Bug #37238
closedRegistry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2168865
Description of problem:
One has the ability to create a Registry Service account and generate a token related to the same to further use them as shared credentials but the generated token could be quite long.
While for a container\docker type repo, The "Upstream Password" field accepts that Token, The "Upstream Authentication Token" field rejects the same with error
An error occurred saving the Repository: PG::StringDataRightTruncation: ERROR: value too long for type character varying(1024)
Version-Release number of selected component (if applicable):
Any version that accepts the upstream auth token, likely 3.18+
How reproducible:
Easily and Always
Steps to Reproduce:
1. Create a Katello server
2. Import a manifest with some valid subs
3. Go to https://access.redhat.com/terms-based-registry/#/accounts and create a new service account and token.
4. Discovery "rhel8/toolbox" docker type repo using the exact same username and token from UI Content --> Products page and create the repo
5. Sync the repo
6. Edit the "Upstream Authorization" field and try to put the token inside ""Upstream Authentication Token" field -> Save
7. Try to remove the token from there and put it in "Upstream Password" field and save
8. Re-sync the repo.
Actual results:
Step 5: Sync Success ( as the token gets saved as password )
Step 6: Error:
An error occurred saving the Repository: PG::StringDataRightTruncation: ERROR: value too long for type character varying(1024)
Step 7 and 8: Successfully saved and repo can be synced
The reason seems to be this i.e. upstream_password column has a record type set to Text but upstream_authentication_token is of varchar(1024)
- echo "\d+ katello_root_repositories;" | su - postgres -c "psql foreman" | egrep "Column|upstream" | awk -F'|' '{print $1,$2,$4}'
Column Type Nullable
docker_upstream_name character varying(255)
upstream_username character varying(255)
upstream_password text
upstream_authentication_token character varying(1024)
Expected results:
A) As tokens are expected to be longer than normal passwords, set "upstream_authentication_token" type to "text" or increase the length for varchar
B) If the token can be used in both upstream_password as well as upstream_authentication_token fields, Then just have one field present.
Additional info:
NA
Updated by The Foreman Bot 9 months ago
- Status changed from New to Ready For Testing
- Assignee set to Ian Ballou
- Pull request https://github.com/Katello/katello/pull/10925 added
Updated by Jeremy Lenz 8 months ago
- Subject changed from Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo to Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo
- Priority changed from High to Normal
- Target version set to Katello 4.13.0
- Difficulty set to easy
- Triaged changed from No to Yes
Updated by Anonymous 8 months ago
- Status changed from Ready For Testing to Closed
Applied in changeset katello|39d52bd1a048531be0e4b91bb8423f1fca0dca04.