[
https://issues.apache.org/jira/browse/NIFI-15692?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Villard updated NIFI-15692:
----------------------------------
Status: In Progress (was: Patch Available)
> GitLabRepositoryClient.deleteContent() fails with 403 when GitLab is behind
> reverse proxy due to getRawFile() usage
> -------------------------------------------------------------------------------------------------------------------
>
> Key: NIFI-15692
> URL: https://issues.apache.org/jira/browse/NIFI-15692
> Project: Apache NiFi
> Issue Type: Bug
> Components: Extensions
> Affects Versions: 2.7.2
> Reporter: Ivan Majsinger
> Assignee: Pierre Villard
> Priority: Major
> Time Spent: 50m
> Remaining Estimate: 0h
>
> h3. Problem
> GitLabFlowRegistryClient fails to register flow snapshots when GitLab is
> behind an Apache reverse proxy. The verification passes all checks, but
> "Start Version Control" fails with 403 Forbidden.
> h3. Root Cause
> The \{{deleteContent()}} method in \{{GitLabRepositoryClient.java}} uses
> \{{getRawFile()}} which hits the
> \{{/api/v4/projects/.../repository/files/.../raw}} endpoint. This endpoint is
> handled differently by some reverse proxies, causing a redirect to HTTP port
> 80 where authentication fails.
> {code:java}
> // Current implementation (line ~266)
> public InputStream deleteContent(...) {
> return execute(() -> {
> final InputStream content =
> gitLab.getRepositoryFileApi().getRawFile(...); // FAILS HERE
> gitLab.getRepositoryFileApi().deleteFile(...);
> return content;
> });
> }
> {code}
> h3. Error
> {code}
> org.gitlab4j.api.GitLabApiException:
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
> <html><head><title>403 Forbidden</title></head><body>
> <h1>Forbidden</h1>
> <p>You don't have permission to access this resource.</p>
> <address>Apache Server at [hostname] Port 80</address>
> </body></html>
> at
> org.gitlab4j.api.RepositoryFileApi.getRawFile(RepositoryFileApi.java:422)
> at org.apache.nifi.gitlab.GitLabRepositoryClient.lambda$deleteContent$8
> {code}
> h3. Proposed Fix
> Use \{{getFile()}} instead of \{{getRawFile()}}. The \{{getFile()}} method
> uses the standard \{{/api/v4/projects/.../repository/files/...}} endpoint
> (without \{{/raw}}) which returns Base64-encoded content and works correctly
> behind reverse proxies.
> {code:java}
> // Proposed fix
> public InputStream deleteContent(...) {
> return execute(() -> {
> RepositoryFile file =
> gitLab.getRepositoryFileApi().getFile(projectPath, resolvedPath, branch);
> byte[] content = Base64.getDecoder().decode(file.getContent());
> gitLab.getRepositoryFileApi().deleteFile(...);
> return new ByteArrayInputStream(content);
> });
> }
> {code}
> h3. Related
> - gitlab4j-api issue: https://github.com/gmessner/gitlab4j-api/issues/282
> h3. Environment
> - NiFi 2.7.0
> - GitLab behind Apache reverse proxy
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
