Build Errors

[domcar]

Thanks for creating an issue! Please fill out this form so we can be sure to have all the information we need, and to minimize back and forth.

• What are you trying to do? I installed Nexus using the Helm Chart and I wanted to use GCS as blobstore. I installed maven and then I run mvn clean install but at the tests I receive several Errors like

  
  [INFO] -------------------------------------------------------
  [INFO]  T E S T S
  [INFO] -------------------------------------------------------
  [INFO] Running org.sonatype.nexus.blobstore.gcloud.internal.GoogleCloudBlobStoreIT
  [ERROR] Tests run: 17, Failures: 0, Errors: 17, Skipped: 0, Time elapsed: 1.812 s <<< FAILURE! - in org.sonatype.nexus.blobstore.gcloud.internal.GoogleCloudBlobStoreIT
  [ERROR] isWritable true for buckets created by the Integration Test(org.sonatype.nexus.blobstore.gcloud.internal.GoogleCloudBlobStoreIT)  Time elapsed: 0.173 s  <<< ERROR!
  java.lang.NullPointerException: Cannot invoke method getFile() on null object
  at org.sonatype.nexus.blobstore.gcloud.internal.GoogleCloudBlobStoreIT.setup(GoogleCloudBlobStoreIT.groovy:80)

[ERROR] isWritable true for buckets created by the Integration Test(org.sonatype.nexus.blobstore.gcloud.internal.GoogleCloudBlobStoreIT) Time elapsed: 0.174 s <<< ERROR! java.lang.NullPointerException: Cannot invoke method stop() on null object at org.sonatype.nexus.blobstore.gcloud.internal.GoogleCloudBlobStoreIT.cleanup(GoogleCloudBlobStoreIT.groovy:99)

Can you help me understadn what is the problem?

[nblair]

Thanks for opening this - I can confirm that's the case. The mvn install goal includes the verify phase, which due to the inclusion of the maven-failsafe-plugins, runs the integration tests.

The integration tests expect that you've provided a valid GCP credential file with a specific name in a known location (see src/test/resources).

So the first choice would be to follow the setup instructions there. Alternatively, if you want to live a little more dangerously, you could run an alternate maven goal that doesn't include the verify, like mvn package.

Let me know if I can help answer questions on IT setup!

[domcar]

Hi @nblair thanks for your answer. Could you please tell me what the integration tests do (regarding gcs access)? Do they just check if the provided credentials are able to create a bucket and write to it?

Because in my case I will create the bucket and provide access only to this bucket. In the README is stated

will grant the plugin to create any Google Cloud Storage Buckets you require and administer 
all of the objects within, but it will also have access to manage 
any other Google Cloud Storage Buckets associated with the project.

and this is too much permissions for me. Anyway the targets get created and I am able to use the plugin to get a bucket as a blobstore. Thanks

[nblair]

Hi @domcar!

Could you please tell me what the integration tests do (regarding gcs access)?

The integration test for the blobstore:

1. Creates a GCS bucket with a name like integration-test-${UUID}.
2. Configures a minimal instance of the Google Cloud Blobstore linked against that bucket
3. Exercises a few tasks that the blobstore would perform like it would during normal operations inside a Nexus Repository Manager instance. The test method names, like this, give a brief description.
4. The GCS bucket that was created for the test is automatically deleted, regardless of tests pass/fail.

The tests are super helpful if you plan on developing or making customizations. If you're just building the project with no plans for development, you can probably skip them.

and this is too much permissions for me

This is good feedback to hear. So far, I've been developing against a service account that has the Storage Admin for convenience. For day to day use, is that too much to require?

[domcar]

Thanks for the answer! Regarding the permissions, if the plugin or the tests must be able to create a bucket I think that is ok what you are doing. But for my project I will create the bucket myself and restrict the SA permissions only to the bucket, that's why the permissions are too much for me. Maybe it could be helpful to add the option to use an existing bucket with an existing sa?

[nblair]

I think it should work with just the Storage Object Creator and Storage Object Viewer roles, mind doing an experiment?

1. Build the project with just mvn clean package.
2. Create the desired bucket in advance.
3. Create a service account with the Storage Object Creator and Storage Object Viewer roles.
4. Setup an NXRM instance with the plugin installed on a GCP instance that uses service account.
5. Log in to RM and try to create a blobstore with that desired bucket name.

The initialization code already tests to see if the bucket exists and skips the bucket create call if the bucket is already present. Let me know how it goes :)

[domcar]

@nblair Sorry I'm late to answer, I'll test it as soon as I can.

Another question, i saw that the AWS plugin was implemented upstream in the nexus image, do you know if this plugin is also going to be integrated?

[nblair]

Hey @domcar - the AWS S3 plugin did start the same way, as a plugin, then pulled upstream. We do have our eye on a similar path, but it's not scheduled currently in our roadmap.

[nblair]

Going to close the issue for now - feel free to re-open or create a new issue if you need more assistance, thanks!