Enable anonymous access in Nexus configuration script (#4387)

* Enable anonymous access in Nexus configuration script

* Add role assignment for Storage Account Contributor in bootstrap script

* Enhance role assignment check in bootstrap script to verify both "Storage Blob Data Contributor" and "Storage Account Contributor" roles are assigned

* Refactor role assignment check to validate both "Storage Blob Data Contributor" and "Storage Account Contributor" roles

* Remove unused script source from bootstrap.sh

* Refactor role assignment check to use local variables for clarity

* Update CHANGELOG and add role assignment for Storage Account Contributor in bootstrap.sh

* Refactor role assignment check to use counts for validation and streamline script execution

* Refactor role assignment check to use non-empty value validation and enhance storage container creation with retry logic

* revert bootstrap

* CR changes

* Refactor role assignment check to verify access via storage container list

* Implement retry logic for role assignment checks in bootstrap script

* Refactor check_terraform_role_assignments function to simplify error handling and remove unnecessary output

* Enhance error message in check_terraform_role_assignments function to indicate retry mechanism on unexpected output

* Remove unnecessary echo statement from retry_with_backoff function in bootstrap script

* Add validation for required environment variables in bootstrap script

* Refactor bootstrap script to streamline Terraform initialization and backend configuration

* Add shellcheck disable comments for unbound variable warnings in bootstrap script

* Update terraform_wrapper invocation and add blank line for readability in bootstrap script

* Bump version to 0.12.7 in version.txt

* Refactor bootstrap script to move backend configuration inline and remove redundant function

* Remove redundant function call for writing bootstrap Terraform backend

* Update show_output.sh to use current directory and improve terraform_wrapper.sh usage documentation

* Remove TODO comments from Terraform command output in bootstrap script

* Bump version to 0.12.8 in version.txt

* Bump version to 0.12.7

* Bump version to 0.12.7 in version.txt

* Fix: simplify anonymous access configuration in Nexus repository script

* Refactor bootstrap script to inline backend configuration and improve error handling

* fix: update condition for Azure and ACR login to check for 'make bootstrap'

* fix: resolve CI issue with Azure login steps for branches containing 'bootstrap'

* refactor: move Terraform backend configuration to a dedicated section in bootstrap.sh

* fix: update role assignment to use Storage Blob Data Contributor in bootstrap.sh

* fix: refine role assignment query in bootstrap.sh to check only for Storage Blob Data Contributor

* fix: update role check in bootstrap.sh to return status instead of echoing

* fix: update comment for granting Storage Blob Data Contributor role in bootstrap.sh

* fix: update comment for granting Storage Blob Data Contributor permissions in bootstrap.sh

* fix: update Sonatype Nexus version and enhance repository configuration script with retry logic

* fix: downgrade Sonatype Nexus version from 3.3.5 to 3.3.3 in porter.yaml

* chore: update CHANGELOG.md to include enhancements and bug fixes for Nexus access and retry logic

* fix: remove VS Code extensions proxy configuration from Nexus setup script

* fix: update comment formatting in bootstrap.sh for clarity

* refactor: rename functions for clarity in configure_nexus_repos.sh

Author: ShakutaiGit

CHANGELOG.md

@@ -4,13 +4,15 @@
 
 ENHANCEMENTS:
 * Deny public access to TRE management storage account, and add private endpoint for TRE core [#4353](https://github.com/microsoft/AzureTRE/issues/4353)
+* Added anonymous access enablement for Nexus by default issue. [#4387](https://github.com/microsoft/AzureTRE/pull/4387)
 
 BUG FIXES:
 * Fix the management storage access error while executing `make show-core-output` command, and remove redundant error messages from `mgmtstorage_enable_public_access.sh` script ([#4404](https://github.com/microsoft/AzureTRE/issues/4404))
 * Fix retry loop in devcontainer action and override commands.sh [#4409](https://github.com/microsoft/AzureTRE/pull/4409)
 * Fix terraform output command by adding working directory parameterPR ([#4413](https://github.com/microsoft/AzureTRE/pull/4413))  [#4412](https://github.com/microsoft/AzureTRE/issues/4412)
 * Fix CI issue where branch names containing 'bootstrap' would incorrectly skip Azure login steps [#4416](https://github.com/microsoft/AzureTRE/issues/4416) ([#4417](https://github.com/microsoft/AzureTRE/pull/4417))
 * Fix 403 storage account error when creating a new TRE environment ([#4405](https://github.com/microsoft/AzureTRE/issues/4405)) in PR [#4406](https://github.com/microsoft/AzureTRE/pull/4406)
+* Bug Fix: Approaching Nexus when it wasn’t fully available is now handled via a retry with exponential backoff [#4387](https://github.com/microsoft/AzureTRE/pull/4387)
 
 ## 0.21.0
 

templates/shared_services/sonatype-nexus-vm/porter.yaml

@@ -1,7 +1,7 @@
 ---
 schemaVersion: 1.0.0
 name: tre-shared-service-sonatype-nexus
-version: 3.3.2
+version: 3.3.3
 description: "A Sonatype Nexus shared service"
 dockerfile: Dockerfile.tmpl
 registry: azuretre

templates/shared_services/sonatype-nexus-vm/scripts/configure_nexus_repos.sh

@@ -3,54 +3,97 @@ set -o pipefail
 set -o nounset
 # set -o xtrace
 
-if [ -z "$1" ]
-  then
-    echo 'Nexus password needs to be passed as argument'
+if [ -z "$1" ]; then
+  echo 'Nexus password needs to be passed as argument'
+  exit 1
 fi
 
-timeout=300
+retry_with_backoff() {
+  local func="$1"
+  shift
+  local sleep_time=10
+  local max_sleep=180
+
+  while [ "$sleep_time" -lt "$max_sleep" ]; do
+    if "$func" "$@"; then
+      return 0
+    fi
+    sleep "$sleep_time"
+    sleep_time=$((sleep_time * 2))
+  done
+  return 1
+}
+
+check_repos_config() {
+  [ -d "$(dirname "${BASH_SOURCE[0]}")/nexus_repos_config" ]
+}
+
 echo 'Checking for ./nexus_repos_config directory...'
-while [ ! -d "$(dirname "${BASH_SOURCE[0]}")"/nexus_repos_config ]; do
-  # Wait for ./nexus_repos_config with json config files to be copied into vm
-  if [ $timeout == 0 ]; then
-    echo 'ERROR - Timeout while waiting for nexus_repos_config directory'
+if ! retry_with_backoff check_repos_config; then
+  echo 'ERROR - Timeout while waiting for nexus_repos_config directory'
+  exit 1
+fi
+
+nexus_ready() {
+  curl -s http://localhost/service/rest/v1/status -k > /dev/null
+}
+
+echo 'Waiting for Nexus service to be fully available...'
+if ! retry_with_backoff nexus_ready; then
+  echo 'ERROR - Timeout while waiting for Nexus to be available'
+  exit 1
+fi
+
+echo "Getting current anonymous settings in Nexus..."
+current_anon_json=$(curl -iu admin:"$1" -X GET \
+  'http://localhost/service/rest/v1/security/anonymous' \
+  -H 'accept: application/json' \
+  -k -s)
+echo "Current anonymous settings: $current_anon_json"
+
+echo "Enabling anonymous access in Nexus..."
+anon_status_code=$(curl -iu admin:"$1" -X PUT \
+  'http://localhost/service/rest/v1/security/anonymous' \
+  -H 'accept: application/json' \
+  -H 'Content-Type: application/json' \
+  -d '{"enabled": true}' \
+  -k -s -w "%{http_code}" -o /dev/null)
+echo "Response received from Nexus for enabling anonymous access: $anon_status_code"
+if [ "$anon_status_code" -ne 200 ]; then
+    echo "ERROR - Failed to enable anonymous access."
     exit 1
-  fi
-  sleep 1
-  ((timeout--))
-done
+fi
 
+echo "Configuring Nexus repositories..."
 # Create proxy for each .json file
 for filename in "$(dirname "${BASH_SOURCE[0]}")"/nexus_repos_config/*.json; do
     echo "Found config file: $filename. Sending to Nexus..."
-    # Check if apt proxy
     base_type=$( jq .baseType "$filename" | sed 's/"//g')
     repo_type=$( jq .repoType "$filename" | sed 's/"//g')
-    repo_name=$(jq .name "$filename" | sed 's/"//g')
-    base_url=http://localhost/service/rest/v1/repositories/$base_type/$repo_type
+    repo_name=$( jq .name "$filename" | sed 's/"//g')
+    base_url="http://localhost/service/rest/v1/repositories/$base_type/$repo_type"
 
-    config_timeout=300
-    status_code=1
-    while [ "$status_code" != 201 ]; do
-      status_code=$(curl -iu admin:"$1" -XPOST \
-        "$base_url" \
+    configure_repo() {
+      local file="$1"
+      local url="$2"
+      local pass="$3"
+      local code
+      code=$(curl -iu admin:"$pass" -XPOST \
+        "$url" \
         -H 'accept: application/json' \
         -H 'Content-Type: application/json' \
-        -d @"$filename" \
+        -d @"$file" \
         -k -s -w "%{http_code}" -o /dev/null)
-      echo "Response received from Nexus: $status_code"
+      echo "Response received from Nexus: $code"
+      [ "$code" -eq 201 ]
+    }
 
-      if [ $config_timeout == 0 ]; then
-        echo "ERROR - Timeout while trying to configure $repo_name"
-        exit 1
-      elif [ "$status_code" != 201 ]; then
-        sleep 1
-        ((config_timeout--))
-      fi
-    done
+    if ! retry_with_backoff configure_repo "$filename" "$base_url" "$1"; then
+      echo "ERROR - Timeout while trying to configure $repo_name"
+      exit 1
+    fi
 done
 
-# Configure realms required for repo authentication
 echo 'Configuring realms...'
 status_code=$(curl -iu admin:"$1" -XPUT \
   'http://localhost/service/rest/v1/security/realms/active' \
@@ -59,13 +102,3 @@ status_code=$(curl -iu admin:"$1" -XPUT \
   -d @"$(dirname "${BASH_SOURCE[0]}")"/nexus_realms_config.json \
   -k -s -w "%{http_code}" -o /dev/null)
 echo "Response received from Nexus: $status_code"
-
-# Add a new section to handle the VS Code extensions configuration
-echo 'Configuring VS Code extensions proxy...'
-status_code=$(curl -iu admin:"$1" -XPOST \
-  'http://localhost/service/rest/v1/repositories/raw/proxy' \
-  -H 'accept: application/json' \
-  -H 'Content-Type: application/json' \
-  -d @"$(dirname "${BASH_SOURCE[0]}")"/nexus_repos_config/vscode_extensions_proxy_conf.json \
-  -k -s -w "%{http_code}" -o /dev/null)
-echo "Response received from Nexus: $status_code"