Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-26118

pip search does not work *via* NXRM PyPI proxy to NXRM PyPI repository and authentication is required

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.30.0
    • Component/s: PyPI
    • Labels:
    • Notability:
      3

      Description

      SYMPTOM:

      "pip download" works but "pip search" (which uses POST) does not work if this pipy proxy repository's remote URL is another Nexus pipy repository (proxy, hosted).

      REPRODUCE STEPS:

      1. Create a pypi proxy repo "pypi-proxy-proxy" which points to another "pypi-proxy" (disabled TTLs for testing purpose)
                {
                    "attributes": {
                        "proxy": {
                            "remoteUrl": "http://localhost:8081/repository/pypi-proxy",
                            "contentMaxAge": 0,
                            "metadataMaxAge": 0
                        },
                        "httpclient": {
                            "blocked": false,
                            "autoBlock": false,
                            "authentication": {
                                "type": "username",
                                "username": "admin",
                                "password": "admin123"
                            }
                        },
                        "storage": {
                            "blobStoreName": "default",
                            "strictContentTypeValidation": true
                        },
                        "negativeCache": {
                            "enabled": false,
                            "timeToLive": 1440
                        },
                        "cleanup": {
                            "policyName": []
                        }
                    },
                    "name": "pypi-proxy-proxy",
                    "format": "",
                    "type": "",
                    "url": "",
                    "online": true,
                    "routingRuleId": "",
                    "authEnabled": true,
                    "httpRequestSettings": false,
                    "recipe": "pypi-proxy"
                }
        
      2. Disable Anonymous
      3. Confirm download works
        pip -v download -i http://admin:admin123@localhost:8081/repository/pypi-proxy-proxy/simple Django
        
      4. Try search and fails
        pip -v search -i http://admin:admin123@localhost:8081/repository/pypi-proxy-proxy/pypi Django
        
      5. Test against the remote URL (pypi-proxy)
        pip -v search -i http://admin:admin123@localhost:8081/repository/pypi-proxy/pypi Django
        

      EXPECTED BEHAVIOUR:

      Same as "pip download", "pip search" should work.

      ACUTUAL BEHAVIOUR:

      Pip returns "pip._internal.exceptions.NetworkConnectionError: 502 Server Error: Bad Gateway"
      Nexus log shows:

      2020-12-11 05:17:20,334+0000 WARN  [qtp1037423558-947] node-nxrm-ha1.standalone.localdomain admin org.sonatype.nexus.repository.pypi.internal.orient.OrientPyPiProxyFacetImpl - Exception org.apache.http.client.ClientProtocolException checking remote for update, proxy repo pypi-hosted-proxy failed to fetch pypi, content not in cache.
      org.apache.http.client.ClientProtocolException: null
      

      It seems current HttpClient used by org.sonatype.nexus.repository.proxy.ProxyFacetSupport#fetch(java.lang.String, org.sonatype.nexus.repository.view.Context, org.sonatype.nexus.repository.view.Content) does not work with POST + Basic Authentication.
      Enabling DEBUG logging shows:

      Caused by: org.apache.http.client.NonRepeatableRequestException: Cannot retry request with a non-repeatable request entity.
              at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:225)
              at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
              at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
              at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
              at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
              ... 146 common frames omitted
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              aishchenko Artem Ishchenko
              Reporter:
              hosako Hajime Osako
              Last Updated By:
              Rich Seddon Rich Seddon
              Team:
              NXRM - Trinity
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title