Project

Profile

Help

Issue #1977

closed

basic auth in URL fails when using authenticated proxy

Added by mhrivnak over 8 years ago. Updated over 5 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
3. High
Version:
Platform Release:
2.11.0
OS:
RHEL 7
Triaged:
Yes
Groomed:
No
Sprint Candidate:
Yes
Tags:
Pulp 2
Sprint:
Sprint 6
Quarter:

Description

If you perform a sync where all of these are true:

- the proxy requires auth
- the repo requires auth
- repo auth credentials are specified in the URL

You will see this error message:

RPM1004: Error retrieving metadata: Not found

If any of those three conditions are not true, the error will not occur.

Assuming you have an authenticated proxy configured in /etc/pulp/server/plugins.conf.d/yum_importer.json, this will work because credentials are not in the URL:

pulp-admin rpm repo create --repo-id=rplevka --feed=https://rplevka.fedorapeople.org/fakerepo01/ --basicauth-user=admin --basicauth-pass=changeme
pulp-admin rpm repo sync run --repo-id=rplevka

And this will fail:

pulp-admin rpm repo create --repo-id=rplevka --feed=https://admin:changeme@rplevka.fedorapeople.org/fakerepo01/
pulp-admin rpm repo sync run --repo-id=rplevka

Pulp previously did not have explicit options for setting the basic auth credentials, so users' only option was to put them in the URL. Even though that's deprecated per RFC and is generally not advisable, we should continue supporting those users.

This bug likely affects other plugins as well. I haven't tried reproducing, but at least one user reported the same problem doing a puppet sync.


Related issues

Related to Pulp - Issue #2520: credentials in feed URL are not url-unquotedCLOSED - CURRENTRELEASEdaviddavisActions

Also available in: Atom PDF