RE: Error using HTTP Request

Mea culpa :)

Fixed!

Regards,
Michal

Even more.
I added directly Anonymous access to this feed.

Still error!

curl -v --header "X-ApiKey: <api key>" https://proget.<host>/endpoints/qual-t-raw/dir

......
Anonymous is not permitted to perform the Feeds_ViewFeed task for the current scope.

???????

@atripp

No typo!

curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" https://proget.<host>/endpoints/qual-t-raw/dir/
curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --data @feed.json https://proget.<host>/api/json/Feeds_GetFeed | jq

feed.json:
{"Feed_Name": "qualt-t-raw"}

The same request template. Different endpoint.

Cheers,
Michal

@atripp

This Log is mess!

I'm trying to list log for particular Key
/administration/api-keys/access-logs?apiKeyId=27

and list is.... I don't know from what!

This is list of all requests. Looks familiar?

Cheers,
Michal

Hi,

Developer gets 403 during package upload.

Permissions are OK.

Where can I find server side log for this event?

Regards,
Michal

Hi,

I'm trying to list asset folders content:
https://docs.inedo.com/docs/proget/api/assets/folders/list

curl -v --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --request GET https://proget.*****/endpoints/qual-t-raw/dir/audit-report

All requests ends with:

Anonymous is not permitted to perform the Feeds_ViewFeed task for the current scope.

If I use the same API Key to get feed properties:

curl --header "X-ApiKey: <api key>" --header "Content-Type: application/json" --request POST --data @feed.json https://proget.******/api/json/Feeds_GetFeed | jq

feed.json:
{"Feed_Name": "qualt-t-maven"}

{
  "FeedType": 22,
  "FeedConfiguration": {
    "HideFeedTips": 0,
    "HasRepackaged": false,
    "PackageStatisticsEnabled": true,
    "RestrictPackageStatistics": false,
    "LayoutConfig": null,
    "DeploymentRecordsEnabled": true,
    "UsageRecordsEnabled": true,
    "PromoteToFeedId": null,
    "HiddenUsageInstructionNames": null,
    "HiddenPackageInstallInstructionNames": null,
    "VulnerabilitiesEnabled": true,
    "LicensesEnabled": true,
    "UseWithProjects": true,
    "DisableReleaseAnalysis": false,
    "Migration23Skipped": null,
    "MigratedTo23": null,
    "RetentionRulesEnabled": false,
    "DeletionRecordRetentionPeriod": null
  },
  "Active_Indicator": true,
  "AllowNoncompliant_Indicator": null,
  "AllowUnassessedVulnerabilities_Indicator": null,
  "AllowUnknownLicenses_Indicator": true,
  "Cache_Connectors_Indicator": true,
  "DropPath_Text": null,
  "Feed_Description": null,
  "Feed_Id": 35,
  "Feed_Name": "qualt-t-maven",
  "FeedConfiguration_Xml": "<Inedo.ProGet.Feeds.Maven2.Maven2FeedConfig Assembly=\"ProGetCoreEx\"><Properties AllowNonStandardFiles=\"True\" AllowInvalidVersions=\"True\" HideFeedTips=\"0\" HasRepackaged=\"False\" PackageStatisticsEnabled=\"True\" RestrictPackageStatistics=\"False\" DeploymentRecordsEnabled=\"True\" UsageRecordsEnabled=\"True\" VulnerabilitiesEnabled=\"True\" LicensesEnabled=\"True\" UseWithProjects=\"True\" DisableReleaseAnalysis=\"False\" RetentionRulesEnabled=\"False\" /></Inedo.ProGet.Feeds.Maven2.Maven2FeedConfig>",
  "FeedGroup_Id": 2,
  "FeedPathOverride_Text": null,
  "FeedState_Number": 45,
  "FeedType_Name": "Maven2",
  "LastPackageUpdate_Date": "2025-05-19T10:25:15.287Z",
  "LastPolicyUpdate_Date": "2025-05-29T22:49:57.29Z",
  "LastSync_Date": null,
  "PackageStoreConfiguration_Xml": null,
  "ReplicationConfiguration_Xml": null
}

pgutil response (the same api key)

pgutil assets list --feed=qualt-t-raw --path=audit-report
clients                                                     <DIR>

What's wrong?

Regards,
Michal

Hi,

How can I check which key is which?

In Access Log I can see only this:

Regards,
Michal

@dean-houston said in Pull Maven artifacts - invalid version:

Hi @michal-roszak_0767,

After looking into this further, I'm afraid we simply can't support this artifact/package at this time. I don't really see a good path for supporting this without adding significant complexity and risk of breaking proper artifacts / versions.

The problem is that this version breaks the basic rules that Maven repositories need to follow:

1. Artifact Names / Groups cannot start with a digit
2. Versions must start with a digit

These rules resolve the ambiguity of determining what /com/google/javascript/closure-compiler/v20250407 means. For example, is it:

• Files for version v20250407 of com.google.javascript.closure-compiler artifact?
• All versions of the com.google.javascript.closure-compiler.v20250407 artifact?

I'm not even sure how this was uploaded to Maven central. I have no idea why the developers ignored the warnings that Maven spat out for legal version numbers. This has been a specification for like 20 years. Heck, here's a discussion from like 2008 on how the "must start with a digit" rules needed clarification: https://cwiki.apache.org/confluence/display/MAVENOLD/Versioning

If you encounter other artifacts like this, maybe we can consider some kind of very limited exception, but until we figure something else out this artifact version is simply not supported in ProGet.

I can't imagine there are many other artifacts like this, but let us know if there are.

-- Dean

Next victim:
https://repo1.maven.org/maven2/org/springframework/data/spring-data-releasetrain/

Michal

@atripp

Can I make Feature Request regarding this topic?

Michal

@atripp

Yes. Something like that :)

My question is: Can Asset repository act like proxy to external RAW repository?
I don't see how to setup connector there.

Michal