BearerToken authentication not possible - missing parameter documentation / validation?

[EugenMayer]

When using bearerToken as an type for authentication, I get an errro

Error: could not create repository 'fontawesome-proxy': HTTP: 400, [ {
│   "id" : "BearerTokenAuthenticationConfiguration.attributes[httpclient].authentication.bearerToken",
│   "message" : "must not be blank"
│ } ]

if I then set

http_client {
    authentication {
      type = "bearerToken"
      bearerToken = "redacted"
    }
  }

I then get an

Error: Unsupported argument

If I set the username or password the former error appears.

Is bearerToken not properly exposed / parsed as a parameter in http_client.authentication but required?

[EugenMayer]

Any chance to move this forward, this really blocks us. Sorry!

[EugenMayer]

I guess we will to patch https://github.com/datadrivers/terraform-provider-nexus/blob/master/nexus/data_source_repository.go#L146 to add something like token - but how to make this conditional? Or is this not actually done in the provider but let open to the API of the nexus REST server to error, if token is used auth ntlm or whatever?

[ruedigerblock]

Moin,
can you add the Terraform Resource Code as a comment, so we can reproduce the issue ?

[EugenMayer]

You mean the resource defintion, sure:

resource "nexus_repository" "npm_fontawesome_proxy" {
  name   = "fontawesome-proxy"
  format = "npm"
  type   = "proxy"

  proxy {
    remote_url = "https://npm.fontawesome.com"
  }
  http_client {
     authentication {
       type = "bearerToken"
       # not possible due to https://github.com/datadrivers/terraform-provider-nexus/issues/158
       #token = "secret"
     }
  }

  negative_cache {
    enabled = true
    ttl = 1440
  }

  storage {
    blob_store_name                = var.blob-cache_name
    strict_content_type_validation = true
  }
}

That should be it. So the point is, type can be bearerToken but then there is no way to set the actual token

[ruedigerblock]

Thank You.
I pulled the latest Image, now I run Nexus PRO 3.37.1-01. I see that -- when I create a new npm repository -- I can select Preemptive Bearer Token as a authentication method. However, this option is not implemented in the REST API.
You can check for yourself. The authentication block of the npm proxy repository route only supports ntlm and username.
I do not know why this is the case, but this hinders us from implementing your request.

[EugenMayer]

@ruedigerblock interesting - thank you a lot for your effort! I was not aware that this API is not available yet.

Which endpoint did you scan for that check? I recall nexus has an build in rest browser, but what endpoint are you referring too?
I'am asking just because I would scan that REST endpoint on every update and report back if that is introduced.

[anmoel]

I created this issue at Sonatype: https://issues.sonatype.org/browse/NEXUS-30725

[EugenMayer]

Thank you. The ticket seems to be private (for now) - I cannot access it. Maybe they make it public after a review. Thank you for caring about it

[ruedigerblock]

@ruedigerblock interesting - thank you a lot for your effort! I was not aware that this API is not available yet.

Which endpoint did you scan for that check? I recall nexus has an build in rest browser, but what endpoint are you referring too? I'am asking just because I would scan that REST endpoint on every update and report back if that is introduced.

I think this is what you should monitor:
curl localhost:8081/service/rest/swagger.json | jq '.definitions.HttpClientConnectionAuthenticationAttributes.properties.type.enum'

[EugenMayer]

@ruedigerblock thank you once again!

[github-actions]

This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 7 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[EugenMayer]

Any news on that front?

[EugenMayer]

With 3.56.0 we still have

[
  "username",
  "ntlm"
]

So bearer is still not exposed

[EugenMayer]

With 3.62.2

[
  "username",
  "ntlm"
]

So bearer is still not exposed

[ruedigerblock]

Still no update from Nexus. But there is an issue and it looks like there is progress: sonatype/nexus-public#247

[EugenMayer]

With 3.68.0 still

[
  "username",
  "ntlm"
]

[joeyaurel]

3.69.0 will still produce the following:

[
  "username",
  "ntlm"
]

I just left a comment in the issue mentioned here in the hope of some kind of feedback whether this is something the Nexus devs have on their roadmap or not.

[EugenMayer]

3.72.0 nothing changed

[
  "username",
  "ntlm"
]

[EugenMayer]

3.74.0 - nothing changed

[
  "username",
  "ntlm"
]

[EugenMayer]

3.75.0 - still nothing

[
  "username",
  "ntlm"
]

[afrimberger]

I created an upstream issue including a PR for this feature: sonatype/nexus-public#540

[EugenMayer]

I created an upstream issue including a PR for this feature: sonatype/nexus-public#540

Thank you for stepping in @afrimberger - everybody here waiting, be sure to upvote the ticket and the PR so sonar gets it on the radar (probably)