Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: quay-v3.8.0
Affects Version/s: quay-v3.7.0
Component/s: quay
Labels:
- proxycache
- quay
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False
Product:
Quay Enterprise

RICE Score:
0

Target Version:

quay-v3.7.8, quay-v3.8.0

SFDC Cases Links:
SFDC Cases Counter:

Description

When the upstream registry is Sonatype Nexus, the following authenticate header is returned to Quay:

www-authenticate: BASIC realm=...

Because Quay expects the authenticate header to contain the word Basic, this authentication always fails, see here:

https://github.com/quay/quay/blob/31e5b00b3c8a07582d144452789e2599a3c3cc19/proxy/__init__.py#L180

This means that proxying upstream Nexus registries becomes impossible and will always fail on our end. We could modify the check by converting the scheme to lower case:

        if str(scheme).lower() == "basic" and auth is not None:
            # attach basic auth header to session
            requests.auth.HTTPBasicAuth(auth[0], auth[1])(self._session)
            return