Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-19906

hosted repo Deployment policy other than 'Allow redeploy' can prevent administrative metadata updates

    XMLWordPrintable

    Details

    • Notability:
      3

      Description

      The Deployment policy for a hosted Maven repo is intended to control "deployments" ( updates) of a repository by external/build tools of existing metadata, assets or components.

      When the deployment policy is configured as either Disable redeploy or read only, then background tasks ( such as cleanup policies, scheduled tasks like rebuild maven metadata ) cannot delete assets or update metadata for those repositories.

      Example Cleanup Policy Failure when Deployment policy is Disable redeploy ( writePolicy ALLOW_ONCE )
      2019-05-08 23:00:00,011+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask - Task information:
2019-05-08 23:00:00,014+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask -  ID: 4148f46e-25f6-43ac-8179-b3b568ac1710
2019-05-08 23:00:00,014+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask -  Type: repository.cleanup
2019-05-08 23:00:00,014+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask -  Name: Cleanup service
2019-05-08 23:00:00,014+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask -  Description: Run repository cleanup
2019-05-08 23:00:00,014+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask - Starting cleanup
2019-05-08 23:00:00,016+0200 INFO  [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.service.CleanupServiceImpl - Deleting components in repository releases using policy cleanup_policy_releases
2019-05-08 23:09:59,709+0200 ERROR [quartz-3-thread-5]  *SYSTEM org.sonatype.nexus.cleanup.internal.task.CleanupTask - Failed to run task 'Run repository cleanup'
org.sonatype.nexus.repository.IllegalOperationException: Repository does not allow updating assets: releases
	at org.sonatype.nexus.repository.storage.StorageTxImpl.maybeDeleteBlob(StorageTxImpl.java:839)
	at org.sonatype.nexus.repository.storage.StorageTxImpl.attachBlob(StorageTxImpl.java:735)
	at sun.reflect.GeneratedMethodAccessor367.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at org.sonatype.nexus.common.stateguard.SimpleMethodInvocation.proceed(SimpleMethodInvocation.java:53)
	at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
	at org.sonatype.nexus.common.stateguard.StateGuard$GuardImpl.run(StateGuard.java:272)
	at org.sonatype.nexus.common.stateguard.GuardedInterceptor.invoke(GuardedInterceptor.java:53)
	at org.sonatype.nexus.common.stateguard.StateGuardAspect$1.invoke(StateGuardAspect.java:63)
	at com.sun.proxy.$Proxy217.attachBlob(Unknown Source)
	at org.sonatype.nexus.repository.maven.internal.MavenFacetImpl.putAssetPayload(MavenFacetImpl.java:438)
	at org.sonatype.nexus.repository.maven.internal.MavenFacetImpl.putArtifact(MavenFacetImpl.java:354)
	at org.sonatype.nexus.repository.maven.internal.MavenFacetImpl.doPutAssetBlob(MavenFacetImpl.java:294)
	at org.sonatype.nexus.repository.maven.internal.MavenFacetImpl.doPut(MavenFacetImpl.java:247)
	at org.sonatype.nexus.transaction.TransactionInterceptor.invoke(TransactionInterceptor.java:45)
	at org.sonatype.nexus.repository.maven.internal.MavenFacetImpl.put(MavenFacetImpl.java:199)
	at org.sonatype.nexus.repository.maven.internal.hosted.metadata.MetadataRebuilder$Worker.mayUpdateChecksum(MetadataRebuilder.java:532)
	at org.sonatype.nexus.repository.maven.internal.hosted.metadata.MetadataRebuilder$Worker.lambda$2(MetadataRebuilder.java:473)
	at org.sonatype.nexus.transaction.OperationPoint.proceed(OperationPoint.java:64)
	at org.sonatype.nexus.transaction.TransactionalWrapper.proceedWithTransaction(TransactionalWrapper.java:56)
	at org.sonatype.nexus.transaction.Operations.transactional(Operations.java:200)
	at org.sonatype.nexus.transaction.Operations.call(Operations.java:146)
	at org.sonatype.nexus.repository.maven.internal.hosted.metadata.MetadataRebuilder$Worker.rebuildMetadataInner(MetadataRebuilder.java:439)
	at org.sonatype.nexus.repository.maven.internal.hosted.metadata.MetadataRebuilder$Worker.rebuildMetadata(MetadataRebuilder.java:402)
	at org.sonatype.nexus.repository.maven.internal.hosted.metadata.MetadataRebuilder.rebuild(MetadataRebuilder.java:124)
	at org.sonatype.nexus.repository.maven.internal.hosted.MavenHostedFacetImpl.rebuildMetadata(MavenHostedFacetImpl.java:111)
	at org.sonatype.nexus.repository.maven.internal.hosted.MavenHostedComponentMaintenanceFacet.after(MavenHostedComponentMaintenanceFacet.java:103)
	at org.sonatype.nexus.repository.storage.DefaultComponentMaintenanceImpl.deleteComponents(DefaultComponentMaintenanceImpl.java:126)
	at org.sonatype.nexus.cleanup.internal.method.DeleteCleanupMethod.run(DeleteCleanupMethod.java:47)
	at org.sonatype.nexus.cleanup.internal.service.CleanupServiceImpl.deleteByPolicy(CleanupServiceImpl.java:112)
	at org.sonatype.nexus.cleanup.internal.service.CleanupServiceImpl.lambda$1(CleanupServiceImpl.java:94)
	at java.util.Optional.ifPresent(Optional.java:159)
	at org.sonatype.nexus.cleanup.internal.service.CleanupServiceImpl.cleanup(CleanupServiceImpl.java:93)
	at org.sonatype.nexus.cleanup.internal.service.CleanupServiceImpl.lambda$0(CleanupServiceImpl.java:83)
	at com.google.common.collect.ImmutableList.forEach(ImmutableList.java:407)
	at org.sonatype.nexus.cleanup.internal.service.CleanupServiceImpl.cleanup(CleanupServiceImpl.java:81)
	at org.sonatype.nexus.cleanup.internal.task.CleanupTask.execute(CleanupTask.java:43)
	at org.sonatype.nexus.scheduling.TaskSupport.call(TaskSupport.java:93)
	at org.sonatype.nexus.quartz.internal.task.QuartzTaskJob.doExecute(QuartzTaskJob.java:145)
	at org.sonatype.nexus.quartz.internal.task.QuartzTaskJob.execute(QuartzTaskJob.java:108)
	at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
	at org.sonatype.nexus.quartz.internal.QuartzThreadPool.lambda$0(QuartzThreadPool.java:143)
	at org.sonatype.nexus.thread.internal.MDCAwareRunnable.run(MDCAwareRunnable.java:40)
	at org.apache.shiro.subject.support.SubjectRunnable.doRun(SubjectRunnable.java:120)
	at org.apache.shiro.subject.support.SubjectRunnable.run(SubjectRunnable.java:108)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
 
          {
      "@type": "d",
      "@rid": "#62:31",
      "@version": 13,
      "@class": "repository",
      "recipe_name": "maven2-hosted",
      "repository_name": "releases",
      "online": true,
      "attributes": {
        "cleanup": {
          "policyName": "cleanup_policy_releases"
        },
        "maven": {
          "versionPolicy": "RELEASE",
          "layoutPolicy": "PERMISSIVE"
        },
        "storage": {
          "strictContentTypeValidation": false,
          "writePolicy": "ALLOW_ONCE",
          "blobStoreName": "default"
        }
      }
    }

      Example Reproduce Case

      Reproduce steps.

      1. Start with stock configuration, so the "maven-releases" hosted repository's deployment policy is "disable redeploy"
      2. Upload a pom and a pom.sha1 file to the "maven-releases" repository using curl, making sure the checksum in the pom.sha1 file is incorrect
      3. Create and run an "repair - rebuild maven metadata" task with the "rebuild checksums" option enabled against the "maven-releases" repository.

      This will fail:

      2019-07-19 13:06:17,620-0500 ERROR [quartz-3-thread-2] *SYSTEM org.sonatype.nexus.repository.maven.tasks.RebuildMaven2MetadataTask - Failed to run task 'Rebuilding Maven Metadata of maven-releases' on repository 'maven-releases'
      org.sonatype.nexus.repository.IllegalOperationException: Repository does not allow updating assets: maven-releases
      at org.sonatype.nexus.repository.storage.StorageTxImpl.maybeDeleteBlob(StorageTxImpl.java:820)
      at org.sonatype.nexus.repository.storage.StorageTxImpl.attachBlob(StorageTxImpl.java:716)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
      at java.lang.reflect.Method.invoke(Method.java:498)
      at org.sonatype.nexus.common.stateguard.SimpleMethodInvocation.proceed(SimpleMethodInvocation.java:53)
      at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)

      If you then change the deployment policy of the repository to "allow redeploy" it will work.

      Temporary Workaround

      The only workaround is to change the deployment policy of a repo to "Allow redeploy".

      Expected

      A repository Deployment Policy should not impact administrative tasks or features like Cleanup Policies, Metadata rebuild tasks, or even groovy scripts from massaging repository assets.

      Deployment policy should only affect HTTP request driven updates to repository content.

        Attachments

          Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-20525 The "rebuild checksums" option in metadata rebuild task fails unless deployment policy allows overwrite

          • Major - Major loss of function.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-16303 PublishMavenIndexTask fails to republish maven Index if hosted Maven repository has write policy of ALLOW_ONCE

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Hardeep Nagra Hardeep Nagra
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title