-
-
Notifications
You must be signed in to change notification settings - Fork 176
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot pull password-protected HTTP URLs after merge of netrc #429
Comments
Thanks for the bug report. Are you able to help debug the issue? My first suggestion would be to temporarily disable the netrc file deletion to see if its content looks sane. eg. turn
I've not been able to reproduce the issue on ubuntu 20.04 with the following manifest and puppet apply archive { '/tmp/test':
source => 'http://httpbin.org/basic-auth/user/passwd',
username => 'user',
password => 'passwd',
} |
If I get a chance I can see if I can get this tested but I'm under a lot of pressure right now to keep these production systems online. Don't suppose it'd be possible to have a |
You should be able to reproduce your error using Something like (untested) Make any change you want to the copy of the module in |
I've run a fresh test, looks like the file isn't being created I think? Output:
Code/tmp/modules/archive/lib/puppet/provider/archive/curl.rb
/tmp/test.pp
|
Ah. My bad. Since it was created with Maybe in |
Does your password contain spaces?? I'm guessing it's going to be something like that. |
If that is the issue, I can probably fix it. Worse case, we just disable the use of netrc for username/password with spaces in. (There is no way of escaping them it would seem). Something like... --- a/lib/puppet/provider/archive/curl.rb
+++ b/lib/puppet/provider/archive/curl.rb
@@ -7,8 +7,14 @@ Puppet::Type.type(:archive).provide(:curl, parent: :ruby) do
def curl_params(params)
if resource[:username]
- create_netrcfile
- params += ['--netrc-file', @netrc_file.path]
+ if resource[:username] =~ %r{\s} || resource[:password] =~ %r{\s}
+ Puppet.warning('Username or password contains a space. Unable to use netrc file to hide credentials')
+ account = [resource[:username], resource[:password]].compact.join(':')
+ params += optional_switch(account, ['--user', '%s'])
+ else
+ create_netrcfile
+ params += ['--netrc-file', @netrc_file.path]
+ end
end
params += optional_switch(resource[:proxy_server], ['--proxy', '%s'])
params += ['--insecure'] if resource[:allow_insecure] |
Negative, password has no spaces. It's a single HTTP API token. |
Having same issue... but wondering if this is a windows issue in our case or not. I know Powershell requires the creds to be added as a -Credential parameter to Invoke-WebRequest... so not sure. Basically we are trying to forcibly override the Archive used in @pcfens https://github.com/pcfens/puppet-filebeat with something like:
|
Think this is the underlying issue... somewhere its getting 2 auth mechanisms that are being passed to JFrog which is passing to S3 and failing:
|
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
Fails to download due to a 401 Unauthorized.
What behaviour did you expect instead
Download of the archive and extraction.
Output log
Any additional information you'd like to impart
This works perfect with 4.5.0. Looks like it's having some sort of an issue with the
netrc
file, but since it destroys the file after it fails I can't see what's going in it. I've had to rollback. Seems to be related to this change: #399.The text was updated successfully, but these errors were encountered: