Project

Profile

Help

Issue #2644

pulp fails to correctly process WWW-Authenticate headers

Added by jrobson@forcepoint.com 6 days ago. Updated 1 day ago.

Status:
POST
Priority:
Normal
Category:
-
Sprint/Milestone:
Severity:
3. High
Version - Docker:
Platform Release:
Blocks Release:
Target Release - Docker:
OS:
Backwards Incompatible:
No
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No

Description

When token_util.py attempts to parse the WWW-Authenticate header it does so by a simple split on commas. This fails when the WWW-Authenticate header has a value that contains a comma. For example when attempting to sync from a docker registry served by artifactory the response will contain a header like

WWW-Authenticate: Bearer realm="https://artifactory.example.com:443/artifactory/api/docker/myrepo/v2/token",service="artifactory.example.com:443",scope="repository:myrepo:pull,push"

When this is processed the following exception is raised:

Traceback (most recent call last):
   File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 240, in trace_task
     R = retval = fun(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 488, in __call__
     return super(Task, self).__call__(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 103, in __call__
     return super(PulpTask, self).__call__(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 437, in __protected_call__
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp/server/controllers/repository.py", line 762, in sync
     sync_report = sync_repo(transfer_repo, conduit, call_config)
   File "/usr/lib/python2.7/site-packages/pulp/server/async/tasks.py", line 673, in wrap_f
     return f(*args, **kwargs)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/importers/importer.py", line 82, in sync_repo
     self.sync_step = sync.SyncStep(repo=repo, conduit=sync_conduit, config=config)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/importers/sync.py", line 80, in __init__
     v2_found = v2_enabled and self.index_repository.api_version_check()
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/registry.py", line 327, in api_version_check
     headers, body = self._get_path(self.API_VERSION_CHECK_PATH)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/registry.py", line 433, in _get_path
     report.headers)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/token_util.py", line 51, in request_token
     auth_info = parse_401_response_headers(response_headers)
   File "/usr/lib/python2.7/site-packages/pulp_docker/plugins/token_util.py", line 92, in parse_401_response_headers
     auth_dict[key] = json.loads(value)
   File "/usr/lib64/python2.7/json/__init__.py", line 338, in loads
     return _default_decoder.decode(s)
   File "/usr/lib64/python2.7/json/decoder.py", line 366, in decode
     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
   File "/usr/lib64/python2.7/json/decoder.py", line 382, in raw_decode
     obj, end = self.scan_once(s, idx)
 ValueError: Unterminated string starting at: line 1 column 1 (char 0)

History

#1 Updated by bizhang 5 days ago

  • Sprint/Milestone set to Sprint 17
  • Triaged changed from No to Yes

#2 Updated by ipanova@redhat.com 4 days ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ipanova@redhat.com

#3 Updated by ipanova@redhat.com 2 days ago

  • Status changed from ASSIGNED to POST

#4 Updated by pthomas@redhat.com 1 day ago

  • Smash Test set to 604

Please register to edit this issue

Also available in: Atom PDF