Artifactory: Credential Bootstrap failure due to Invalid Character

[Souheil-Yazji]

Is this a request for help?: No

---

Is this a BUG REPORT or FEATURE REQUEST? (choose one): Bug Report

Version of Helm and Kubernetes:
Helm: 3.7.1
K8s: 1.24.x

Which chart:
Artifactory installed via Jfrog Platform

Which product license (Enterprise/Pro/oss):
Enterprise (present in all mostlikely)

JFrog support reference (if already raised with support team): - no support issue raised.

What happened:
When bootstraping credentials to the helm chart for the default admin account creds, including certain characters, for example an "=" sign causes the pod to fail after start-up, forcing crashloop backoff. After digging through the pod's log, the following is found:

2023-05-03T17:06:01.583Z [1;33m[jfac ][0;39m [31m[WARN ][0;39m [6d02b58477684c56] [ebServerApplicationContext:591] [Catalina-utility-1 ] - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.context.ApplicationContextException: Unable to start web server; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name ```org.springframework.boot.autoconfigure.jersey.JerseyAutoConfiguration': Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'jerseyConfig' defined in URL [jar:file:/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/access/WEB-INF/lib/access-application-7.64.5.jar!/org/jfrog/access/rest/config/JerseyConfig.class]: Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.jfrog.access.rest.config.JerseyConfig]: Constructor threw exception; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'licenseResource' defined in URL [jar:file:/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-rest-7.64.5.jar!/org/jfrog/access/server/rest/resource/license/LicenseResource.class]: Unsatisfied dependency expressed through constructor parameter 0; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'legacyLicenseServiceImpl' defined in URL [jar:file:/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-core-7.64.5.jar!/org/jfrog/access/server/service/license/LegacyLicenseServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 1; nested exception is org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'systemServiceImpl' defined in URL [jar:file:/opt/jfrog/artifactory/app/artifactory/tomcat/webapps/access/WEB-INF/lib/access-server-core-7.64.5.jar!/org/jfrog/access/server/service/system/SystemServiceImpl.class]: Unsatisfied dependency expressed through constructor parameter 4; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'accessServerBootstrapImpl': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Illegal credentials file - each line is expected to be in the format: user=pass

This is probably caused by the format of the bootstrap.creds file cred string being <user>@<ip>=<pass>. Having an "=" in this case most likely causes a parsing error.

This also causes other issues to appear such as Cluster join: Join key is missing. Pending for 5 seconds with 60 seconds timeout

What you expected to happen:
At least one of the following:

1. A comment in the helm chart specifying illegal characters (preferably here https://github.com/jfrog/charts/blob/master/stable/artifactory/values.yaml#LL552C102-L552C102)
2. A note in the docs specifying illegal characters (preferably here https://jfrog.com/help/r/jfrog-platform-administration-documentation/introduction-to-users-and-groups?section=UUID-4a36796a-bc7e-e4d5-92ff-44f1dab5e122_id_UsersandGroups-RecreatingtheDefaultAdminUserrecreate)

These would be for the artifactory dev team:
4. No termination of the app, some other fail safe for crash avoidance.
5. A graceful termination of the app

How to reproduce it (as minimally and precisely as possible):
Simply create a helm release with all defaults but add to the chart values
If using the jfrog-platform chart:

artifactory:
  artifactory:
    admin:
      username: admin
      password: IHave=InMe

Anything else we need to know:

[eldada]

Thx @Souheil-Yazji for reporting this.
This seems to be indeed a bug in the bootstrap.creds load code. The team is taking this internally.
No workaround for this for now.

[eldada]

Confirmed as a bug. A fix will be released with next Artifactory minor version release.

[nitinpatil1992]

@eldada is there any progress on this? removing admin block helped

[eldada]

I see the current release 7.59.11 is still missing this fix. I'll follow up internally and update

[eldada]

The version with the fix is planned to be release mid July. Probably version 7.63.x