Mea culpa :)
Fixed!
Regards,
Michal
Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Even more.
I added directly Anonymous access to this feed.
Still error!
curl -v --header "X-ApiKey: <api key>" https://proget.<host>/endpoints/qual-t-raw/dir
......
Anonymous is not permitted to perform the Feeds_ViewFeed task for the current scope.
???????
No typo!
curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" https://proget.<host>/endpoints/qual-t-raw/dir/
curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --data @feed.json https://proget.<host>/api/json/Feeds_GetFeed | jq
feed.json:
{"Feed_Name": "qualt-t-raw"}
The same request template. Different endpoint.
Cheers,
Michal
This Log is mess!
I'm trying to list log for particular Key
/administration/api-keys/access-logs?apiKeyId=27
and list is.... I don't know from what!
This is list of all requests. Looks familiar?
Cheers,
Michal
Hi,
Developer gets 403 during package upload.
Permissions are OK.
Where can I find server side log for this event?
Regards,
Michal
Hi,
I'm trying to list asset folders content:
https://docs.inedo.com/docs/proget/api/assets/folders/list
curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --request GET https://proget.*****/endpoints/qual-t-raw/dir/audit-report
All requests ends with:
Anonymous is not permitted to perform the Feeds_ViewFeed task for the current scope.
If I use the same API Key to get feed properties:
curl --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --request POST --data @feed.json https://proget.******/api/json/Feeds_GetFeed | jq
feed.json:
{"Feed_Name": "qualt-t-maven"}
{
"FeedType": 22,
"FeedConfiguration": {
"HideFeedTips": 0,
"HasRepackaged": false,
"PackageStatisticsEnabled": true,
"RestrictPackageStatistics": false,
"LayoutConfig": null,
"DeploymentRecordsEnabled": true,
"UsageRecordsEnabled": true,
"PromoteToFeedId": null,
"HiddenUsageInstructionNames": null,
"HiddenPackageInstallInstructionNames": null,
"VulnerabilitiesEnabled": true,
"LicensesEnabled": true,
"UseWithProjects": true,
"DisableReleaseAnalysis": false,
"Migration23Skipped": null,
"MigratedTo23": null,
"RetentionRulesEnabled": false,
"DeletionRecordRetentionPeriod": null
},
"Active_Indicator": true,
"AllowNoncompliant_Indicator": null,
"AllowUnassessedVulnerabilities_Indicator": null,
"AllowUnknownLicenses_Indicator": true,
"Cache_Connectors_Indicator": true,
"DropPath_Text": null,
"Feed_Description": null,
"Feed_Id": 35,
"Feed_Name": "qualt-t-maven",
"FeedConfiguration_Xml": "<Inedo.ProGet.Feeds.Maven2.Maven2FeedConfig Assembly=\"ProGetCoreEx\"><Properties AllowNonStandardFiles=\"True\" AllowInvalidVersions=\"True\" HideFeedTips=\"0\" HasRepackaged=\"False\" PackageStatisticsEnabled=\"True\" RestrictPackageStatistics=\"False\" DeploymentRecordsEnabled=\"True\" UsageRecordsEnabled=\"True\" VulnerabilitiesEnabled=\"True\" LicensesEnabled=\"True\" UseWithProjects=\"True\" DisableReleaseAnalysis=\"False\" RetentionRulesEnabled=\"False\" /></Inedo.ProGet.Feeds.Maven2.Maven2FeedConfig>",
"FeedGroup_Id": 2,
"FeedPathOverride_Text": null,
"FeedState_Number": 45,
"FeedType_Name": "Maven2",
"LastPackageUpdate_Date": "2025-05-19T10:25:15.287Z",
"LastPolicyUpdate_Date": "2025-05-29T22:49:57.29Z",
"LastSync_Date": null,
"PackageStoreConfiguration_Xml": null,
"ReplicationConfiguration_Xml": null
}
pgutil response (the same api key)
pgutil assets list --feed=qualt-t-raw --path=audit-report
clients <DIR>
What's wrong?
Regards,
Michal
Hi,
How can I check which key is which?
In Access Log I can see only this:
Regards,
Michal
@dean-houston said in Pull Maven artifacts - invalid version:
After looking into this further, I'm afraid we simply can't support this artifact/package at this time. I don't really see a good path for supporting this without adding significant complexity and risk of breaking proper artifacts / versions.
The problem is that this version breaks the basic rules that Maven repositories need to follow:
- Artifact Names / Groups cannot start with a digit
- Versions must start with a digit
These rules resolve the ambiguity of determining what
/com/google/javascript/closure-compiler/v20250407
means. For example, is it:
- Files for version
v20250407
ofcom.google.javascript.closure-compiler
artifact?- All versions of the
com.google.javascript.closure-compiler.v20250407
artifact?I'm not even sure how this was uploaded to Maven central. I have no idea why the developers ignored the warnings that Maven spat out for legal version numbers. This has been a specification for like 20 years. Heck, here's a discussion from like 2008 on how the "must start with a digit" rules needed clarification: https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning
If you encounter other artifacts like this, maybe we can consider some kind of very limited exception, but until we figure something else out this artifact version is simply not supported in ProGet.
I can't imagine there are many other artifacts like this, but let us know if there are.
-- Dean
Next victim:
https://repo1.maven.org/maven2/org/springframework/data/spring-data-releasetrain/
Michal
Yes. Something like that :)
My question is: Can Asset repository act like proxy to external RAW repository?
I don't see how to setup connector there.
Michal