Improvement and more information about auth setup (#93)

The mojo already shown `server.id` and even redirected `server.id`, but it should show does user settings contains auth for these services. Also, refactors a bit, to lessen duplication.

Changes:
* mojo `njord:status` now also shows is (expected) auth present.
* publishers warn if publishing server lacks auth (so 401 can be properly interpreted). This usually means user needs some (more) setup/changes in `settings.xml`.
* Njord DEBUG logs while handling auth redirect.
* DeployerPublisher bugfix: when user specified `-DaltDeploymentRepository` the auth was missing. In this case **no auth redirect is followed** by default, but added new property `-DaltDeploymentRepositoryAuthRedirect` that may be used to override this default. Assumption here is that uses "wants to publish with deploying directly in this given remote repository (usually private MRM instance)".

Fixes #94 
Fixes #92 
Fixes #91

Author: cstamas

core/src/main/java/eu/maveniverse/maven/njord/shared/impl/publisher/DefaultArtifactPublisherRedirector.java

@@ -16,18 +16,24 @@
 import eu.maveniverse.maven.shared.core.component.ComponentSupport;
 import java.util.LinkedHashSet;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Optional;
+import org.eclipse.aether.RepositorySystem;
 import org.eclipse.aether.repository.RemoteRepository;
 
 public class DefaultArtifactPublisherRedirector extends ComponentSupport implements ArtifactPublisherRedirector {
     private final Session session;
+    private final RepositorySystem repositorySystem;
 
-    public DefaultArtifactPublisherRedirector(Session session) {
+    public DefaultArtifactPublisherRedirector(Session session, RepositorySystem repositorySystem) {
         this.session = requireNonNull(session);
+        this.repositorySystem = requireNonNull(repositorySystem);
     }
 
     @Override
     public String getRepositoryUrl(RemoteRepository repository) {
+        requireNonNull(repository);
+
         String url = repository.getUrl();
         if (!url.startsWith(SessionConfig.NAME + ":")
                 && session.config().currentProject().isPresent()) {
@@ -39,6 +45,9 @@ public String getRepositoryUrl(RemoteRepository repository) {
 
     @Override
     public String getRepositoryUrl(RemoteRepository repository, RepositoryMode repositoryMode) {
+        requireNonNull(repository);
+        requireNonNull(repositoryMode);
+
         String url = repository.getUrl();
         Optional<Map<String, String>> sco = session.config().serviceConfiguration(repository.getId());
         if (!url.startsWith(SessionConfig.NAME + ":") && sco.isPresent()) {
@@ -62,28 +71,61 @@ public String getRepositoryUrl(RemoteRepository repository, RepositoryMode repos
     }
 
     @Override
-    public RemoteRepository getAuthRepositoryId(RemoteRepository repository) {
+    public RemoteRepository getAuthRepositoryId(RemoteRepository repository, boolean followAuthRedirection) {
+        requireNonNull(repository);
+
         RemoteRepository authSource = repository;
-        LinkedHashSet<String> authSourcesVisited = new LinkedHashSet<>();
-        authSourcesVisited.add(authSource.getId());
-        Optional<Map<String, String>> config = session.config().serviceConfiguration(authSource.getId());
-        while (config.isPresent()) {
-            String authRedirect = config.orElseThrow().get(SessionConfig.CONFIG_AUTH_REDIRECT);
-            if (authRedirect != null) {
-                authSource = new RemoteRepository.Builder(
-                                authRedirect, authSource.getContentType(), authSource.getUrl())
-                        .build();
-                if (!authSourcesVisited.add(authSource.getId())) {
-                    throw new IllegalStateException("Auth redirect forms a cycle: " + authSourcesVisited);
+        if (followAuthRedirection) {
+            LinkedHashSet<String> authSourcesVisited = new LinkedHashSet<>();
+            authSourcesVisited.add(authSource.getId());
+            Optional<Map<String, String>> config = session.config().serviceConfiguration(authSource.getId());
+            while (config.isPresent()) {
+                String authRedirect = config.orElseThrow().get(SessionConfig.CONFIG_AUTH_REDIRECT);
+                if (authRedirect != null) {
+                    logger.debug("Following auth redirect {} -> {}", authSource.getId(), authRedirect);
+                    authSource = new RemoteRepository.Builder(
+                                    authRedirect, authSource.getContentType(), authSource.getUrl())
+                            .build();
+                    if (!authSourcesVisited.add(authSource.getId())) {
+                        throw new IllegalStateException("Auth redirect forms a cycle: " + authSourcesVisited);
+                    }
+                    config = session.config().serviceConfiguration(authSource.getId());
+                } else {
+                    break;
                 }
-                config = session.config().serviceConfiguration(authSource.getId());
-            } else {
-                break;
             }
+            if (!Objects.equals(repository.getId(), authSource.getId())) {
+                logger.debug("Trail of AUTH for {}: {}", repository.getId(), String.join(" -> ", authSourcesVisited));
+            }
+        } else {
+            logger.debug("Auth redirection following inhibited");
         }
         return authSource;
     }
 
+    @Override
+    public RemoteRepository getPublishingRepository(
+            RemoteRepository repository, boolean expectAuth, boolean followAuthRedirection) {
+        requireNonNull(repository);
+
+        // handle auth redirection, if needed
+        RemoteRepository authSource = repositorySystem.newDeploymentRepository(
+                session.config().session(), getAuthRepositoryId(repository, followAuthRedirection));
+        if (!Objects.equals(repository.getId(), authSource.getId())) {
+            repository = new RemoteRepository.Builder(repository)
+                    .setAuthentication(authSource.getAuthentication())
+                    .setProxy(authSource.getProxy())
+                    .build();
+        } else {
+            repository = authSource;
+        }
+
+        if (expectAuth && repository.getAuthentication() == null) {
+            logger.warn("Publishing repository '{}' has no authentication set", authSource.getId());
+        }
+        return repository;
+    }
+
     @Override
     public Optional<String> getArtifactStorePublisherName() {
         if (session.config().publisher().isPresent()) {

core/src/main/java/eu/maveniverse/maven/njord/shared/impl/publisher/DefaultArtifactPublisherRedirectorFactory.java

@@ -7,17 +7,28 @@
  */
 package eu.maveniverse.maven.njord.shared.impl.publisher;
 
+import static java.util.Objects.requireNonNull;
+
 import eu.maveniverse.maven.njord.shared.Session;
 import eu.maveniverse.maven.njord.shared.publisher.ArtifactPublisherRedirector;
 import eu.maveniverse.maven.njord.shared.publisher.ArtifactPublisherRedirectorFactory;
+import javax.inject.Inject;
 import javax.inject.Named;
 import javax.inject.Singleton;
+import org.eclipse.aether.RepositorySystem;
 
 @Singleton
 @Named
 public class DefaultArtifactPublisherRedirectorFactory implements ArtifactPublisherRedirectorFactory {
+    private final RepositorySystem repositorySystem;
+
+    @Inject
+    public DefaultArtifactPublisherRedirectorFactory(RepositorySystem repositorySystem) {
+        this.repositorySystem = requireNonNull(repositorySystem);
+    }
+
     @Override
     public ArtifactPublisherRedirector create(Session session) {
-        return new DefaultArtifactPublisherRedirector(session);
+        return new DefaultArtifactPublisherRedirector(session, repositorySystem);
     }
 }

core/src/main/java/eu/maveniverse/maven/njord/shared/impl/store/ArtifactStoreDeployer.java

@@ -10,6 +10,7 @@
 import static java.util.Objects.requireNonNull;
 
 import eu.maveniverse.maven.njord.shared.store.ArtifactStore;
+import eu.maveniverse.maven.shared.core.component.ComponentSupport;
 import java.io.IOException;
 import java.util.Collection;
 import java.util.stream.Collectors;
@@ -24,7 +25,7 @@
 /**
  * Helper class.
  */
-public class ArtifactStoreDeployer {
+public class ArtifactStoreDeployer extends ComponentSupport {
     private final RepositorySystem repositorySystem;
     private final RepositorySystemSession repositorySystemSession;
     private final RemoteRepository repository;
@@ -60,6 +61,11 @@ public void deploy(ArtifactStore artifactStore, Collection<Artifact> artifacts)
         } else {
             deployRequest.setRepository(repositorySystem.newDeploymentRepository(repositorySystemSession, repository));
         }
+        if (!repositoryPrepared && deployRequest.getRepository().getAuthentication() == null) {
+            logger.warn(
+                    "Deployment repository '{}' has no authentication set",
+                    deployRequest.getRepository().getId());
+        }
         deployRequest.setTrace(new RequestTrace(artifactStore));
         try {
             repositorySystem.deploy(repositorySystemSession, deployRequest);

core/src/main/java/eu/maveniverse/maven/njord/shared/impl/store/DefaultArtifactStoreMerger.java

@@ -57,7 +57,7 @@ public void redeploy(ArtifactStore source, ArtifactStore target) throws IOExcept
                             repositorySystem,
                             sessionConfig.session(),
                             new RemoteRepository.Builder(targetName, "default", "njord:store:" + targetName).build(),
-                            false)
+                            true)
                     .deploy(from);
         }
     }
@@ -107,7 +107,7 @@ public void merge(ArtifactStore source, ArtifactStore target) throws IOException
                             repositorySystem,
                             sessionConfig.session(),
                             new RemoteRepository.Builder(targetName, "default", "njord:store:" + targetName).build(),
-                            false)
+                            true)
                     .deploy(from, toBeWritten);
         }
     }

core/src/main/java/eu/maveniverse/maven/njord/shared/publisher/ArtifactPublisherRedirector.java

@@ -27,7 +27,16 @@ public interface ArtifactPublisherRedirector {
     /**
      * Returns the remote repository to source auth from for the passed in remote repository. Never returns {@code null}.
      */
-    RemoteRepository getAuthRepositoryId(RemoteRepository repository);
+    RemoteRepository getAuthRepositoryId(RemoteRepository repository, boolean followAuthRedirection);
+
+    /**
+     * Returns the remote repository to use for publishing. Never returns {@code null}. The repository will have
+     * auth and any auth-redirection, if applicable, applied.
+     *
+     * @see #getAuthRepositoryId(RemoteRepository, boolean)
+     */
+    RemoteRepository getPublishingRepository(
+            RemoteRepository repository, boolean expectAuth, boolean followAuthRedirection);
 
     /**
      * Returns the name of wanted/configured {@link eu.maveniverse.maven.njord.shared.publisher.ArtifactStorePublisher}.

plugin/src/main/java/eu/maveniverse/maven/njord/plugin3/StatusMojo.java

@@ -57,10 +57,16 @@ protected void doWithSession(Session ns) throws IOException, MojoFailureExceptio
         }
         logger.info("* Release");
         logger.info("  Repository Id: {}", deploymentRelease.getId());
-        RemoteRepository releaseAuthSource = ns.artifactPublisherRedirector().getAuthRepositoryId(deploymentRelease);
+        RemoteRepository releaseAuthSource =
+                ns.artifactPublisherRedirector().getPublishingRepository(deploymentRelease, false, true);
         if (!Objects.equals(releaseAuthSource.getId(), deploymentRelease.getId())) {
             logger.info("  Auth source Id: {}", releaseAuthSource.getId());
         }
+        if (releaseAuthSource.getAuthentication() != null) {
+            logger.info("  Repository Auth: Present");
+        } else {
+            logger.warn("  Repository Auth: Absent");
+        }
         logger.info("  POM URL: {}", deploymentRelease.getUrl());
         if (!Objects.equals(deploymentRelease.getUrl(), deploymentReleaseUrl)) {
             logger.info("  Effective URL: {}", deploymentReleaseUrl);
@@ -72,10 +78,16 @@ protected void doWithSession(Session ns) throws IOException, MojoFailureExceptio
         }
         logger.info("* Snapshot");
         logger.info("  Repository Id: {}", deploymentSnapshot.getId());
-        RemoteRepository snapshotAuthSource = ns.artifactPublisherRedirector().getAuthRepositoryId(deploymentSnapshot);
+        RemoteRepository snapshotAuthSource =
+                ns.artifactPublisherRedirector().getPublishingRepository(deploymentSnapshot, false, true);
         if (!Objects.equals(snapshotAuthSource.getId(), deploymentSnapshot.getId())) {
             logger.info("  Auth source Id: {}", snapshotAuthSource.getId());
         }
+        if (snapshotAuthSource.getAuthentication() != null) {
+            logger.info("  Repository Auth: Present");
+        } else {
+            logger.warn("  Repository Auth: Absent");
+        }
         logger.info("  POM URL: {}", deploymentSnapshot.getUrl());
         if (!Objects.equals(deploymentSnapshot.getUrl(), deploymentSnapshotUrl)) {
             logger.info("  Effective URL: {}", deploymentSnapshotUrl);

pom.xml

@@ -119,12 +119,12 @@
       <dependency>
         <groupId>org.eclipse.sisu</groupId>
         <artifactId>org.eclipse.sisu.inject</artifactId>
-        <version>0.9.0.M3</version>
+        <version>${version.sisu}</version>
       </dependency>
       <dependency>
         <groupId>org.eclipse.sisu</groupId>
         <artifactId>org.eclipse.sisu.plexus</artifactId>
-        <version>0.9.0.M3</version>
+        <version>${version.sisu}</version>
       </dependency>
 
       <!-- Resolver + Maven -->

publisher/deploy/src/main/java/eu/maveniverse/maven/njord/publisher/deploy/DeployPublisher.java

@@ -14,18 +14,20 @@
 import eu.maveniverse.maven.njord.shared.publisher.ArtifactStoreRequirements;
 import eu.maveniverse.maven.njord.shared.store.ArtifactStore;
 import java.io.IOException;
-import java.util.Objects;
 import org.eclipse.aether.DefaultRepositorySystemSession;
 import org.eclipse.aether.RepositorySystem;
 import org.eclipse.aether.repository.RemoteRepository;
 
 public class DeployPublisher extends ArtifactStorePublisherSupport {
+    private final boolean followAuthRedirection;
+
     public DeployPublisher(
             Session session,
             RepositorySystem repositorySystem,
             RemoteRepository releasesRepository,
             RemoteRepository snapshotsRepository,
-            ArtifactStoreRequirements artifactStoreRequirements) {
+            ArtifactStoreRequirements artifactStoreRequirements,
+            boolean followAuthRedirection) {
         super(
                 session,
                 repositorySystem,
@@ -36,6 +38,7 @@ public DeployPublisher(
                 releasesRepository,
                 snapshotsRepository,
                 artifactStoreRequirements);
+        this.followAuthRedirection = followAuthRedirection;
     }
 
     @Override
@@ -45,23 +48,15 @@ protected void doPublish(ArtifactStore artifactStore) throws IOException {
             logger.info("Dry run; not publishing to '{}' service at {}", name, repository.getUrl());
             return;
         }
-        // handle auth redirection, if needed
-        RemoteRepository authSource = repositorySystem.newDeploymentRepository(
-                session.config().session(),
-                session.artifactPublisherRedirector().getAuthRepositoryId(repository));
-        if (!Objects.equals(repository.getId(), authSource.getId())) {
-            repository = new RemoteRepository.Builder(repository)
-                    .setAuthentication(authSource.getAuthentication())
-                    .setProxy(repository.getProxy())
-                    .build();
-        }
+        // handle auth redirection, if needed and
         // just deploy as m-deploy-p would
         try (ArtifactStore store = artifactStore) {
             new ArtifactStoreDeployer(
                             repositorySystem,
                             new DefaultRepositorySystemSession(session.config().session())
                                     .setConfigProperty(NjordUtils.RESOLVER_SESSION_CONNECTOR_SKIP, true),
-                            repository,
+                            session.artifactPublisherRedirector()
+                                    .getPublishingRepository(repository, true, followAuthRedirection),
                             true)
                     .deploy(store);
         }

publisher/deploy/src/main/java/eu/maveniverse/maven/njord/publisher/deploy/DeployPublisherFactory.java

@@ -31,14 +31,18 @@
  * <pre>
  *   $ mvn njord:publish -Dpublisher=deploy -DaltDeploymentRepository=myserver::myurl
  * </pre>
- * And it simply deploys to given repository "as Maven would do".
+ * And it simply deploys to given repository "as Maven would do". In this case auth redirection is <em>inhibited</em>,
+ * and Njord will use "myserver::url" as-is, even regarding authentication (again: as Maven would do). If auth
+ * redirection still needed, use {@code -DaltDeploymentRepositoryAuthRedirect=true} (defaults to false IF
+ * {@code DaltDeploymentRepository} is given).
  */
 @Singleton
 @Named(DeployPublisherFactory.NAME)
 public class DeployPublisherFactory implements ArtifactStorePublisherFactory {
     public static final String NAME = "deploy";
 
     private static final String PROP_ALT_DEPLOYMENT_REPOSITORY = "altDeploymentRepository";
+    private static final String PROP_ALT_DEPLOYMENT_REPOSITORY_AUTH_REDIRECT = "altDeploymentRepositoryAuthRedirect";
 
     private final RepositorySystem repositorySystem;
 
@@ -53,6 +57,7 @@ public ArtifactStorePublisher create(Session session) {
 
         RemoteRepository releasesRepository = null;
         RemoteRepository snapshotsRepository = null;
+        boolean followAuthRedirection = true;
         if (session.config().effectiveProperties().containsKey(PROP_ALT_DEPLOYMENT_REPOSITORY)) {
             String altDeploymentRepository =
                     session.config().effectiveProperties().get(PROP_ALT_DEPLOYMENT_REPOSITORY);
@@ -69,6 +74,11 @@ public ArtifactStorePublisher create(Session session) {
             snapshotsRepository = new RemoteRepository.Builder(id, "default", url)
                     .setReleasePolicy(new RepositoryPolicy(false, null, null))
                     .build();
+            followAuthRedirection = Boolean.parseBoolean(session.config()
+                    .effectiveProperties()
+                    .getOrDefault(
+                            PROP_ALT_DEPLOYMENT_REPOSITORY_AUTH_REDIRECT,
+                            "false")); // user specified explicitly what he wants here, but may override it
         } else if (session.config().currentProject().isPresent()) {
             SessionConfig.CurrentProject project =
                     session.config().currentProject().orElseThrow();
@@ -77,6 +87,11 @@ public ArtifactStorePublisher create(Session session) {
         }
 
         return new DeployPublisher(
-                session, repositorySystem, releasesRepository, snapshotsRepository, ArtifactStoreRequirements.NONE);
+                session,
+                repositorySystem,
+                releasesRepository,
+                snapshotsRepository,
+                ArtifactStoreRequirements.NONE,
+                followAuthRedirection);
     }
 }