Project

Profile

Help

Issue #962

closed

basic auth for repo sync does not work

Added by cduryee over 7 years ago. Updated about 3 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
High
Assignee:
Category:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Master
Platform Release:
2.7.0
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Pulp 2
Sprint:
Quarter:

Description

When creating repos with pulp-admin, the password sanitization appears to be incorrectly replacing the basic auth password with the string '*****' when passing the value down to nectar. This should only occur when returning the password via API.

To repro:

  • create an upstream repository that is protected by basic auth
  • pulp-admin rpm repo create --repo-id basicauth --feed <path-to-upstream-repo> --basicauth-user user --basicauth-pass pass
  • attempt to sync repo

expected result: repo will sync

actual result: repo will not sync, importer will get a 403

note: commenting out password sanitization works around this issue. The password sanitizer needs to move closer to where Pulp creates and returns json in order to avoid this.

Actions #1

Updated by jortel@redhat.com over 7 years ago

  • Priority changed from Normal to High
  • Triaged changed from No to Yes
Actions #2

Updated by mhrivnak over 7 years ago

  • Platform Release set to 2.7.0

I'm putting this on 2.7.0 so we aren't releasing a new feature that's immediately broken.

Actions #3

Updated by bcourt over 7 years ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to bcourt
Actions #4

Updated by bcourt over 7 years ago

  • Status changed from ASSIGNED to POST

Added by bcourt over 7 years ago

Revision 846195ce

Move password masking & serialization of the importer out of the controller and into the views

fixes #962

Added by bcourt over 7 years ago

Revision 846195ce

Move password masking & serialization of the importer out of the controller and into the views

fixes #962

Actions #5

Updated by bcourt over 7 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #6

Updated by dkliban@redhat.com over 7 years ago

  • Status changed from MODIFIED to 5
Actions #7

Updated by pthomas@redhat.com about 7 years ago

  • Status changed from 5 to 6

verified

[root@mgmt4 ~]# pulp-admin rpm repo create --repo-id basic-auth --feed http://file.rdu.redhat.com/~cduryee/protected/ --basicauth-user testuser --basicauth-pass testpass
Successfully created repository [basic-auth]

[root@mgmt4 ~]#
[root@mgmt4 ~]#
[root@mgmt4 ~]#
[root@mgmt4 ~]# pulp-admin rpm repo sync run --repo-id basic-auth
--------------------------------------------------------------------
Synchronizing Repository [basic-auth]
--------------------------------------------------------------------

This command may be exited via ctrl+c without affecting the request.

Downloading metadata...
[|]
... completed

Downloading repository content...
[==================================================] 100%
RPMs: 0/0 items
Delta RPMs: 0/0 items

... completed

Downloading distribution files...
[==================================================] 100%
Distributions: 0/0 items
... completed

Importing errata...
[-]
... completed

Importing package groups/categories...
[-]
... completed

Task Succeeded

Initializing repo metadata
[-]
... completed

Publishing Distribution files
[-]
... completed

Publishing RPMs
[==================================================] 100%
2 of 2 items
... completed

Publishing Delta RPMs
... skipped

Publishing Errata
[-]
... completed

Publishing Comps file
[-]
... completed

Publishing Metadata.
[-]
... completed

Closing repo metadata
[-]
... completed

Generating sqlite files
... skipped

Publishing files to web
[-]
... completed

Writing Listings File
[-]
... completed

Task Succeeded

Actions #8

Updated by amacdona@redhat.com almost 7 years ago

  • Status changed from 6 to CLOSED - CURRENTRELEASE
Actions #10

Updated by bmbouter over 3 years ago

  • Tags Pulp 2 added

Also available in: Atom PDF