Affects Version/s: 6.7.0, 6.12.2, 6.13.1
Fix Version/s: None
The second build promotion is failing for Pypi (local) repositories for a non-admin user who does not have delete/overwrite permissions for the repositories, even though the published artifacts names are different.
Step 1: Create two Pypi local repositories named pypi-local and pypi-release
Step 2: Assign Read, annotate, deploy and delete permissions to pypi-local repository for a user.
Step 3: Assign Read, annotate, deploy permissions to pypi-release repository for a user and configure JFrog CLI with the user.
Step 4: Uploaded the package pokemonscli-1.0.2.tar.gz with build number 1 to pypi-local repository
jfrog rt bce pokemon 1
jfrog rt upload --build-name pokemon --build-number 1 pokemonscli-1.0.2.tar.gz pypi-local/pokemon/
Step 5: Published the build info for package pokemonscli-1.0.2.tar.gz with build number 1
jfrog rt build-publish pokemon 1
Step 6: Promoted the package from pypi-local to pypi-release repository. Build Promoted successfully*(build number 1)*.
jfrog rt build-promote pokemon 1 pypi-release
Step 7: Uploaded the package pokemonscli-1.0.3.tar.gz to local repository with build number 2 to pypi-local repository.
jfrog rt bce pokemon 2
jfrog rt upload --build-name pokemon --build-number 2 pokemonscli-1.0.3.tar.gz pypi-local/pokemon/
Step 8: Published the build info for package pokemonscli-1.0.3.tar.gz with build number 2.
jfrog rt build-publish pokemon 2
Step 9: Tried Promoting the package from pypi-local to pypi-release repository with build number 2.
jfrog rt build-promote pokemon 2 pypi-release
Build promotion failed with “User doesn't have permissions to override 'pypi-release:proj1'. Needs delete permissions.”
Error Snippet from Artifactory:
2019-10-09 09:57:39,006 [http-nio-8081-exec-10] [ERROR] (o.a.r.s.m.BaseRepoPathMover:457) - User doesn't have permissions to override 'pypi-release:proj'. Needs delete permissions.
2019-10-09 09:57:39,031 [http-nio-8081-exec-10] [INFO ] (o.a.b.BuildPromotionHelper:214) - Skipping promotion status update: item promotion was completed with errors and warnings.
Step 10: Tried to Upload, Publish and Promote different packages mentioned below
cran-0.1.14.tar.gz - build number 3
cran-0.1.13.tar.gz - build number 4
fastcluster-1.1.25.tar.gz - build number 5
fastcluster-1.1.24.tar.gz - build number 6
All the build promotions are successful (build number 3,4,5,6)
Step 11: Take the same package pokemonscli-1.0.3.tar.gz which was tried to promote with build number 2 and upload it with a different build number 7
Step 12: Publish the build info for pokemonscli-1.0.3.tar.gz with build number 7.
Step 13: Tried Promoting the package from pypi-local to pypi-release repository with build number 7. Build promotion failed with
“User doesn't have permissions to override 'pypi-release:proj1'. Needs delete permissions.”
Step 14: Not able to Promote the package pokemonscli-1.0.3.tar.gz even with different build number (As mentioned in step 13).
Step 15: Could observe that only the second build promotion is failing for a non-admin user who does not have permissions to delete/overwrite in the pypi-release repository.
Step 16: Observed the same behaviour with older artifactory versions.