Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-20779

rotating S3 bucket credentials can prevent an S3 blobstore from showing in the UI

    Details

      Description

      There are the steps:

       

      • On nexus3 go to Server Admin > Repositories > Blob Stores > Create Blob Store
      • File Type (s3)
      • Name: (nexus-s3-test)
      • Region (us-west-2)
      • S3 bucket name (nexus-s3-test)
      • Authentication >
      • Add the secret key and access key from an existing IAM user in AWS.
      • Do some testing, verify the s3 bucket looks good
      • Go into aws, > IAM > Users
      • Rotate the credentials on the key - meaning:
        • Assuming nexus already has an active IAM user configured to manage an S3 blob store:
          Create a new access key in the same user that nexus is using
          AWS > IAM > USERS > (select user) > Security Credentials > Create Access Key. 
          This should result in 2 keys
          Now disable the old one.
          Select "Make inactive" on the other key existing on this page.
          Now the credentials have been rotated.
      • Don’t update nexus
      • Wait a few minutes.  Try making calls to nexus that would attempt to talk to the s3 bucket.
      • Then open nexus go to
      • Admin > Repository > Blob Stores
      • ERROR. No blob stores shown.
      • UI shows this error: 

      `The AWS Access Key Id you provided does not exist in our records. (Service: Amazon S3; Status Code: 403; Error Code: InvalidAccessKeyId; Request ID: 059D3777C84F97A6; S3 Extended Request ID: SAmArWI1tkmrol3dL4+vWd7SOhu7fbfz1mXznh9qkvLhM3zKT67cvWCodtDc5D4aQxQeMAC+E9Y=)

      Expected

      As per NEXUS-18103, a blobstore config should always be editable in the NXRM UI to correct or adjust settings that will make it work again.

      Workaround

      Apparently restarting NXRM does allow the blobstore to show up in the UI.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mbucher Michael Bucher
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Michael Prescott Michael Prescott
              Team:
              NXRM - Morpheus
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title