Binary Artifact Management Tool

I tried to create NPM account using npm tool for Central registry with this command:

npm adduser --loglevel silly --registry=https://central.artipie.com/npm --always-auth

I've entered valid username and password but got 401 error:

npm verb login before first PUT {
npm verb login   _id: 'org.couchdb.user:artipie',
npm verb login   name: 'artipie',
npm verb login   password: 'XXXXX',
npm verb login   type: 'user',
npm verb login   roles: [],
npm verb login   date: '2020-05-27T13:34:21.893Z'
npm verb login }
npm http fetch PUT 401 https://central.artipie.com/npm/-/user/org.couchdb.user:artipie 796ms
npm verb adduser before first PUT {
npm verb adduser   _id: 'org.couchdb.user:artipie',
npm verb adduser   name: 'artipie',
npm verb adduser   password: 'XXXXX',
npm verb adduser   email: '[email protected]',
npm verb adduser   type: 'user',
npm verb adduser   roles: [],
npm verb adduser   date: '2020-05-27T13:34:22.690Z'
npm verb adduser }
npm http fetch PUT 401 https://central.artipie.com/npm/-/user/org.couchdb.user:artipie 271ms
npm verb stack Error: 401 Unauthorized - PUT https://central.artipie.com/npm/-/user/org.couchdb.user:artipie
npm verb stack     at /usr/lib64/node_modules/npm/node_modules/npm-registry-fetch/check-response.js:104:15
npm verb stack     at processTicksAndRejections (internal/process/task_queues.js:97:5)
npm verb statusCode 401

It seems I configured auth wrong.

Support Artifactory API at /api/secutiry/users and /api/secutiry/permissions: API clients should be able to create update and delete users and permissions.

When data is being posted to helm repo, the 100 response is started to being printed and then stuck. Try helm proof for details:

curl -i -X POST --data-binary @tomcat-0.4.1.tgz http://localhost:8080/example_helm_repo/
HTTP/1.1 100 Continue

Some repositories have path config parameter, some don't have it. I think we can remove it safely from config, since we always know what is the path of current request. Even if we switch to another routing schema #178 we still be able to get the path from request on top level. So we can remove it from config and specify directly. @artipie/contributors do you agree?

Add interface to collect Artipie metrics for some common events. This interface is going to be connected to third-party services later. For the first stage, we may just print metrics to log output. Let's start with these metrics:

• artifact uploaded
• artifact downloaded
• artifact upload error
• artifact download error
• not authenticated
• not authorized

Feel free to suggest more metrics or discuss existing.

Artipie performs a lot of read operations for repository configs, it would be better to cache these configs in memory. The config can be updated at any time, so we need to drop cached value after some time, e.g. after few minutes. Consider using soft references to avoid OOM errors when working with many repos.

Running mvn verify -Pqulice is extremely long because of the task make-assembly.

It shouldn't be enabled in a normal build but only via a profile.

I suppose the CI should take that into account also (depending on where this jar is needed).

Resolving issue #74 Catching exceptions when reading repo config file. It is catching any exception when reading file and return 404 with an error message.

Currently, it seems we have some "reactive overhead" in Artipie module for Dashboard and API - these components are not good candidates for applying reactive streams on them, because:

1. API and Dashboard data traffic is very low and request frequency is rare, comparing to repository traffic.
2. almost all requests contains only one chunk of data, so using Publisher of ByteBuffer for processing one ByteBuffer is overhead
3. using non-blocking reactive streams approach requires a lot of additional code and work, which is OK if we pay it for better performance or resources consumption for high-load traffic, but in case with Dashboard and API, the traffic is low.

Proposal

I'm suggesting restructure Dashboard and API code and move it to separate software components (dedicated servers). It allows us to:

• Simplify the code in artipie/artipie module by removing the code related to API management and Dashboard.
• Use other approaches (maybe another web frameworks or even languages) for other modules.
• Simplify changes in Dashboard and API, since these changes will not depend on main Artipie components (makes coupling lower).
• Better (granular) resources control for these components in big applications in cluster.

Possibly, API and dashboard could be one component, not two.

Implementation

Dashboard and API components may expose endpoints for /api and /dashboard URL paths; primary load-balancer routes requests based on this path: /api paths goes to API service, /dashboard path to Dashboard service and other requests to main Artipie service (see diagram below).

Questions

Using this approach, some aspects are not clear:

1. How to provide simple deployment for local usage (now we have Docker with Dashboard and API included). Maybe Docker-compose or something like this can be used for that (if users needs dashboard and API for tiny local deployments).
2. Auth mechanism for API and Dashboard - now it's rely on artipie/http authorization implementation, we may need to copy-paste this logic if we switch to multiservice components.

The puzzle 74-e630ca71 from #74 has to be resolved:

https://github.com/artipie/artipie/blob/2ef2028f29ee2b5fa4b794091c9ed57408373f13/src/main/java/com/artipie/Pie.java#L49-L52

The puzzle was created by @g4s8 on 08-May-20.

Estimate: 30 minutes, role: DEV.

If you have any technical questions, don't ask me, submit new tickets instead. The task will be "done" when the problem is fixed and the text of the puzzle is removed from the source code. Here is more about PDD and about me.

Artipie prints this warning on each incoming HTTP request:

WARNING: You're already on a Vert.x context, are you sure you want to create a new Vertx instance?

It seems we're creating new Vertx instance for storage on each request.

Hi Team,

I was wondering if Artipie supports PKCS 12 if I supplied the cert with the file option(see doc below) | https://github.com/artipie/artipie/wiki/Configuration-Credentials#credentials

My use case is I would want to connect/proxy to a upstream pypi repo with PKCS 12 credentials instead of username and password

https://github.com/artipie/artipie/wiki/pypi-proxy

Thanks!

Several adapters (at least npm and conda) requires from us to support token authentication. Let's use vert.x jwt auth for these purposes as a) jwt are stateless, b) we do not need to invent any bicycles. Users will be able to use the token in all artipie: as for our rest api and for some repository.

It would be nice to be able to install/update Artipie to RHEL-based servers with yum install/update artipie :D

The RPM package could include:

• The JAR file
• A SystemD unit file
• A sample configuration file
• ???

I could probably help with writing a spec file. GitHub should have an Action that will build the actual package. The public Artipie instance could then host the packages. How cool is that? :)

We have repository type maven-group in SliceFromConfig, the repository is build right in the SliceFromConfig. Let's figure out what is this repository idea, how it works and either add proper documentation and integration test or remove it.