[BUG] Validate command not working (403 Unauthorized)

[Maxeh]

The command openapi-generator-cli validate -i filename.yamlstopped working an hour ago, and the following error is displayed:

Unable to query repository, because of: "Request failed with status code 403"

Response:
content-type text/html
transfer-encoding chunked
connection keep-alive
last-modified Thu, 29 Jun 2023 21:58:13 GMT
x-amz-server-side-encryption AES256
x-amz-version-id U3ZaZTaKrLRBrWo55miiffLOU8l1yB4b
server AmazonS3
date Tue, 17 Sep 2024 06:47:56 GMT
etag W/"0c112f990610ec889ab9033dda471ae0"
vary Accept-Encoding
x-cache Error from cloudfront
via 1.1 6b15a9d1514a5645abfd43cbf330ce48.cloudfront.net (CloudFront)
x-amz-cf-pop FRA56-P9
x-amz-cf-id 60XqRN0wkS6nQwW4QWbMeWILAKb8Q4SXLsZcRy2h68jys8oJsl6TFw==
age 55025
x-xss-protection 1; mode=block
x-frame-options SAMEORIGIN
referrer-policy strict-origin-when-cross-origin
x-content-type-options nosniff
strict-transport-security max-age=31536000 

It seems the program tries to create the "openapitools.json" by downloading it from a S3 bucket which fails due to 403 ? If I create the file manually, the command works.

[alexturek]

I've been seeing this in CI builds (Github Actions) and locally as well. The fastest way to repro it I've found is running this command repeatedly

openapi-generator-cli version-manager set 7.8.0

It seems to fail more often on Github Actions than locally, but that might just be random luck.

I get two flavors of errors

Most common:

Unable to query repository, because of: "Request failed with status code 403"

Have seen this one twice:

Unable to query repository, because of: "Request failed with status code 502"

[nerumo]

Which project is responsible for the jar hosting? this one? Just that we contact the right people about it...

[disrael-globality]

It was working until a couple hours ago, now I consistently get the error:

Unable to query repository, because of: "Request failed with status code 403"

unlike @alexturek, I have not been able to get this to work over repeated attempts.

[bhaq-tri]

Reporting the same error locally and on my CI/CD pipelines:

$ openapi-generator-cli version                   
Unable to query repository, because of: "Request failed with status code 403"

[ChristopherJMiller]

Getting this as well when running generate commands in my pipelines. Anyone aware of a workaround?

[disrael-globality]

Checking the source, it looks like this is coming when trying to connect to search.maven.org. And it looks like there have been several outages of this today. https://status.maven.org/

[collinsauve]

We hit this today too. Could be due to the above outages, or perhaps Maven has started rate-limiting our hosted CI IPs: Maven Central and the tragedy of the commons.

Wondering how many organisations that are experiencing this are only seeing this from a third-party hosted CI system? We use CircleCI.

[bsod90]

I'm getting this even on my home network (Comcast)
Has anyone found a workaround yet? VPN?

[disrael-globality]

Interestingly enough, I'm getting when on VPN to office, but when I get off VPN, it works.

[epsilonlessthanzero]

We're also running into this with our AWS CI Pipelines. The affected commands work fine on my local machine.

[takecchi]

I was still getting a 403 error, so I resolved it by using Docker.

docker run --rm -v ./${mount_dir}:/local openapitools/openapi-generator-cli:v7.3.0 generate -i /local/openapi.yaml -g typescript-fetch -o /local/src

[szymonprz]

You can also use your internal (mave/nexus etc) repositories if you're in enterprise

 "version": "7.8.0",
    "repository": {
      "downloadUrl": "url_to_your_repository/org/openapitools/openapi-generator-cli/7.8/0/openapi-generator-cli-7.8.0.jar"
    }

https://github.com/OpenAPITools/openapi-generator-cli?tab=readme-ov-file#using-custom--private-maven-registry

[patrickdejong]

I have this issue since yesterday afternoon.
openapi-generator-cli version-manager set 7.5.0 will result in a 403 result and my pipelines have stopped working

[epsilonlessthanzero]

Solution that works for us:
If the "openapitools.json" file already exists in your repository, openapi-generator-cli will not attempt to create it on the fly and hence will not send the requests that are generating the 403s.

Turns out the README already states that you should add the "openapitools.json" file to your VCS.

[janskola]

Hello all affected,
as per my investigation the issue is with malfunctioning search.maven.org which is used as a source of available versions of Java part of openapi-generator. Despite the fact that Sonatype claims that it should work.
I captured following request coming from openapi-generator-cli towards search.maven.org:

https://search.maven.org/solrsearch/select?q=g:org.openapitools+AND+a:openapi-generator-cli&core=gav&start=0&rows=200

Details:

GET /solrsearch/select?q=g:org.openapitools+AND+a:openapi-generator-cli&core=gav&start=0&rows=200 HTTP/1.1
Accept: application/json, text/plain, */*
User-Agent: axios/1.7.4
Accept-Encoding: gzip, deflate, br
Host: search.maven.org
Connection: close

Response:

HTTP/2 502 Bad Gateway
Content-Type: text/html
Content-Length: 122
Server: awselb/2.0
Date: Thu, 19 Sep 2024 09:17:02 GMT
X-Cache: Error from cloudfront
Via: 1.1 6c21a88f98dc05bf345d31b96407e6d0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P9
X-Amz-Cf-Id: eEnm3YUjx9ZI4DN5um5_am_uxpABTUxo5cqA6efB-pUmy0MCZfkscA==
X-Xss-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
</body>
</html>

[Dylan-Carriere]

I also had the same issue today.
Addingopenapitools.json file to my repository solves the issue:

{
  "$schema": "./node_modules/@openapitools/openapi-generator-cli/config.schema.json",
  "spaces": 2,
  "generator-cli": {
    "version": "7.8.0"
  }
}

[github-actions]

🎉 This issue has been resolved in version 2.13.8 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[github-actions]

🎉 This issue has been resolved in version 2.13.9 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀

[wing328]

did a test to confirm now if errors occur when querying serach.maven.org, it will fallback to a fixed list of released versions

Unable to query repository, because of: "connect ECONNREFUSED 127.0.0.1:443". Return default versions instead.
Download 7.8.0 ...
Downloaded 7.8.0
Did set selected version to 7.8.0
[main] INFO  o.o.codegen.DefaultGenerator - Generating with dryRun=false
[main] INFO  o.o.codegen.DefaultGenerator - OpenAPI Generator: ruby (client)
[main] INFO  o.o.codegen.DefaultGenerator - Generator 'ruby' is considered stable.
[main] INFO  o.o.c.languages.AbstractRubyCodegen - Hint: Environment variable 'RUBY_POST_PROCESS_FILE' (optional) not defined. E.g. to format the source code, please try 'export RUBY_POST_PROCESS_FILE="/usr/local/bin/rubocop -a"' (Linux/Mac)

please give it a try with the latest stable version 2.13.9

if the query (search.maven.org) fails for whatever reason, the CLI will fallback to a fixed list of released versions.

to completely bypass making a request to https://search.maven.org, simply set the environment variable OPENAPI_GENERATOR_CLI_SEARCH_URL to DEFAULT, e.g. https://github.com/OpenAPITools/openapi-generator-cli/blob/master/.github/workflows/build.yml#L87