Report a Dgraph Bug
Dgraph currently does not have an option (at least as documented from dgraph increment --help) to use an accessJwt token, and when using dgraph increment against Dgraph alpha node that has ACL enabled, it will fail.
What version of Dgraph are you using?
v20.07.0
Have you tried reproducing the issue with the latest release?
yes
What is the hardware spec (RAM, OS)?
- Amazon Linux on Kubernetes ec2 node (8 vCPU, 32gb RAM)
- Ubuntu on Dgraph container
Steps to reproduce the issue (command/config used to run Dgraph).
dgraph increment
Expected behavior and actual result.
I would expect dgraph increment to work and if a token is required, provide an option to submit a token.
The actual results are:
[Decoder]: Using assembly version of decoder
Running transaction with dgraph endpoint: localhost:9080
0902 04:38:24.988 While trying to process counter: while doing query: rpc error: code = Unauthenticated desc = no accessJwt available. Retrying...
0902 04:38:25.989 While trying to process counter: while doing query: rpc error: code = Unauthenticated desc = no accessJwt available. Retrying...
0902 04:38:26.99 While trying to process counter: while doing query: rpc error: code = Unauthenticated desc = no accessJwt available. Retrying...
0902 04:38:27.99 While trying to process counter: while doing query: rpc error: code = Unauthenticated desc = no accessJwt available. Retrying...
The help from dgraph increment doesn’t have an option for using a token:
# dgraph increment --help
[Decoder]: Using assembly version of decoder
Increment a counter transactionally
Usage:
dgraph increment [flags]
Flags:
--alpha string Address of Dgraph Alpha. (default "localhost:9080")
--be Best-effort. Read counter value without retrieving timestamp from Zero.
-h, --help help for increment
--jaeger.collector string Send opencensus traces to Jaeger.
--num int How many times to run. (default 1)
--password string Password of the user.
--pred string Predicate to use for storing the counter. (default "counter.val")
--retries int How many times to retry setting up the connection. (default 10)
--ro Read-only. Read the counter value without updating it.
--tls_cacert string The CA Cert file used to verify server certificates. Required for enabling TLS.
--tls_cert string (optional) The Cert file provided by the client to the server.
--tls_key string (optional) The private key file provided by the client to the server.
--tls_server_name string Used to verify the server hostname.
--tls_use_system_ca Include System CA into CA Certs. (default true)
--user string Username if login is required.
--wait duration How long to wait.
Global Flags:
--alsologtostderr log to standard error as well as files
--bindall Use 0.0.0.0 instead of localhost to bind to all addresses on local machine. (default true)
--block_rate int Block profiling rate. Must be used along with block profile_mode
--config string Configuration file. Takes precedence over default values, but is overridden to values set with environment variables and flags.
--cwd string Change working directory to the path specified. The parent must exist.
--expose_trace Allow trace endpoint to be accessible from remote
--log_backtrace_at traceLocation when logging hits line file:N, emit a stack trace (default :0)
--log_dir string If non-empty, write log files in this directory
--logtostderr log to standard error instead of files
--profile_mode string Enable profiling mode, one of [cpu, mem, mutex, block]
-v, --v Level log level for V logs
--vmodule moduleSpec comma-separated list of pattern=N settings for file-filtered logging