Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21452

Error logged for s3 permission that isn't needed for s3 blob store operation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Parked
    • Affects Version/s: 3.19.0
    • Fix Version/s: None
    • Component/s: S3
    • Notability:
      3

      Description

      In 3.19.0 we added a check for s3 blob stores to make sure that all needed s3 privileges were present (NEXUS-19494), and make sure everything needed has been granted.  This is a good thing, it can be very confusing to end users trying to figure out what privileges need to be granted to make an s3 blob store work.

      Unfortunately though, this new check requires a privilege not previously needed, resulting in some scary looking errors in the log. It doesn't look like the ability to get the ACL is needed for anything other than this check. Assuming this it the case, these messages should be lowered to a WARN, the stack trace should be at DEBUG, and we should include text indicating that we are "Unable to determine the s3 blob store privileges".

       

      2019-10-06 13:44:06,812+0000 ERROR [FelixStartLevel] *SYSTEM org.sonatype.nexus.repository.internal.blobstore.BlobStoreManagerImpl - Unable to restore BlobStore BlobStoreConfiguration{name='groupproxy', type='S3', attributes=

      Unknown macro: {s3= Unknown macro}

      , blobStoreQuotaConfig={}}}
      org.sonatype.nexus.blobstore.s3.internal.S3BlobStoreException: Bucket exists but is not owned by you.
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
      at org.codehaus.groovy.reflection.CachedConstructor.invoke(CachedConstructor.java:83)
      at org.codehaus.groovy.runtime.callsite.ConstructorSite$ConstructorSiteNoUnwrapNoCoerce.callConstructor(ConstructorSite.java:105)
      at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callConstructor(AbstractCallSite.java:250)
      at org.sonatype.nexus.blobstore.s3.internal.S3BlobStoreException.bucketOwnershipError(S3BlobStoreException.groovy:80)
      at org.sonatype.nexus.blobstore.s3.internal.BucketManager.checkBucketOwner(BucketManager.java:247)
      at org.sonatype.nexus.blobstore.s3.internal.BucketManager.checkPermissions(BucketManager.java:221)
      at org.sonatype.nexus.blobstore.s3.internal.BucketManager.prepareStorageLocation(BucketManager.java:73)
      at org.sonatype.nexus.blobstore.s3.internal.S3BlobStore.doInit(S3BlobStore.java:484)
      at org.sonatype.nexus.blobstore.BlobStoreSupport.init(BlobStoreSupport.java:219)
      at org.sonatype.nexus.repository.internal.blobstore.BlobStoreManagerImpl.doStart(BlobStoreManagerImpl.java:127)
      at org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.start(StateGuardLifecycleSupport.java:67)
      at org.sonatype.nexus.repository.internal.blobstore.BlobStoreManagerImpl$$EnhancerByGuice$$5708c9de.CGLIB$start$19(<generated>)
      at org.sonatype.nexus.repository.internal.blobstore.BlobStoreManagerImpl$$EnhancerByGuice$$5708c9de$$FastClassByGuice$$8b936639.invoke(<generated>)
      at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
      at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
      at org.sonatype.nexus.common.stateguard.StateGuard$TransitionImpl.run(StateGuard.java:193)
      at org.sonatype.nexus.common.stateguard.TransitionsInterceptor.invoke(TransitionsInterceptor.java:56)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
      at org.sonatype.nexus.repository.internal.blobstore.BlobStoreManagerImpl$$EnhancerByGuice$$5708c9de.start(<generated>)
      at org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl.doStart(RepositoryManagerImpl.java:228)
      at org.sonatype.nexus.common.stateguard.StateGuardLifecycleSupport.start(StateGuardLifecycleSupport.java:67)
      at org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl$$EnhancerByGuice$$6e8e16f3.CGLIB$start$21(<generated>)
      at org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl$$EnhancerByGuice$$6e8e16f3$$FastClassByGuice$$4aac4583.invoke(<generated>)
      at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:76)
      at org.sonatype.nexus.common.stateguard.MethodInvocationAction.run(MethodInvocationAction.java:39)
      at org.sonatype.nexus.common.stateguard.StateGuard$TransitionImpl.run(StateGuard.java:193)
      at org.sonatype.nexus.common.stateguard.TransitionsInterceptor.invoke(TransitionsInterceptor.java:56)
      at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:77)
      at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:55)
      at org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl$$EnhancerByGuice$$6e8e16f3.start(<generated>)
      at org.sonatype.nexus.extender.NexusLifecycleManager.startComponent(NexusLifecycleManager.java:199)
      at org.sonatype.nexus.extender.NexusLifecycleManager.to(NexusLifecycleManager.java:111)
      at org.sonatype.nexus.extender.NexusContextListener.moveToPhase(NexusContextListener.java:311)
      at org.sonatype.nexus.extender.NexusContextListener.frameworkEvent(NexusContextListener.java:208)
      at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1431)
      at org.apache.felix.framework.FrameworkStartLevelImpl.run(FrameworkStartLevelImpl.java:308)

       

       

       

       

        Attachments

          Issue Links

          relates

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-24293 Cannot create s3 blobstore due to incorrect permissions check

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              rseddon Rich Seddon
              Last Updated By:
              Measures for Justice Measures for Justice
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title