Some questions about new API

Hi there! I’m writing an API-Client to Nexus and have a couple of questions about new API.

As first example:
I need to find a LDAP user. Associate some Nexus roles to him. And after that return this user to previous state (that means delete Nexus Roles)

  1. Let’s find our test user:
    curl -X GET "https://nexus.testkontur.ru/service/rest/beta/security/users?userId=svc_idevops_testuser&source=LDAP" -H "accept: application/json"

Output:
{ "userId": "svc_devops_testuser", "firstName": "svc_devops_testuser", "lastName": null, "emailAddress": "svc_devops_testuser@somemail.com", "source": "LDAP", "status": "active", "readOnly": true, "roles": [], "externalRoles": [ "ApplicationServiceAccount", "ServiceAccounts" ] }
Next I want to give some Nexus roles to that user and request is next:
curl -X PUT "https://nexus.testkontur.ru/service/rest/beta/security/users/svc_idevops_testuser" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"userId\": \"svc_devops_testuser\", \"firstName\": \"svc_devops_testuser\", \"lastName\": null, \"emailAddress\": \"svc_devops_testuser@somemail.com\", \"source\": \"LDAP\", \"status\": \"active\", \"readOnly\": true, \"roles\": [\"npm\"], \"externalRoles\": [ \"ApplicationServiceAccount\", \"ServiceAccounts\" ] }"

And I’ve got 400 error with next content:
[ { "id": "PARAMETER lastName", "message": "may not be empty" } ]

But as far as we see in previous request - lastName IS null. Because this is a service account. And if I try to put empty string there I will still get this error. As workaround in my client I was using NewGuid.ToString.Empty() and exclude checking this field in tests and then it works and tests passed(And user in Nexus appears to be with right permissions). But in my opinion it looks very strange. Am I missing something?

Same problem when I’m trying to delete roles from user.
I am trying to pass empty array and have an error that server can't find role with id = ""
Next I tried to delete this roles from browser in user section with network inspector “On”. I understand that it uses other java-methods to update user state than API but it passes an empty array when I was exploring request.
So this moment is really confusing to me.
How can I delete nexus-roles from LDAP-user via REST-API?

Same issue repeats when I’m trying to create roles. As arrange state I need to create ContentSelector (works fine), privilege that based on that ContentSelector ( still works fine) and then I need to create the role with privilege/privileges based on the ContentSelector. In swagger model fields “roles” and “privileges” can be empty arrays/null. But if I don’t pass anything Nexus returns me 400 “Bad Request”.
The same question come here: I don not need any roles for the Role that I’m creating. But I need some privileges. How can I achieve this via REST-API?

As a workaround I see only this kind of solution:
Create some “empty” roles with “empty” privileges (mean only for browse right as example) and assign them in cases whenever user have no need in nexus repo for any reason.

I suspect that’s a bug and the implementation focused on local users where both names are required. If you don’t hear any other feedback you could file at issues.sonatype.com to get resolved.
-Joe

1 Like

https://issues.sonatype.org/browse/NEXUS-21747