anancarv
commented
10 months ago Thanks for pointing it out @NiklasRosenstein . I'll update that feature ASAP
Open NiklasRosenstein opened 10 months ago
anancarv
commented
10 months ago Thanks for pointing it out @NiklasRosenstein . I'll update that feature ASAP
NiklasRosenstein
commented
10 months ago Thanks @anancarv !
FYI, this is how I worked around it for now:
def create_access_token(
self: ArtifactorySecurity,
user_name: str,
expires_in: int = 3600,
refreshable: bool = False,
groups: list[str] | None = None,
) -> AccessTokenModel:
"""
A variation of #ArtifactorySecurity.create_access_token() that passes the correct "scope".
"""
payload = {
"username": user_name,
"expires_in": expires_in,
"refreshable": refreshable,
}
payload.update({"scope": "applied-permissions/user"})
response = self._post(f"api/{self._uri}/token", data=payload, raise_for_status=False)
if response.ok:
return AccessTokenModel(**response.json())
raise InvalidTokenDataException(response.json().get("error_description", "Unknown error"))
ArtifactorySecurity.create_access_token = create_access_token # type: ignore[method-assign]That being said, JFrog did acknowledge that this as a bug in the old endpoint that was recently introduced:
Is your feature request related to a problem? Please describe.
The old Create Token API that is used by
ArtifactorySecurity.create_access_token()is deprecated: https://jfrog.com/help/r/jfrog-rest-apis/delete-group?tocId=2_OrHvmQlC6dtFFR8F9i3wDescribe the solution you'd like
Add support for or use the new Create Token API instead: https://jfrog.com/help/r/jfrog-rest-apis/create-token
Additional context
We ran into an issue today where all the tokens generated with
pyartifactorydidn't actually have any permissions. It seems the "scope" value of the deprecated API endpoint expects the format of the new endpoint (e.g. "applied-permissions/user" is what we're using now after monkey-patching pyartifactory).