Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-28785

Upgrading NxRM2 to NxRM3: privileges with white space in name do not maintain their name after upgrade

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.32.0
    • Fix Version/s: None
    • Component/s: Migration, Security
    • Labels:
    • Notability:
      3

      Description

      Problem description

      If there are privileges in NxRM2 that have white-spaces in the name, when NxRM2 is upgraded, these privileges appear to be assigned a string of characters making them difficult to identify.

      These assigned strings are visible via the API, they don't show in the UI.

      Steps to reproduce

      • install NxRM2
      • createΒ one or more privileges with spaces in the name
        • i.e 'This is a new priv'
      • assign the new privilege(s) to a role and assign that role to a user
      • upgrade NxRM2 to NxRM3 (as per this guide)
      • run API /service/rest/v1/security/roles/ {role_name}

      Expected behaviour
      Even if privileges cannot not be migrated with white-space in their names, perhaps we should fill those gaps with '-' or '_' but at least the name is retained.

      Actual behaviour
      Random strings are assigned to the name of the privilege.

      Example
      In my example I have created a privilege in NxRM2 called 'This is a new priv' against all NuGet repositories.
      This in turn creates x4 privileges:

      • This is a new priv - (create)
      • This is a new priv - (delete)
      • This is a new priv - (read)
      • This is a new priv - (update)

      I've assigned this new privilege to a new role called 'this is a new role' and in urn assigned to a user (local user called 'user1').

      I then upgraded NxRM2 to NxRM3 (3.32.0-03) and when I run the following API call for the role 'this is a new role', here is what is returned:

      http://ubuntu:8082/service/rest/v1/security/roles/this%20is%20a%20new%20role?source=default

      {
        "id": "this is a new role",
        "source": "default",
        "name": "this is a new role",
        "description": "this is a new role",
        "privileges": [
          "a2b3c9cf6dc",
          "a2b3c80afa6",
          "a2b3c00ee62",
          "a2b3c617980"
        ],
        "roles": []
      }

      Using our nexus-toolbox/security-tree script, I can see the following:

      β”œ 🀡 user1
      β”‚   β”œ πŸ“‚ this is a new role
      β”‚   β”‚   β”œ β–ͺ a2b3c9cf6dc (repository-content-selector) [Repository: *] [Actions: delete]
      β”‚   β”‚   β”‚   β”” β€’ Selector:  format == "nuget" && path =~ ".*"
      β”‚   β”‚   β”œ β–ͺ a2b3c80afa6 (repository-content-selector) [Repository: *] [Actions: edit]
      β”‚   β”‚   β”‚   β”” β€’ Selector:  format == "nuget" && path =~ ".*"
      β”‚   β”‚   β”œ β–ͺ a2b3c00ee62 (repository-content-selector) [Repository: *] [Actions: add]
      β”‚   β”‚   β”‚   β”” β€’ Selector:  format == "nuget" && path =~ ".*"
      β”‚   β”‚   β”” β–ͺ a2b3c617980 (repository-content-selector) [Repository: *] [Actions: read]
      β”‚   β”‚       β”” β€’ Selector:  format == "nuget" && path =~ ".*"

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              astrachan Alex Strachan
              CC:
              Vlad
              Last Updated By:
              Hajime Osako Hajime Osako
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title