Actions
Issue #2644
closedpulp fails to correctly process WWW-Authenticate headers
Start date:
Due date:
Estimated time:
Severity:
3. High
Version - Docker:
Platform Release:
2.13.0
Target Release - Docker:
2.4.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Sprint 18
Quarter:
Description
When token_util.py attempts to parse the WWW-Authenticate header it does so by a simple split on commas. This fails when the WWW-Authenticate header has a value that contains a comma. For example when attempting to sync from a docker registry served by artifactory the response will contain a header like
WWW-Authenticate: Bearer realm="https://artifactory.example.com:443/artifactory/api/docker/myrepo/v2/token",service="artifactory.example.com:443",scope="repository:myrepo:pull,push"
When this is processed the following exception is raised:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 240, in trace_task
R = retval = fun(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 488, in __call__
return super(Task, self).__call__(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 103, in __call__
return super(PulpTask, self).__call__(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 437, in __protected_call__
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py", line 762, in sync
sync_report = sync_repo(transfer_repo, conduit, call_config)
File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 673, in wrap_f
return f(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/importers/importer.py", line 82, in sync_repo
self.sync_step = sync.SyncStep(repo=repo, conduit=sync_conduit, config=config)
File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/importers/sync.py", line 80, in __init__
v2_found = v2_enabled and self.index_repository.api_version_check()
File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/registry.py", line 327, in api_version_check
headers, body = self._get_path(self.API_VERSION_CHECK_PATH)
File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/registry.py", line 433, in _get_path
report.headers)
File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/token_util.py", line 51, in request_token
auth_info = parse_401_response_headers(response_headers)
File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/token_util.py", line 92, in parse_401_response_headers
auth_dict[key] = json.loads(value)
File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
return _default_decoder.decode(s)
File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Unterminated string starting at: line 1 column 1 (char 0)
Updated by bizhang about 7 years ago
- Sprint/Milestone set to 36
- Triaged changed from No to Yes
Updated by ipanova@redhat.com about 7 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ipanova@redhat.com
Updated by ipanova@redhat.com about 7 years ago
- Status changed from ASSIGNED to POST
Added by ipanova@redhat.com about 7 years ago
Added by ipanova@redhat.com about 7 years ago
Revision 0e7f39e3 | View on GitHub
Token scope resource can have several resource actions.
Added by ipanova@redhat.com about 7 years ago
Revision 0e7f39e3 | View on GitHub
Token scope resource can have several resource actions.
Added by ipanova@redhat.com about 7 years ago
Revision 0e7f39e3 | View on GitHub
Token scope resource can have several resource actions.
Updated by ipanova@redhat.com about 7 years ago
- Status changed from POST to MODIFIED
Applied in changeset 0e7f39e3a7ef1426b26cd6253fb789fabbc79421.
Updated by pcreech about 7 years ago
- Platform Release set to 2.13.0
- Target Release - Docker set to 2.4.0
Updated by pcreech almost 7 years ago
- Status changed from 5 to CLOSED - CURRENTRELEASE
Actions
Token scope resource can have several resource actions.
closes #2644 https://pulp.plan.io/issues/2644