JWTCredential#780ca7ed: org.wildfly.security.auth.server.RealmUnavailableException: Failed to verify token
at io.quarkus.smallrye.jwt.runtime.auth.MpJwtValidator.validateClaimsSet(MpJwtValidator.java:44)
The best I can understand from this stack trace, id=null might be a problem? I have nothing else to really go on here as I can confirm that this JWT is valid as I'm the one who generated it, and it can be validated via other apps.
I do not have access to add other fields/values to this JWT as I don't own the auth system. Is there any way I can get around this?

The NPE from IssValidator suggests you are probably running into this https://bitbucket.org/b_c/jose4j/issues/135/issvalidator-throws-nullpointerexception which means your token needs an issuer iss claim or the JWT consumer needs to not be set to require an iss claim via not using any of the setExpectedIssuer[s] methods on the builder.

When calling the Update Extension API, I receive the error "Credentials changing is not allowed". What does this mean and how do I resolve this?
I'm setting the following properties:
status to Enabled
ivrPin to check voicemail on Polycom devices
password to log into RingCentral apps
Here's info on the API:
Update Extension API
https://developer.ringcentral.com/api-reference#User-Settings-updateExtension
Here's the error I'm receiving:
{
"status":400,
"statusText":"Bad Request",
"url":"https://platform.ringcentral.com/restapi/v1.0/account/~/extension/11111111",
"message":{
"errorCode":"EXT-413",
"message":"Credentials changing is not allowed",
"errors":[
{
"errorCode":"EXT-413",
"message":"Credentials changing is not allowed"
}
]
},
"originalRequest":{
"method":"PUT",
"path":"/restapi/v1.0/account/~/extension/11111111"
},
"rcRequestId":[
"11112222-3333-4444-5555-666677778888"
]
}

This error will be encountered when attempting to update a user's password when Single Sign-On (SSO) is enabled on the account and passwords are managed by an external Identity Provider (IdP).
When SSO is enabled, you can still update the ivrPin and status properties, but not the password.
More on RingCentral SSO is available here:
Single Sign-On (SSO) - Overview
https://success.ringcentral.com/articles/RC_Knowledge_Article/6748

I am working on an action on google using Actions SDK, however when i enabled the Actions; verification as described at:
https://developers.google.com/actions/reference/rest/verify-requests
I am getting the below error, this only comes when i am behind corporate proxy, can anyone suggest a solution for this?
{
"error": "ID token verification failed: Error: Failed to retrieve verification certificates: Error: write EPROTO 139904972138304:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:../deps/openssl/openssl/ssl/s23_clnt.c:825:\n\n at OAuth2Client. (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:580:31)\n at step (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:57:23)\n at Object.throw (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:38:53)\n at rejected (/opt/app/node_modules/actions-on-google/node_modules/google-auth-library/build/src/auth/oauth2client.js:30:65)\n at propagateAslWrapper (/opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/index.js:502:23)\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/glue.js:188:31\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/index.js:539:70\n at /opt/.npm-global/lib/node_modules/ca-apm-probe/node_modules/async-listener/glue.js:188:31\n at :null:null\n"
}
I am using v2.5.0 of actions-on-google

So i was able to sort this issue, the underlying issue is with axios library being used by google auth library (v1.3.2)
here is the issue : https://github.com/axios/axios/issues/662
The workaround for me was to replace axios with request promise in google auth library and then publish it in our private npm registry, this solved the issue for now.

I am trying to build a GitHub app using Probot Framework.
Here's the content of file index.js:
module.exports = (robot) => {
robot.log('Yay, the app was loaded!');
robot.on('*', async context => {
robot.log('Some event occured!');
});
}
However, when I am run this app, after installing it in a repository, I received this error:
03:38:34.831Z ERROR probot: signature does not match event payload and secret
Error: signature does not match event payload and secret
at verifyAndReceive (/mnt/e/GSoC/test/test/node_modules/#octokit/webhooks/middleware/verify-and-receive.js:9:19)
at IncomingMessage.request.on (/mnt/e/GSoC/test/test/node_modules/#octokit/webhooks/middleware/middleware.js:53:5)
at emitNone (events.js:106:13)
at IncomingMessage.emit (events.js:208:7)
at endReadableNT (_stream_readable.js:1064:12)
at _combinedTickCallback (internal/process/next_tick.js:138:11)
at process._tickDomainCallback (internal/process/next_tick.js:218:9)
What is the problem behind this error? How can I fix this problem?

It says, signature does not match event payload and secret.
The possible reason behind this is that the WEBHOOK_SECRET in .env file of the repository doesn't match with Webhook secret (optional) in
https://github.com/settings/apps/your-app-name.
Correctly configuring webhook secret will fix this error.