Issue #1977
closed
basic auth in URL fails when using authenticated proxy
Description
If you perform a sync where all of these are true:
- the proxy requires auth
- the repo requires auth
- repo auth credentials are specified in the URL
You will see this error message:
RPM1004: Error retrieving metadata: Not found
If any of those three conditions are not true, the error will not occur.
Assuming you have an authenticated proxy configured in /etc/pulp/server/plugins.conf.d/yum_importer.json, this will work because credentials are not in the URL:
pulp-admin rpm repo create --repo-id=rplevka --feed=https://rplevka.fedorapeople.org/fakerepo01/ --basicauth-user=admin --basicauth-pass=changeme
pulp-admin rpm repo sync run --repo-id=rplevka
And this will fail:
pulp-admin rpm repo create --repo-id=rplevka --feed=https://admin:changeme@rplevka.fedorapeople.org/fakerepo01/
pulp-admin rpm repo sync run --repo-id=rplevka
Pulp previously did not have explicit options for setting the basic auth credentials, so users' only option was to put them in the URL. Even though that's deprecated per RFC and is generally not advisable, we should continue supporting those users.
This bug likely affects other plugins as well. I haven't tried reproducing, but at least one user reported the same problem doing a puppet sync.
Related issues
.
Pull basic auth info out of feed url
Previous versions of Pulp allowed users to include their basic auth information in the url. This is obviously less ideal than passing this in the config, but in order to remain backwards compatibile, this removes the auth info from the url and adds it to the importer config. For importer configurations that were created before this change, we pass the configuration through the same cleaner function as we do during importer creation, so a temporary importer configuration includes the basic auth information.
closes #1977