Camel-K maven security

[milank78git]

I have Camel 1.11.0 and I am trying to use Maven with the settings-security.xml file.

I created a configmap with the settings.xml and security-settings.xml and configured the build.

apiVersion: v1
kind: ConfigMap
metadata:
  name: maven-settings
data:
   settings.xml: |
         ....
            <profiles>
                <profile>
                    <id>repos-public</id>
                    <repositories>
                        <repository>
                            <id>repo-public</id>
                            <url>https://nexus3.xxx.com/repository/maven-public</url>
                            <releases>
                                <enabled>true</enabled>
                            </releases>
                            <snapshots>
                                <enabled>true</enabled>
                            </snapshots>
                        </repository>
			...
			  <servers>
                <server>
                    <id>repo-public</id>
                    <username>user3</username>
                    <password>{wvv5ueoFlXoHcMpnk88WRekCyl5i1QHhvdzllcIAdUtShh1CPbMww/hyOcFTwm83}</password>
                </server>

Config-map with maven-settings-security

apiVersion: v1
kind: ConfigMap
metadata:
  name: maven-settings-security
data:
   settings-security.xml: |
        <settingsSecurity>
          <master>{vLJwNrcWGhgH4pmN11IvBEtu6Pk9JGayWbyvQMv0j1FbvxbOqHB2V48tpBV43lmP}</master>
        </settingsSecurity>

Camel-k setting in integrationPlatform

  status:
    build:
      PublishStrategyOptions:
        KanikoPersistentVolumeClaim: camel-k
      buildStrategy: routine
      maven:
        cliOptions:
        - -V
        - --no-transfer-progress
        - -Dstyle.color=never
        localRepository: /tmp/artifacts/m2
        settings:
          configMapKeyRef:
            key: settings.xml
            name: maven-settings
        settingsSecurity:
          configMapKeyRef:
            key: settings-security.xml
            name: maven-settings-security

When I run the build, I get an error with ERROR

{"level":"info","ts":1672212215.0727262,"logger":"camel-k.builder","msg":"executing step","step":"github.com/apache/camel-k/pkg/builder/BuildQuarkusRunner","phase":"20","task":"builder"}
{"level":"info","ts":1672212215.074139,"logger":"camel-k.maven","msg":"executing: mvn -V --no-transfer-progress -Dstyle.color=never package -Dmaven.repo.local=/tmp/artifacts/m2 --global-settings /tmp/kit-celuttilksj796lodsag-1744468590/maven/settings.xml --settings /tmp/kit-celuttilksj796lodsag-1744468590/maven/user-settings.xml -Dmaven.artifact.threads=1 -T 1","MAVEN_OPTS":""}
{"level":"info","ts":1672212215.074187,"logger":"camel-k.maven.build","msg":"Executed command: /usr/bin/mvn -V --no-transfer-progress -Dstyle.color=never package -Dmaven.repo.local=/tmp/artifacts/m2 --global-settings /tmp/kit-celuttilksj796lodsag-1744468590/maven/settings.xml --settings /tmp/kit-celuttilksj796lodsag-1744468590/maven/user-settings.xml -Dmaven.artifact.threads=1 -T 1"}
{"level":"info","ts":1672212216.9216313,"logger":"camel-k.maven.build","msg":"Apache Maven 3.8.6 (84538c9988a25aec085021c365c560670ad80f63)"}
{"level":"info","ts":1672212216.921708,"logger":"camel-k.maven.build","msg":"Maven home: /usr/share/maven"}
{"level":"info","ts":1672212216.9217167,"logger":"camel-k.maven.build","msg":"Java version: 11.0.16, vendor: Eclipse Adoptium, runtime: /opt/mandrel"}
{"level":"info","ts":1672212216.9217215,"logger":"camel-k.maven.build","msg":"Default locale: en_US, platform encoding: UTF-8"}
{"level":"info","ts":1672212216.9217246,"logger":"camel-k.maven.build","msg":"OS name: \"linux\", version: \"5.15.0-41-generic\", arch: \"amd64\", family: \"unix\""}
{"level":"info","ts":1672212219.2746494,"logger":"camel-k.maven.build","msg":"Scanning for projects..."}
{"level":"info","ts":1672212219.8636255,"logger":"camel-k.controller.build","msg":"Reconciling Build","request-namespace":"mk2","request-name":"kit-celuttilksj796lodsag"}
{"level":"debug","ts":1672212219.8636625,"logger":"camel-k","msg":"Operator is local to namespace"}
{"level":"info","ts":1672212219.8637774,"logger":"camel-k.controller.build","msg":"Invoking action monitor-routine","request-namespace":"mk2","request-name":"kit-celuttilksj796lodsag","api-version":"camel.apache.org/v1","kind":"Build","ns":"mk2","name":"kit-celuttilksj796lodsag"}
{"level":"error","ts":1672212226.9282494,"logger":"camel-k.maven.build","msg":"[ERROR] Some problems were encountered while processing the POMs:\n[ERROR] Non-resolvable import POM: Could not transfer artifact org.apache.camel.k:camel-k-runtime-bom:pom:1.16.0 

And if I look at the file /tmp/artifacts/m2/org/apache/camel/k/camel-k-runtime-bom/1.16.0/camel-k-runtime-bom-1.16.0.pom.lastUpdated that it is trying to retrieve from Nexus, there is a 401 Unauthorized error in it

"If I use the password without encryption in settings.xml , the build will pass."

[squakez]

It seems some problem with the encryption. According to the guideline in https://maven.apache.org/guides/mini/guide-encryption.html it even seems that your server password (encrypted) may be shorter. Can you double check the encryption procedure? Also, can you check that the very same configuration works locally outside Camel K?

[milank78git]

Yes I checked my local encrypted password works in maven

[squakez]

It seems that the settings security are not taken in consideration then. I guess the configmap is in the same Integration namespace. The way it is implemented right now, it swallow any empty value, so we don't have a clear way to distinguish the reason why this is failing:

camel-k/pkg/builder/project.go

Line 114 in 79fefb9

settingsSecurity, err := kubernetes.ResolveValueSource(ctx.C, ctx.Client, ctx.Namespace, &ctx.Build.Maven.SettingsSecurity)

I'm marking as a bug, as, at least, we need some better message when the option is configured and no configmap/secrets are found.

[milank78git]

Thx but It seems that the map is being loaded. I looked inside the container during the build and saw that a file called 'settings.xml' and settings-security.xml with an encrypted password was created in the '/tmp/kit-.... ' directory.

[gansheer]

It seems that the settings security are not taken in consideration then. I guess the configmap is in the same Integration namespace. The way it is implemented right now, it swallow any empty value, so we don't have a clear way to distinguish the reason why this is failing:

camel-k/pkg/builder/project.go

Line 114 in 79fefb9

settingsSecurity, err := kubernetes.ResolveValueSource(ctx.C, ctx.Client, ctx.Namespace, &ctx.Build.Maven.SettingsSecurity)

I'm marking as a bug, as, at least, we need some better message when the option is configured and no configmap/secrets are found.

I made some tests with cases of absence of configmap for maven-settings or maven-settings-security , the existing message looks good to me :

camel-k-operator-74b6fbf54b-g6lbj camel-k-operator {"level":"info","ts":1677757649.7288024,"logger":"camel-k.builder","msg":"step failed with error: ConfigMap \"maven-settings-security\" not found","step":"github.com/apache/camel-k/pkg/builder/GenerateProjectSettings","phase":"11","task":"builder"}

@milank78git : is the artifact org.apache.camel.k:camel-k-runtime-bom:pom:1.16.0 available in you nexus ? Can you download it from outside of camel-k with your settings configuration ?