Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 3.0.0, 3.19.1
-
Fix Version/s: 3.22.0
-
Notability:3
Description
Using 3.19.1, TRACE logging was enabled for logger org.sonatype.nexus.repository.docker
A docker proxy repo was made to an Artifactory virtual docker repository.
NXRMs outbound request to get a docker bearer token was made:
partial outbound request URL to get artifactory docker repo bearer token
GET /artifactory/api/docker/docker-virtual/v2/token?
Artifactory replied with a body containing a token:
2019-11-13 10:35:34,954+0000 DEBUG [qtp688457947-26885] deployment org.apache.http.wire - http-outgoing-33524 << "{"token":"AKCp5e2gQ1CFipbnjhVuVnrEPSUnQpEwGztCNaSwPn3qmQJEuAb4K3WGmc95pY67mZPPtaAb4","expires_in":3600}[\r][\n]"
NXRM threw an exception trying to parse it because of the TRACE logging ( internal source code link ):
2019-11-13 10:35:34,959+0000 WARN [qtp688457947-26885] deployment org.sonatype.nexus.repository.docker.internal.V2Handlers - Error: GET /v2/example/manifests/4.0.6 java.lang.IndexOutOfBoundsException: toIndex = 2 at java.util.SubList.<init>(AbstractList.java:622) at java.util.RandomAccessSubList.<init>(AbstractList.java:775) at java.util.AbstractList.subList(AbstractList.java:484) at org.codehaus.groovy.runtime.DefaultGroovyMethods.getAt(DefaultGroovyMethods.java:6956) at org.codehaus.groovy.runtime.DefaultGroovyMethods.getAt(DefaultGroovyMethods.java:7194) at org.codehaus.groovy.runtime.dgm$272.invoke(Unknown Source) at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite$PojoMetaMethodSiteNoUnwrapNoCoerce.invoke(PojoMetaMethodSite.java:274) at org.codehaus.groovy.runtime.callsite.PojoMetaMethodSite.call(PojoMetaMethodSite.java:56) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:128) at org.sonatype.nexus.repository.docker.internal.auth.DockerTokenDecoder.dumpToken(DockerTokenDecoder.groovy:22) at org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl.retrieveBearerToken(DockerProxyFacetImpl.java:645) at org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl.access$3(DockerProxyFacetImpl.java:626) at org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl$2.retrieveBearerToken(DockerProxyFacetImpl.java:1044) at org.sonatype.nexus.repository.docker.internal.auth.DockerAuthHttpClientContext$2.getToken(DockerAuthHttpClientContext.java:76) at org.sonatype.nexus.repository.docker.internal.auth.BearerScheme.authenticate(BearerScheme.java:105) at org.apache.http.impl.auth.HttpAuthenticator.doAuth(HttpAuthenticator.java:239) at org.apache.http.impl.auth.HttpAuthenticator.generateAuthResponse(HttpAuthenticator.java:202) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:263) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at org.sonatype.nexus.repository.httpclient.FilteredHttpClientSupport.lambda$0(FilteredHttpClientSupport.java:56) at org.sonatype.nexus.repository.httpclient.internal.BlockingHttpClient.filter(BlockingHttpClient.java:124) at org.sonatype.nexus.repository.httpclient.FilteredHttpClientSupport.doExecute(FilteredHttpClientSupport.java:56) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) at org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl.execute(DockerProxyFacetImpl.java:436) at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.fetch(ProxyFacetSupport.java:432) at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.fetch(ProxyFacetSupport.java:402) at org.sonatype.nexus.repository.proxy.ProxyFacetSupport.doGet(ProxyFacetSupport.java:269) at org.sonatype.nexus.repository.docker.internal.DockerProxyFacetImpl.doGet(DockerProxyFacetImpl.java:1062)
Which resulted in the original HTTP response to the docker pull command to NXRM to return a 500 error.
Expected
Since pointing the Docker CLI direct at artifactory did work, and resetting the TRACE level to INFO fixed the problem and proves the example token was valid, fix the dumpToken method to not fail parsing valid tokens.