> I tried without the username and password in the url and got pic3 which shows the error. Then i remove both username and path from the url, put a dummy string in username, and the PAT in password the errors are in pic 4 and pic5.
The error message "ambiguous credentials" implies GoCD thinks there is still a username or password in the URL *as well as* set separately - this is a GoCD validation failing. I can't see your actual input since you have redacted the input, but please double/triple check there is no username left in the URL? If you have definitely removed it, this is very confusing - possibly an old UI bug, but I'd be surprised. > shows GoCD is trying to use https://******@dev.azure.com/******/blah/bla This is possibly expected IF the username is set in the username field since the error message comes from the actual git command line invocation. GoCD builds the URL dynamically and inserts the "username:password@" before invoking the git command line. If the username was empty in GoCD, that is unusual and points to a bug where GoCD is confused about which URL and credentials to use. - The ability to use separate username/password for Git materials (outside the URL) was relatively new in your version 19.8.0. That version is 5 years old, and there are many things likely to have been fixed since then, including on the UI. You should upgrade - it's not really possible to effectively support 5 year old versions. - If you have multiple pipelines that have the *same Git URL* pointing at them which you are using to test, there could be situations where GoCD is confused as to which credentials to use and could keep using "old" credentials. If you *only have one pipeline* using the URL you are testing with this will not be the issue. Such bugs have been fixed since then, but will definitely be broken in your version. e.g https://github.com/gocd/gocd/issues/9153 After testing this empirically myself on latest GoCD 24.1.0, it worked fine for me to connect with a PAT to an Azure DevOps repository using a personal access token with a random username. [image: image.png] I'd suggest using https://www.gocd.org/test-drive-gocd.html to run a quick temporary test GoCD locally and try on a current version with the same repo/PAT etc. If you can't replicate a problem on the most recent version it's likely it's a bug long since fixed. -Chad On Tue, May 28, 2024 at 9:54 PM Obiageli Adegbite <oech...@gmail.com> wrote: > Thank you Chad and Sriram for your response, > > I tried wihout the username and password in the url and got pic3 which > shows the error. Then i remove both username and path from the url, put a > dummy string in username, and the PAT in password the errors are in pic 4 > and . > Something i noticed on commandline is both git clone > https://dummyusername:p...@dev.azure.com/blah and git clone > https://p...@dev.azure.com/blah > <https://dummyusername:p...@dev.azure.com/blah> clone just fine. So puting > my username in the username slot an PAT in my password should work but it > seems GoCD is the error i got in pic3 when i did not use a username an > password shows GoCD is trying to use https://******@ > dev.azure.com/******/blah/bla > > > On Monday 27 May 2024 at 13:12:56 UTC-4 Chad Wilson wrote: > >> The way GoCD constructs the URLs for Git materials requires both username >> and password to have non-empty values since all it does is just construct >> a URL using these values >> <https://github.com/gocd/gocd/blob/67fbd63486f5ac819c74e63996ee8ef7ba3763dd/domain/src/main/java/com/thoughtworks/go/config/materials/git/GitMaterial.java#L193-L206> >> and invokes the command line git with this URL. >> >> What's the error you get if you remove both username and path from URL >> (e.g https://dev.azure.com/blah), put a dummy string in username, and >> the PAT in password? >> >> The docs at >> https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows#use-a-pat >> are a bit confusing to me. It's possible to interpret that as saying it's >> not possible to use PATs on Azure DevOps with default Git URLs if Azure >> requires the username to be empty/blank; since it talks about using a >> custom constructed header with a blank username as a workaround (one that >> wouldn't be possible via GoCD). >> >> GoCD would be effectively doing the same as "git clone >> https://dummyusername:p...@dev.azure.com/blah >> <https://dummyusername:p...@dev.azure.com/blah>" so if this doesn't work >> from the command line, it might not be possible to make this work right >> now, and unfortunately for some historic reasons GoCD doesn't classify the >> username as "secret/secure" and so you can't put the PAT there either (in >> case that works). >> >> -Chad >> >> On Mon, May 27, 2024 at 11:15 PM Obiageli Adegbite <oec...@gmail.com> >> wrote: >> >>> Hello, >>> >>> i am currently using gocd v19.8.0 and i want to connect to my Azure >>> repo. When i put in my credentials in the advanced settings the username >>> and password(Personal Access Token(PAT)) and click connection it fails >>> (pic1). However if i put it same PAT in the repo url it works (pic2). The >>> issue is the PAT is exposed. I also cannot use aws secret manager to hide >>> the PAT in the repo url. If i don't want to use ssh is there something i am >>> doing wrong >>> [image: pic1.png] >>> >>> -- >>> >> You received this message because you are subscribed to the Google Groups >>> "go-cd" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to go-cd+un...@googlegroups.com. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/go-cd/14651c28-7e39-45b3-946f-f4705830e134n%40googlegroups.com >>> <https://groups.google.com/d/msgid/go-cd/14651c28-7e39-45b3-946f-f4705830e134n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/b272b4ab-cb19-4350-8301-d73d29f8291dn%40googlegroups.com > <https://groups.google.com/d/msgid/go-cd/b272b4ab-cb19-4350-8301-d73d29f8291dn%40googlegroups.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CAA1RwH-K6P0fj9eT7zN%3D8SZ-B%2BpM6bk8PgL62ztPcM2Cp-aimg%40mail.gmail.com.
