403 Forbidden Issue

[edaraanand]

I am trying to transfer a nexus hosted repo to an artifactory local repo and getting 403 forbidden.

2019-02-06 15:58:43,647 [MainThread] [INFO] (nex2art.core.Artifactory:237) - Finalizing repository migrations. 2019-02-06 15:58:43,647 [MainThread] [INFO] (nex2art.core.Artifactory:246) - Finalizing migration for repo maven-releases -> bill-maven-local. 2019-02-06 15:58:43,648 [MainThread] [INFO] (nex2art.core.Artifactory:571) - Sending POST request to https://staging.artifacts.*********desk.net/artifactory/api/repositories/bill-maven-local. 2019-02-06 15:58:43,754 [MainThread] [ERROR] (nex2art.core.Artifactory:582) - Error making request: { "errors" : [ { "status" : 403, "message" : "Forbidden" } ] } Traceback (most recent call last): File "/root/nexus2artifactory-master/nex2art/core/Artifactory.py", line 578, in dorequest else: resp = urllib2.urlopen(req) File "/usr/lib64/python2.7/urllib2.py", line 154, in urlopen return opener.open(url, data, timeout) File "/usr/lib64/python2.7/urllib2.py", line 437, in open response = meth(req, response) File "/usr/lib64/python2.7/urllib2.py", line 550, in http_response 'http', request, response, code, msg, hdrs) File "/usr/lib64/python2.7/urllib2.py", line 475, in error return self._call_chain(args) File "/usr/lib64/python2.7/urllib2.py", line 409, in _call_chain result = func(args) File "/usr/lib64/python2.7/urllib2.py", line 558, in http_error_default raise HTTPError(req.get_full_url(), code, msg, hdrs, fp) HTTPError: HTTP Error 403: Forbidden

[DarthFennec]

I'm ... not too sure. 403 Forbidden is a highly generic response code, and Artifactory doesn't appear to include any further information in its response. You could try looking in artifactory.log to see if any more info shows up around the same time, but I wouldn't think you'd find much that's helpful.

The strange thing is that this is occurring during the finalizing step. The tool will create or update your repository with most of the desired configuration, then it will migrate artifacts, and then it will "finalize" the repository by making a few more changes to the configuration. The fact that it got this far means it has already initialized this repository, at the beginning of the migration; whatever is causing it to fail here didn't apply when the same sort of request was made earlier on the same repository.

This makes me wonder if the issue is consistent. Do you get the same error in the same place if you run migration again? Also, can you provide your Artifactory version and license type?

[aryanakul]

Hi, First of all... Thank you very much for the tool. I am also getting this 403, cause I am not the admin of the artifactory, I just have upload permissions. We are using Artifactory Pro Version. I just wanted to know, what happens in the finalizing step and also, what are the implications of this step failing?

[DarthFennec]

Hi @aryanakul,

If you're not an admin, some of the other steps (such as the initial repo creation step) should also be failing, I would expect. You shouldn't be reaching the finalize step if you're not an admin.

To answer your question: Some repository types support using the repository for only release or snapshot artifacts, or requiring POM file consistency checks. These options also exist in Nexus and are migrated when possible. The problem is that setting these options when creating a repo will often cause artifacts in that repo to fail migration, since not all artifacts already in a repository will necessarily pass those filters. To get around this problem, these three filters are disabled on repository creation, and then updated after artifact migration (the finalize step) to reflect the settings in Nexus. Also, yum repo metadata calculation is triggered during this step.

So to summarize, if the finalize step fails, the implications are:

• All migrated repositories accept both release and snapshot artifacts.
• All migrated repositories have POM consistency checks disabled.
• Metadata calculation hasn't been forced in yum repositories.

[aryanakul]

Hi DarthFennec

I got artifactory repositories created with the same name as we have in nexus by our admin. So, failure at repo creation steps doesn't affect me. He created the artifactory repos with the filters disabled just like the migrator does.

He asked me he can manually change the setting for:

• All migrated repositories accept both release and snapshot artifacts.
• All migrated repositories have POM consistency checks disabled. And, (Metadata calculation hasn't been forced in yum repositories.) doesn't apply in our case.

How can I perform the finalize step manually? Where can I get the information about the above 2 settings?

[DarthFennec]

You can access repositories in the UI via the "Local" and "Remote" links on the Admin tab. When you select a repository, you should see (among other things) three checkboxes that you can use to set these options (Handle Releases, Handle Snapshots, Suppress POM Consistency) as shown here. Generally, "Suppress POM Consistency" should be selected, and the other two should reflect the settings for that repo in Nexus.

[peters95]

Closing this issue due to age