Project

Profile

Help

Issue #2644

pulp fails to correctly process WWW-Authenticate headers

Added by jrobson@forcepoint.com about 1 month ago. Updated 2 days ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Category:
-
Sprint/Milestone:
Severity:
3. High
Version - Docker:
Platform Release:
2.13.0
Blocks Release:
Target Release - Docker:
2.4.0
OS:
Backwards Incompatible:
No
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No

Description

When token_util.py attempts to parse the WWW-Authenticate header it does so by a simple split on commas. This fails when the WWW-Authenticate header has a value that contains a comma. For example when attempting to sync from a docker registry served by artifactory the response will contain a header like

WWW-Authenticate: Bearer realm="https://artifactory.example.com:443/artifactory/api/docker/myrepo/v2/token",service="artifactory.example.com:443",scope="repository:myrepo:pull,push"

When this is processed the following exception is raised:

Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 240, in trace_task
     R = retval = fun(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 488, in __call__
     return super(Task, self).__call__(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 103, in __call__
     return super(PulpTask, self).__call__(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 437, in __protected_call__
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py", line 762, in sync
     sync_report = sync_repo(transfer_repo, conduit, call_config)
   File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 673, in wrap_f
     return f(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/importers/importer.py", line 82, in sync_repo
     self.sync_step = sync.SyncStep(repo=repo, conduit=sync_conduit, config=config)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/importers/sync.py", line 80, in __init__
     v2_found = v2_enabled and self.index_repository.api_version_check()
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/registry.py", line 327, in api_version_check
     headers, body = self._get_path(self.API_VERSION_CHECK_PATH)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/registry.py", line 433, in _get_path
     report.headers)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/token_util.py", line 51, in request_token
     auth_info = parse_401_response_headers(response_headers)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/token_util.py", line 92, in parse_401_response_headers
     auth_dict[key] = json.loads(value)
   File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
     return _default_decoder.decode(s)
   File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode
     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
   File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
     obj, end = self.scan_once(s, idx)
 ValueError: Unterminated string starting at: line 1 column 1 (char 0)

Associated revisions

Revision 0e7f39e3 View on GitHub
Added by ipanova@redhat.com 18 days ago

Token scope resource can have several resource actions.

closes #2644
https://pulp.plan.io/issues/2644

History

#1 Updated by bizhang about 1 month ago

  • Sprint/Milestone set to Sprint 17
  • Triaged changed from No to Yes

#2 Updated by ipanova@redhat.com about 1 month ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ipanova@redhat.com

#3 Updated by ipanova@redhat.com about 1 month ago

  • Status changed from ASSIGNED to POST

#4 Updated by pthomas@redhat.com about 1 month ago

  • Smash Test set to 604

#5 Updated by mhrivnak 20 days ago

  • Sprint/Milestone changed from Sprint 17 to Sprint 18

#6 Updated by ipanova@redhat.com 18 days ago

  • Status changed from POST to MODIFIED

#7 Updated by pcreech 17 days ago

  • Platform Release set to 2.13.0
  • Target Release - Docker set to 2.4.0

#8 Updated by pcreech 12 days ago

  • Status changed from MODIFIED to ON_QA

#9 Updated by pcreech 2 days ago

  • Status changed from ON_QA to CLOSED - CURRENTRELEASE

Please register to edit this issue

Also available in: Atom PDF