Evedel/bow

space required from token service?

bibby opened this issue · 2 comments

bibby commented

I've configured a secure authorization token service, but I found it that was needed to add a space in the service value.

working config:

auth:
  token:
    realm: {{AUTH_URL}}
    service: nmx registry
    issuer: nmx_registry
    rootcertbundle: /usr/registry/certs/registry-auth.crt

Note that the value nmx registry needed a space. The previous value nmx_registry produced this error on bow Update:

[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] Building parents tree for [ registry ]                                                            [0/1897]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: GET BUCKET: open bucket for READ  [ registry->catalog ]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: GET BUCKET: Done
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: CREATE BUCKET: open bucket for WRITE [ registry->_namesgraph ]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] DB: CREATE BUCKET: creating bucket [ _namesgraph ]
[ Fri, 18 Aug 2017 02:17:47 UTC ][ L1 ] MakeQuery: Code [401] : Bearer auth. Trying to get auth token.
panic: runtime error: slice bounds out of range

goroutine 18 [running]:
panic(0x800b60, 0xc82000a050)
        /usr/lib/go-1.6/src/runtime/panic.go:481 +0x3e6
qurl.getbearertoken(0xc820310080, 0x71, 0xc82000b660, 0x6, 0xc82000b638, 0x8, 0x1, 0x0, 0x0, 0xc820050900)
        /app/src/qurl/qurl.go:73 +0xa36
qurl.MakeQuery(0x8cb930, 0x15, 0x8823f8, 0x3, 0xc820013560, 0xc820013590, 0x7551c0, 0xc8203e80c0, 0xc8203e8060, 0x0)
        /app/src/qurl/qurl.go:118 +0xa17
checker.checkRepos(0xc82011a000)
        /app/src/checker/repository.go:17 +0x191
created by checker.DaemonManager
        /app/src/checker/checker.go:23 +0x395

qurl.go:73 is slicing a string on the Index of space that I didn't have. Knowing next to nothing about JWT, I can't be sure what an appropriate service value looks like.

My auth service works when a space is added, so I'm not blocked at all by this; just thought it was curious.

Yup, to have hardcoded indexing cannot be a good idea.