terraform-provider-artifactory icon indicating copy to clipboard operation
terraform-provider-artifactory copied to clipboard

Published 20 hours ago verified publisher icon atlassian

"Only one auth mechanism allowed" error when using Basic auth

Open valorl opened this issue 4 years ago • 1 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

Terraform 0.12.13 Artifactory Provider v2.0.0

Affected Resource(s)

  • artifactory_file

Expected Behavior

When using the artifactory provider with ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD set (Basic auth). The artifactory_file data source should be handled without errors provided the credentials are correct.

Actual Behavior

The tf plan fails with the following message:

<?xml version="1.0" encoding="UTF-8"?>
<Error>
  <Code>InvalidArgument</Code>
  <Message>Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified</Message>
  <ArgumentName>Authorization</ArgumentName>
  <ArgumentValue>Basic ********************</ArgumentValue>
  <RequestId>********************</RequestId>
  <HostId>********************</HostId>
</Error>

Steps to Reproduce

  1. Add the provider provider "artifactory" {}
  2. Set valid env vars for ARTIFACTORY_URL (or optionally provide URL in provider block), ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD
  3. Add some data "artifactory_file" "test" { ... } data source block. (Only tested this with a valid artifactory repository and file. Not sure if this can be reproduced with dummy values too.)
  4. Execute tf plan

Important Factoids

  • This works if ARTIFACTORY_API_KEY is used instead of ARTIFACTORY_USERNAME and ARTIFACTORY_PASSWORD (likely because it does not use the Authorization header?)
  • The error message seems to be AWS S3 related (We are running the SaaS version of JFrog on AWS)
  • Based on this artifactory issue, this knowledge base article and this CVE in gradle, this has something to do with incorrect client-side handling of redirects, so it might rather be a go-artifactory issue.

References

  • https://www.jfrog.com/jira/browse/RTFACT-19728
  • https://jfrog.com/knowledge-base/why-do-i-get-a-400-bad-request-error-when-working-with-direct-cloud-storage-download/
  • https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95

valorl avatar Jul 29 '20 13:07 valorl

Migrated -> https://github.com/jfrog/terraform-provider-artifactory/issues/22

peters95 avatar Nov 11 '20 22:11 peters95