strongbox: Cannot use choco list on nuget repositories
Bug Description
The default configuration has ANONYMOUS_ROLE set but trying to browse a nuget directory does always require authentication.
Steps To Reproduce
- Deploy strongbox using default configuration
- Enable “Allow directory browsing” in
nuget-storage - Try to do any
apitransaction anonomously (likechoco list)
Expected Behavior
Anonoymous users should be able to browse the directory as inherited by ARTIFACTS_RESOLVE
Environment
- Strongbox Version:
{"strongbox":{"version":"1.0-SNAPSHOT","revision":"eccd13064b1e3bfa"}} - OS:
adoptopenjdk/openjdk8:jdk8u232-b09-alpine
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 29 (22 by maintainers)
There’s actually a comment for this in the code - the
greetmethod is necessary because Nuget will ping it to determine if the repository is healthy or not. In this case we should probably useARTIFACTS_RESOLVEfor this case.There is a method in NugetArtifactController
NugetArtifactController#greet()which is used to check storage availability. This method requiresARTIFACTS_DEPLOYrole , hencechoco listornuget listcommand prompt for authentication.Issue can be fixed by changing
ARTIFACTS_DEPLOYtoARTIFACTS_RESOLVEor by removing auth from greet() method.@strongbox/core-developers : Suggestions??
@steve-todorov ah i didnt notice the merge. can bump the deployment tomorrow. regards
PR #1674 seems works fine, so I suggest to merge it and resolve the issue. Just to be clear regarding the
ARTIFACTS_DEPLOYauthority, which we had ongreetmethod before, then it probably was needed when there was no API Key authentication implemented. So since we have the API Key authenticationARTIFACTS_RESOLVEseems works fine as well.chococan send credentials on each command, this is how i work around this issue currently.@steve-todorov
choco listshould be possible anonymously.