space required from token service?
bibby opened this issue · 2 comments
bibby commented
I've configured a secure authorization token service, but I found it that was needed to add a space in the service value.
working config:
auth:
token:
realm: {{AUTH_URL}}
service: nmx registry
issuer: nmx_registry
rootcertbundle: /usr/registry/certs/registry-auth.crt
Note that the value nmx registry
needed a space. The previous value nmx_registry
produced this error on bow Update:
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] Building parents tree for [ registry ] [0/1897]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: GET BUCKET: open bucket for READ [ registry->catalog ]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: GET BUCKET: Done
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: CREATE BUCKET: open bucket for WRITE [ registry->_namesgraph ]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: CREATE BUCKET: creating bucket [ _namesgraph ]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] MakeQuery: Code [401] : Bearer auth. Trying to get auth token.
panic: runtime error: slice bounds out of range
goroutine 18 [running]:
panic(0x800b60, 0xc82000a050)
/usr/lib/go-1.6/src/runtime/panic.go:481 +0x3e6
qurl.getbearertoken(0xc820310080, 0x71, 0xc82000b660, 0x6, 0xc82000b638, 0x8, 0x1, 0x0, 0x0, 0xc820050900)
/app/src/qurl/qurl.go:73 +0xa36
qurl.MakeQuery(0x8cb930, 0x15, 0x8823f8, 0x3, 0xc820013560, 0xc820013590, 0x7551c0, 0xc8203e80c0, 0xc8203e8060, 0x0)
/app/src/qurl/qurl.go:118 +0xa17
checker.checkRepos(0xc82011a000)
/app/src/checker/repository.go:17 +0x191
created by checker.DaemonManager
/app/src/checker/checker.go:23 +0x395
qurl.go:73
is slicing a string on the Index of space that I didn't have. Knowing next to nothing about JWT, I can't be sure what an appropriate service
value looks like.
My auth service works when a space is added, so I'm not blocked at all by this; just thought it was curious.
Evedel commented
Yup, to have hardcoded indexing cannot be a good idea.