Project

General

Profile

Actions

Bug #37238

closed

Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo

Added by Ian Ballou 10 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Repositories
Target version:
Difficulty:
easy
Triaged:
Yes
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2168865

Description of problem:

One has the ability to create a Registry Service account and generate a token related to the same to further use them as shared credentials but the generated token could be quite long.

While for a container\docker type repo, The "Upstream Password" field accepts that Token, The "Upstream Authentication Token" field rejects the same with error

An error occurred saving the Repository: PG::StringDataRightTruncation: ERROR: value too long for type character varying(1024)

Version-Release number of selected component (if applicable):

Any version that accepts the upstream auth token, likely 3.18+

How reproducible:

Easily and Always

Steps to Reproduce:
1. Create a Katello server

2. Import a manifest with some valid subs

3. Go to https://access.redhat.com/terms-based-registry/#/accounts and create a new service account and token.

4. Discovery "rhel8/toolbox" docker type repo using the exact same username and token from UI Content --> Products page and create the repo

5. Sync the repo

6. Edit the "Upstream Authorization" field and try to put the token inside ""Upstream Authentication Token" field -> Save

7. Try to remove the token from there and put it in "Upstream Password" field and save

8. Re-sync the repo.

Actual results:

Step 5: Sync Success ( as the token gets saved as password )

Step 6: Error:

An error occurred saving the Repository: PG::StringDataRightTruncation: ERROR: value too long for type character varying(1024)

Step 7 and 8: Successfully saved and repo can be synced

The reason seems to be this i.e. upstream_password column has a record type set to Text but upstream_authentication_token is of varchar(1024)

  1. echo "\d+ katello_root_repositories;" | su - postgres -c "psql foreman" | egrep "Column|upstream" | awk -F'|' '{print $1,$2,$4}'
    Column Type Nullable
    docker_upstream_name character varying(255)
    upstream_username character varying(255)
    upstream_password text
    upstream_authentication_token character varying(1024)

Expected results:

A) As tokens are expected to be longer than normal passwords, set "upstream_authentication_token" type to "text" or increase the length for varchar

B) If the token can be used in both upstream_password as well as upstream_authentication_token fields, Then just have one field present.

Additional info:

NA

Actions #1

Updated by The Foreman Bot 10 months ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ian Ballou
  • Pull request https://github.com/Katello/katello/pull/10925 added
Actions #2

Updated by Jeremy Lenz 9 months ago

  • Subject changed from Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo to Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo
  • Priority changed from High to Normal
  • Target version set to Katello 4.13.0
  • Difficulty set to easy
  • Triaged changed from No to Yes
Actions #3

Updated by The Foreman Bot 9 months ago

  • Fixed in Releases Katello 4.13.0 added
Actions #4

Updated by Anonymous 9 months ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF