Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-21747

API endpoints for LDAP user does not work correctly

    Details

    • Type: Bug
    • Status: New
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 3.19.1
    • Fix Version/s: None
    • Component/s: LDAP, REST
    • Labels:
    • Environment:
      docker-image. Host OS: CentOS 7.5

      Description

      I need to find a LDAP user. Associate some Nexus roles to him. And after that return this user to previous state (that means delete Nexus Roles)

      Let’s find our test user:

      curl -X GET "https://nexus.someinstance.ru/service/rest/beta/security/users?userId=svc_idevops_testuser&source=LDAP" -H "accept: application/json"
      

       

       

      Output:

      {"userId": "svc_devops_testuser", "firstName": "svc_devops_testuser", "lastName": null, "emailAddress": "svc_devops_testuser@somemail.com", "source": "LDAP", "status": "active", "readOnly": true, "roles": [], "externalRoles": [ "ApplicationServiceAccount", "ServiceAccounts"]}
       

      Next I want to give some Nexus roles to that user and request is next:

      curl -X PUT "https://nexus.someinstance.ru/service/rest/beta/security/users/svc_idevops_testuser" -H "accept: application/json" -H "Content-Type: application/json" -d "{
       \"userId\": \"svc_devops_testuser\", \"firstName\": 
      \"svc_devops_testuser\", \"lastName\": null, \"emailAddress\": 
      \"svc_devops_testuser@somemail.com\", \"source\": \"LDAP\", \"status\": 
      \"active\", \"readOnly\": true, \"roles\": [\"npm\"], \"externalRoles\":
       [ \"ApplicationServiceAccount\", \"ServiceAccounts\" ] }" 

      And I’ve got 400 error with next content:

      [ { "id": "PARAMETER lastName", "message": "may not be empty" } ]
      

      But as far as we see in previous request - lastName IS null. Because this is a service account. And if I try to put empty string there I will still get this error. As workaround in my client I was using NewGuid.ToString.Empty() and exclude checking this field in tests and then it works and tests passed(And user in Nexus appears to be with right permissions). But in my opinion it looks very strange.

      Same problem when I’m trying to delete roles from user.
      I am trying to pass empty array and have an error that server can't find role with id = ""
      Next I tried to delete this roles from browser in user section with network inspector “On”. I understand that it uses other java-methods to update user state than API but it passes an empty array when I was exploring request.
      So this moment is really confusing to me.
      How can I delete nexus-roles from LDAP-user via REST-API?

      Same issue repeats when I’m trying to create roles. As arrange state I need to create ContentSelector (works fine), privilege that based on that ContentSelector ( still works fine) and then I need to create the role with privilege/privileges based on the ContentSelector. In swagger model fields “roles” and “privileges” can be empty arrays/null. But if I don’t pass anything Nexus returns me 400 “Bad Request”.
      The same question come here: I don not need any roles for the Role that I’m creating. But I need some privileges. How can I achieve this via REST-API?

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            DimisNevedimis Dmitry Afanasyev
            Last Updated By:
            Joe Tom Joe Tom
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title