Prisma1: prisma cli's endpoint parser is wrongly parsing the URLs other than localhost

@pantharshit00 Checking your PRISMA_MANAGEMENT_API_SECRET and endpoint path. If you use DigitalOcean, Please check your endpoint have a PORT.

I try to add env PRISMA_MANAGEMENT_API_SECRET and edit port on endpoint prisma.yml.

@vistriter I am not sure what you are referring from that comment. This is a confirmed bug regarding the parser. If you have version lower than 1.28.4 it will work fine

Thanks @pantharshit00, I was losing my mind trying to debug this one. Great time to start dabbling in setting up a prisma server!

With Prisma Server and Prisma CLI 1.29.0, when prisma deploy:

Authenticating...
Opening https://app.prisma.io/cli-auth?secret=[SECRET] in the browser

Could not open the authentication link, maybe this is an environment without a browser. Please open this url in your browser to authenticate: https://app.prisma.io/cli-auth?secret=[SECRET]

Is this related?

With Prisma CLI 1.28.5, the deploy worked!

Assuming that server is always protected by a secret, this is the current behavior:

Logged in without management secret

Local server + localhost - Invalid token - which is correct behavior
Local server + proxy or prisma:4466 - ERROR: Workspace * does not exist ❌ correct: Invalid token
Demo server - deploy works
Private server hosted by Prisma - deploy works
Self hosted server - deploy works
Self hosted server (not connected to Prisma cloud) - ERROR: No cluster could be found for workspace '*' and cluster 'default' ❌correct: Invalid token

Logged in with management secret

Local server + localhost - deploy works
Local server + proxy or prisma:4466 - ERROR: Workspace * does not exist ❌ correct: deploy should work
Demo server - deploy works
Private server hosted by Prisma - ERROR: Token is issued in the future (iat) ❌ correct: deploy should work 🤔 but this is a separate issue from the one we are facing here
Self hosted server - deploy works
Self hosted server (not connected to Prisma cloud) - ERROR: Workspace * does not exist ❌correct: deploy should work

Logged out with management secret

Local server + localhost - deploy works
Local server + proxy or prisma:4466 - Asks to login ❌ correct: deploy should work
Private server hosted by Prisma - Asks to login ❌ correct: deploy should work
Self hosted server - Asks to login ❌ correct: deploy should work

This breaks three things:

1. localhost servers not deployed using localhost i.e. either using http://prisma:466 or a proxy using nginx or something and the workaround is to use localhost for now while we fix it.

2. CI setups where login is not possible, there is no workaround except downgrading to a stable version.

3. Self hosted servers but not connected to Prisma cloud when you are logged in. I don't think that an advisable workaround is available except to downgrade to a stable version.

We would fix these issues shortly.

For anyone looking at the same issue looking for a workaround, restoring "prisma" package version alone might not work. These versions in my package.json worked for me:

    "prisma": "1.26.6",
    "prisma-cli-engine": "1.26.6",

For anyone looking at the same issue looking for a workaround, restoring "prisma" package version alone might not work. These versions in my package.json worked for me:

    "prisma": "1.26.6",
    "prisma-cli-engine": "1.26.6",

1.28.3 works fine too

This is fixed in 1.29.1, please install it using npm install -g prisma

Unfortunately, I am still getting an error with 1.29.1. A few days ago, after updating prisma and then running prisma deploy, it opened up my web browser to get me to log into prisma.io. I created an account, though I am currently not using any prisma.io cloud services. prisma deploy then would error. I reverted my version, and waited for this fix to go through. I updated to 1.29.1 today and I am still getting the following error. Is there something trying to connect me to prisma.io, even though I am not using it? Is there a way to delete the credentials that are being stored if so? Thanks!

$ prisma deploy
ERROR: No cluster could be found for workspace '*' and cluster 'default'
{
  "data": {
    "generateClusterToken": null
  },
  "errors": [
    {
      "message": "No cluster could be found for workspace '*' and cluster 'default'",
      "locations": [
        {
          "line": 3,
          "column": 9
        }
      ],
      "path": [
        "generateClusterToken"
      ],
      "code": 222
    }
  ],
  "status": 200
}

I am using a plain docker-compose.yml for local development:

version: '3'
services:
  prisma:
    image: prismagraphql/prisma:1.29.1
    restart: always
    ports:
    - "4466:4466"
    environment:
      PRISMA_CONFIG: |
        port: 4466
        # uncomment the next line and provide the env var PRISMA_MANAGEMENT_API_SECRET=my-secret to activate cluster security
        # managementApiSecret: my-secret
        databases:
          default:
            connector: postgres
            host: postgres
            user: prisma
            password: prisma
            # rawAccess: true
            port: 5432
            migrations: true
  postgres:
    image: postgres:10.5
    restart: always
    environment:
      POSTGRES_USER: prisma
      POSTGRES_PASSWORD: prisma
    volumes:
      - postgres:/var/lib/postgresql/data
    ports:
      - "42333:5432"
volumes:
  postgres:

Environment:

Linux
Node: 10.15.3

@ZenSoftware Can you please share your prisma.yml file?

Oh yes of course. Here is my prisma.yml file:

endpoint: http://0.0.0.0:4466 # Docker
datamodel: database/model.graphql

# seed:
#   import: database/seed.graphql

generate:
  - generator: typescript-client
    output: apps/api/src/app/prisma/client
  - generator: graphql-schema
    output: database/generated/

@ZenSoftware : Is there a specific reason that you are referring to localhost as 0.0.0.0? That looks incorrect to me. Changing the endpoint to endpoint: http://localhost:4466 or endpoint: http://127.0.0.1:4466 should fix it.

@divyenduz Ah yes, you are correct. Changing it to localhost or 127.0.0.1 resolved the issue for me. My apologies. I only started using docker over the last 2 weeks. I actually had suspicions that using 0.0.0.0 was incorrect. Strange that it worked for me using prisma < 1.28.3. But everything is working smoothly now.

Yes, < 1.28.3 had a code path that would make this work incorrectly till the token resolution at least, I am not sure how it resolved to localhost correctly though, if it did.

i encounter this with a specific reason:
deploy prisma on one machine, but development with another pc in a local network.
set the endpoint with ip address, so the playground works fine without manual adjust.

I have the issue that if I set anything other than endpoint: http://0.0.0.0:4466 I get the error:

Could not connect to server at http://127.0.0.1:4466. Please check if your server is running.

The fact that 0.0.0.0 works indicates that the container is at least running correctly (as docker ps would confirm).

This is why I had hoped that keeping 0.0.0.0 would be supported for local installations / installations to one's own server.

NOTE: I'm using Windows + WSL. That might make some things more complicated. :)

[EDIT]
After digging a little bit deeper into Docker and its networking, as well as thinking logically about the problem, I was able to configure everything correctly. So this problem no longer applies to me here. Just FYI.

Why did this ticket close? My ci/cd broken since (and including) 1.28.4

My .gitlab-ci.yml:

server test:
  stage: test
  image: docker
  services:
  - docker:dind
  before_script:
    - apk add --no-cache py-pip nodejs nodejs-npm
    - pip install docker-compose
    - "echo \"DOCKER_HOST: $DOCKER_HOST\""
    - cd server && docker-compose up -d
    - echo "Hacky waity for 33 s" && sleep 33
  script:
    - NODE_ENV='test' npm run test
  after_script:
    - ls && cd server && docker-compose down -v

$DOCKER_HOST shows as tcp://docker:2375

my package.json > scripts:-

"test": "cross-env-shell PRISMA_ENDPOINT=http://docker:4466/test/default \"prisma deploy -f && jest\"",

Outputs

Authenticating...
Opening https://app.prisma.io/cli-auth?secret=$2a$08$RLMtZlfgFhCWChiDPBXXX. in the browser

Could not open the authentication link, maybe this is an environment without a browser. Please open this url in your browser to authenticate: https://app.prisma.io/cli-auth?secret=$2a$08$RLMtZlfgFhCWChiDPBXXX.

but works in 1.28.3 and below.

@ViableClanMember Can you please try version 1.29.1? We have fixed the bug in that version

What about deployment to a server that is not localhost?
My ci is deploying to my servers which are of course not in localhost and i get the same error with 1.29.1

Yep, same error 1.29.1 here. Sorry I didn't specify that earlier.

BTW http://docker is how to access running services in "dind" (docker-in-docker) service that gitlab-ci provide. I believe it resolves to a 10.x.x.x IP.

Confirmed this issue is still apparent in the most recent versions. Issue should be re-opened. I had to downgrade to 1.28.3 as mentioned by @ViableClanMember

Everyone who is still facing this issue, can you please share your prisma.yml file or the Prisma server endpoint (ok to obfuscate it but I need the endpoint pattern).

Nothing fancy

endpoint: https://my.server.url
datamodel: prisma-datamodel.graphql

generate:
  - generator: javascript-client
    output: ../graphql-server/src/generated/prisma-client/

@brafdlog Thanks, can you please share the following information additionally:

1. where is this server hosted
2. If possible, can you write out the actual URL
3. output of prisma account command
4. do you have PRISMA_MANAGEMENT_API_SECRET variable set in the environment?

pretty simple, running 1.29.2 (same error with 1.29.1 as well)

endpoint: ${env:PRISMA_ENDPOINT}
datamodel: datamodel.prisma

generate:
  - generator: javascript-client
    output: ./generated/prisma

hooks:
  post-deploy:
    - prisma generate

secret: ${env:PRISMA_SECRET}

The endpoint is deployed to digitalocean via docker-machine, and the endpoint format is https://<ip address>:<port>

Edit: So it randomly started working, and now I cannot deploy changes again. Now I'm getting

Error: Invalid signature: {"response":{"data":{"addProject":null},"errors":[{"locations":[{"line":2,"column":9}],"path":["addProject"],"code":3015,"message":"Invalid signature","requestId":"local:cjtt3frf0000f0753cumohpmi"}],"status":200},"request":{"query":"      mutation addProject($name: String! $stage: String! $secrets: [String!]) {\n        addProject(input: {\n          name: $name,\n          stage: $stage\n          secrets: $secrets\n        }) {\n          project {\n            name\n          }\n        }\n      }\n      ","variables":{"name":"prod","stage":"default","secrets":[<secret>]}}}
    at GraphQLClient.<anonymous> (/usr/local/lib/node_modules/prisma/node_modules/graphql-request/src/index.ts:72:13)
    at step (/usr/local/lib/node_modules/prisma/node_modules/graphql-request/dist/src/index.js:40:23)
    at Object.next (/usr/local/lib/node_modules/prisma/node_modules/graphql-request/dist/src/index.js:21:53)
    at fulfilled (/usr/local/lib/node_modules/prisma/node_modules/graphql-request/dist/src/index.js:12:58)
    at process._tickCallback (internal/process/next_tick.js:68:7)

@divyenduz

1. The server is hosted on AWS
2. I don't want to share the URL on github, but it looks like this: http://xxxxxxxxxxxx.eu-central-1.elasticbeanstalk.com
3. The output of prisma account is
   Email: [email protected] Name: Jonathan
4. no

@msmedes @brafdlog : Last question would be, are these servers connected to your Prisma cloud account?

@divyenduz I have the same issues as @brafdlog, same scenario. How do you connect prisma cloud account with server on aws?

Ah! so, I think that you Prisma server is protected by a management secret and there are two ways for the CLI to resolve this management secret:

1. Either you provide it explicitly in the shell environment
2. Or you connect your server to Prisma cloud and are logged in with the CLI, then this secret is automatically resolved

When you are not providing this secret in the shell environment or not logged in or logged in but the server is not connected to the Prisma cloud, CLI will fail to resolve this secret. Does that make it clear?

Here is how you can connect any self-hosted Prisma server with Prisma cloud:

Please let me know if this works for any/all you?

@divyenduz Unless I am missing something my servers are not connected to prisma cloud and they don't have a management secret defined.

I also don't see a need to connect them to prisma cloud at the moment.

@brafdlog : Thanks, that looks like a bug indeed, for unsecured servers, this PR fixed everything in context of secured servers only.

I am trying a reproduction now.

There is a PR that would fix this issue for insecure servers. I will notify here once the release is available in beta.

For anyone else running into this or a related issue, please fill out this form: https://prisma-io.typeform.com/to/C1JBOT to help us triangulate the issue/code path.

The fix for insecure servers is available in 1.30.0-beta.8, please install it using npm install -g prisma@beta.

Again, for anyone else running into this or a related issue, please fill out this form: https://prisma-io.typeform.com/to/C1JBOT to help us triangulate the issue/code path.

The fix for insecure servers is available in 1.30.0-beta.8, please install it using npm install -g prisma@beta.

Again, for anyone else running into this or a related issue, please fill out this form: https://prisma-io.typeform.com/to/C1JBOT to help us triangulate the issue/code path.

I am trying to use prisma deploy in a CI environment with kubernetes, i am running prisma deploy from within the namespace using a helm-hook. My prisma.yml looks like this:

endpoint: ${env:PRISMA_ENDPOINT}
datamodel: datamodel.prisma
generate:
  - generator: javascript-client
    output: ./app/generated/prisma-client/

calling PRISMA_ENDPOINT=http://prisma.mynamespace:4466 yields in

Opening https://app.prisma.io/cli-auth?secret=xxxxx. in the browser

Could not open the authentication link, maybe this is an environment without a browser. Please open this url in your browser to authenticate:

same when i put PRISMA_ENDPOINT in a .env file and pass it as --env-file .env

HOWEVER, if I call prisma deploy --new and just pass the endpoint, it works! So its clearly a bug. The server currently has no secret and i also not using prisma-cloud.

The error happens in 1.29 and in 1.30.0-beta.8 as well.

@macrozone : Thanks for the information, that is indeed strange that same endpoint works with two separate code paths, are you sure that your environment is correct? You can confirm so by dropping to an older version like 1.25 and see if this works there?

Would you mind filling this: https://prisma-io.typeform.com/to/C1JBOT that would give me all the info I need to debug this, thank you :)

@macrozone : Thanks for the information, that is indeed strange that same endpoint works with two separate code paths, are you sure that your environment is correct? You can confirm so by dropping to an older version like 1.25 and see if this works there?

Would you mind filling this: https://prisma-io.typeform.com/to/C1JBOT that would give me all the info I need to debug this, thank you :)

already did the later, i now try to downgrade to 1.25!

EDIT: @divyenduz can confirm, it WORKS with 1.25.7

@macrozone : I am unable to reproduce, can you please share your Prisma server version as well?

Edit: I am able to reproduce it now.

@macrozone Thanks for the detailed repro and filling out the form, I was able to reproduce and fix it, can you please try out the latest beta CLI 1.30.0-beta.9, please install it via npm install -g prisma@beta

@divyenduz Works now. Thanks!

[ooooo@stealth: prisma-datamodel]$ prisma deploy
Opening https://app.prisma.io/cli-auth?secret=XXXXXXXXXXXXXXXXXXXXX. in the browser

Could not open the authentication link, maybe this is an environment without a browser. Please open this url in your browser to authenticate: https://app.prisma.io/cli-auth?secret=XXXXXXXXXXXXXXXXXXXXXXXX.

Prisma CLI version: prisma/1.31.2 (linux-x64) node-v10.15.3

endpoint: http://stealth_prisma_1:4466
datamodel: 
  - ../../oasismetamodel/generated/prisma/oasis/user.prisma
  - ../../oasismetamodel/generated/prisma/oasis/systemconfig.prisma
  - ../../oasismetamodel/generated/prisma/stealth/demo-terminal.prisma
  - ../../oasismetamodel/generated/prisma/stealth/terminal.prisma

generate:
  - generator: typescript-client
    output: ./generated/prisma/
  - generator: graphql-schema
    output: ./generated/graphql/prisma.graphql

Docker ENV
[oasis@stealth: prisma-datamodel]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b7dab874a2c6 prismagraphql/prisma:1.31 "/bin/sh -c /app/sta\u2026" 18 minutes ago Up 18 minutes 0.0.0.0:4466->4466/tcp stealth_prisma_1

@kshenes

Can you please share some information about your environment?

Also, this seems to be a new issue(warning is different), so feel free to open a new issue with a minimal reproduction

We have multiple docker containers three of them run prisma. two with Yoga and mySql, and one with timescale and postgres. We were running 1.27.3 without issue. When I upgraded to 1.31, now 1.32 prisma deploy was forcing login. So it appears there was a change prisma deploy that confuses private endpoints with public endpoints. https://github.com/prisma/prisma/commit/7928f41b9729ee39882bae8990dd09ffe0d43104#diff-c458e90af2ed9c4b67c3020170a56aa9. I was able to get past this problem by adding a .env file with a secret and add it to docker-compose file.

cc @divyenduz

@divyenduz @kshenes

I can confirm this.

with account logged in:

without account logged in:

Reproduction Repository: https://github.com/pantharshit00/prisma-issue-4215

CLI version:

Closing in favour of https://github.com/prisma/prisma/issues/4483

Closing in favour of #4483

I am also getting this error now with use of prisma 1.34.0

ERROR: No cluster could be found for workspace '*' and cluster 'default'

{
  "data": {
    "generateClusterToken": null
  },
  "errors": [
    {
      "message": "No cluster could be found for workspace '*' and cluster 'default'",
      "locations": [
        {
          "line": 3,
          "column": 9
        }
      ],
      "path": [
        "generateClusterToken"
      ],
      "code": 222
    }
  ],
  "status": 200
}

--

@pantharshit00

Hello i have the same problem and this is my code:
docker-compose.yml:

version: '3'
services:
  prisma:
    image: prismagraphql/prisma:1.34
    restart: always
    ports:
    - "4466:4466"
    environment:
      PRISMA_CONFIG: |
        port: 4466
        # uncomment the next line and provide the env var PRISMA_MANAGEMENT_API_SECRET=my-secret to activate cluster security
        managementApiSecret: aswdpwokadpkopkawd
        databases:
          default:
            connector: mongo
            uri: 'http://javad:javad@localhost:27017/admin'
  mongo:
    image: mongo:3.6
    restart: always
    # Uncomment the next two lines to connect to your your database from outside the Docker environment, e.g. using a database GUI like Compass
    # ports:
    # - "27017:27017"
    environment:
      MONGO_INITDB_ROOT_USERNAME: prisma
      MONGO_INITDB_ROOT_PASSWORD: prisma
    ports:
      - "27017:27017"
    volumes:
      - mongo:/var/lib/mongo
volumes:
  mongo:

and my prisma.yml:

endpoint: http://192.168.99.100:4466
datamodel: datamodel.prisma
databaseType: document

i want to use local mongodb and docker for server

Hello, I'm facing this issue as well

ERROR: No cluster could be found for workspace '*' and cluster 'default' { "data": { "generateClusterToken": null }, "errors": [ { "message": "No cluster could be found for workspace '*' and cluster 'default'", "locations": [ { "line": 3, "column": 9 } ], "path": [ "generateClusterToken" ], "code": 222 } ], "status": 200 }

prisma.yml
`
endpoint: http://192.168.99.100:4466
datamodel: datamodel.prisma
secret: "123"
generate:

• generator: javascript-client
  output: ./generated/prisma-client/
  `

docker-compose.yml
`version: '3'
services:
prisma:
image: prismagraphql/prisma:1.34
restart: always
network_mode: "host"
ports:
- "4466:4466"
environment:
PRISMA_CONFIG: |
port: 4466
managementApiSecret: 123
databases:
default:
connector: mysql
host: host.docker.internal
user: root
password: prisma
rawAccess: true
port: 3306
migrations: true
mysql:
image: mysql:5.7
restart: always
environment:
MYSQL_ROOT_PASSWORD: prisma
MYSQL_ROOT_HOST: '%'

volumes:
  - mysql:/var/lib/mysql

volumes:
mysql:
`

Prisma CLI version: prisma/1.34.10 (windows-x64) node-v12.16.1