Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-28785

Upgrading NxRM2 to NxRM3: privileges with white space in name do not maintain their name after upgrade

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 3.32.0
    • Migration, Security
    • 3

    Description

      Problem description

      If there are privileges in NxRM2 that have white-spaces in the name, when NxRM2 is upgraded, these privileges appear to be assigned a string of characters making them difficult to identify.

      These assigned strings are visible via the API, they don't show in the UI.

      Steps to reproduce

      • install NxRM2
      • createΒ one or more privileges with spaces in the name
        • i.e 'This is a new priv'
      • assign the new privilege(s) to a role and assign that role to a user
      • upgrade NxRM2 to NxRM3 (as per this guide)
      • run API /service/rest/v1/security/roles/ {role_name}

      Expected behaviour
      Even if privileges cannot not be migrated with white-space in their names, perhaps we should fill those gaps with '-' or '_' but at least the name is retained.

      Actual behaviour
      Random strings are assigned to the name of the privilege.

      Example
      In my example I have created a privilege in NxRM2 called 'This is a new priv' against all NuGet repositories.
      This in turn creates x4 privileges:

      • This is a new priv - (create)
      • This is a new priv - (delete)
      • This is a new priv - (read)
      • This is a new priv - (update)

      I've assigned this new privilege to a new role called 'this is a new role' and in urn assigned to a user (local user called 'user1').

      I then upgraded NxRM2 to NxRM3 (3.32.0-03) and when I run the following API call for the role 'this is a new role', here is what is returned:

      http://ubuntu:8082/service/rest/v1/security/roles/this%20is%20a%20new%20role?source=default

      {
  "id": "this is a new role",
  "source": "default",
  "name": "this is a new role",
  "description": "this is a new role",
  "privileges": [
    "a2b3c9cf6dc",
    "a2b3c80afa6",
    "a2b3c00ee62",
    "a2b3c617980"
  ],
  "roles": []
}

      Using our nexus-toolbox/security-tree script, I can see the following:

      β”œ 🀡 user1
β”‚   β”œ πŸ“‚ this is a new role
β”‚   β”‚   β”œ β–ͺ a2b3c9cf6dc (repository-content-selector) [Repository: *] [Actions: delete]
β”‚   β”‚   β”‚   β”” β€’ Selector:  format == "nuget" && path =~ ".*"
β”‚   β”‚   β”œ β–ͺ a2b3c80afa6 (repository-content-selector) [Repository: *] [Actions: edit]
β”‚   β”‚   β”‚   β”” β€’ Selector:  format == "nuget" && path =~ ".*"
β”‚   β”‚   β”œ β–ͺ a2b3c00ee62 (repository-content-selector) [Repository: *] [Actions: add]
β”‚   β”‚   β”‚   β”” β€’ Selector:  format == "nuget" && path =~ ".*"
β”‚   β”‚   β”” β–ͺ a2b3c617980 (repository-content-selector) [Repository: *] [Actions: read]
β”‚   β”‚       β”” β€’ Selector:  format == "nuget" && path =~ ".*"

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-26584 'Security management: privileges' says id when it means name

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              Unassigned Unassigned
              astrachan Alex Strachan [X] (Inactive)
              Vlad
              Daolong Qiu Daolong Qiu
              Votes:
              2 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                tigCommentSecurity.panel-title