sonatype
Restful API can't configure npm proxy repository bearer token authentication
-
What problem are you trying to solve?
I'm attempting to configure an npm proxy repository that requires a Bearer Token for authentication via the restful API in Nexus 3.60.0 (though the problem has existed since at least 3.42.0).
Configuring through the restful API allows us to leverage configuration as code along side the Helm 3 chart (which currently does not allow for configuring repositories through helm / kubernetes).
-
Do you have a workaround you are using at present?
Not a good one: configuring it through the UI.
-
What feature or behavior is this required for?
The RESTful API feature
-
How could we solve this issue? (Not knowing is okay!)
In the
/v1/repositories/npm/proxyapi endpoint, support something like:"authentication": { "type": "bearerToken", "bearerToken": "<token>" }Presumably updating the swagger.json document (assuming that drives some sort of JSON Class Loader for
HttpClient:[ { "id": "BearerTokenAuthenticationConfiguration.attributes[httpclient].authentication.bearerToken", "message": "must not be blank" } ] -
Tell us about your Nexus Repository deployment: what version, operating system, and database are you using?
Sonatype Nexus Repository OSS 3.60.0-02 Helm chart: nexus-repository-manager Chart version: 60.0.0
-
Anything else?
It was noticed that with the API endpoint call, the application logs don't show the
bearerTokenproperty on theauthenticationobject ofhttpclient:org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl - Creating repository: test2 -> OrientConfiguration{repositoryName='test2', recipeName='npm-proxy', attributes={proxy={contentMaxAge=1440, metadataMaxAge=1440, remoteUrl=<url>}, negativeCache={timeToLive=1440, enabled=true}, storage={strictContentTypeValidation=true, blobStoreName=proxy}, httpclient={blocked=false, autoBlock=true, connection=null, authentication={type=bearerToken}}}}However if the repository is configured through the UI (going through a different endpoint),
authenticationdoes show thebearerTokenproperty.org.sonatype.nexus.repository.manager.internal.RepositoryManagerImpl - Updating repository: test -> OrientConfiguration{repositoryName='test2', recipeName='npm-proxy', attributes={proxy={remoteUrl=<url>, contentMaxAge=1440.0, metadataMaxAge=1440.0}, replication={preemptivePullEnabled=false}, httpclient={blocked=false, autoBlock=true, authentication={type=bearerToken, username=, password=****, ntlmHost=, ntlmDomain=, bearerToken=<token>}, connection={useTrustStore=false}}, storage={blobStoreName=proxy, strictContentTypeValidation=true}, negativeCache={enabled=true, timeToLive=1440.0}}}
Thanks for this suggestion, @pcbmize. We are looking at possible API enhancements in the future, we'll leave this open to gauge demand for this specific change.
I too have just come across this issue. I am in the process of enhancing a module I wrote for SaltStack to automate configuration of Nexus 3. Part of the enhancement is to support alternative authentication methods for proxy repositories (preemptive bearer token and ntlm). However, I am observing the same behavior in which the @pcbmize has reported.
Not sure, but this seems like somewhat crucial item that requires to fixed. Any ideas why it is not picked up? It is marked as "enhancement" however it is just a bug in the API.
We are waiting since 2021 to have this fixed, not sure why this really needs so much effort or is ignored ( https://github.com/datadrivers/terraform-provider-nexus/issues/158 )
Is there any chance to move this forward?
@nblair @mrprescott Can you give us some kind of update? Maybe whether this issue is on the roadmap?
The fact that this is not fixed yet is somewhat strange, having a powerful API is mandatory for automating proxy creation.