Pulp: Issueshttps://pulp.plan.io/https://pulp.plan.io/favicon.ico2022-01-12T15:43:50ZPulp
Planio Pulp - Backport #9668 (CLOSED - CURRENTRELEASE): Backport #9665: Make the `adjust_roles` function...https://pulp.plan.io/issues/96682022-01-12T15:43:50Zdkliban@redhat.com
<p>While migrating to the Roles backend I find I need to access <code>adjust_roles</code> [1] and CI throws an error when accessing it via <code>from pulpcore.app.apps import adjust_roles</code> [2].</p>
<p>[1] <a href="https://github.com/pulp/pulpcore/blob/main/pulpcore/app/apps.py#L269" class="external">https://github.com/pulp/pulpcore/blob/main/pulpcore/app/apps.py#L269</a>
[2] <a href="https://github.com/ansible/galaxy_ng/runs/4731797454?check_suite_focus=true" class="external">https://github.com/ansible/galaxy_ng/runs/4731797454?check_suite_focus=true</a></p> Pulp - Backport #9664 (CLOSED - CURRENTRELEASE): Backport #9660 "django update broke pulpimport f...https://pulp.plan.io/issues/96642022-01-06T17:54:23Zttereshcttereshc@redhat.com
<p>Django addressed a security issue involving filepaths in a way that broke how pulpimport was using Storage:</p>
<p>In 3.14, the following failure in <code>pulp_rpm.tests.functional.api.test_pulpimport.ParallelImportTestCase testMethod=test_clean_import</code> :</p>
<pre><code class="text syntaxhl" data-language="text">E pulp_smash.pulp3.bindings.PulpTaskError: (PulpTaskError(...), "Pulp task failed (Detected path traversal attempt in '/var/lib/pulp/media/artifact/d4/89a5ea552e5ea595976e39f891fe249e95d8eb40cbd7f50a46c0126a7072ab')")
</code></pre>
<p>Against core/main, the same test hangs.</p>
<p>The problem is that core/import builds a full-path to send to Storage.save(), which used to "work" but is now Not Allowed (for perfectly good security-reasons)</p>
<p>See <a href="https://github.com/pulp/pulpcore/blob/main/pulpcore/app/tasks/importer.py#L396" class="external">https://github.com/pulp/pulpcore/blob/main/pulpcore/app/tasks/importer.py#L396</a></p> Pulp - Backport #9663 (CLOSED - CURRENTRELEASE): Backport #9660 "django update broke pulpimport f...https://pulp.plan.io/issues/96632022-01-06T17:53:12Zttereshcttereshc@redhat.com
<p>Django addressed a security issue involving filepaths in a way that broke how pulpimport was using Storage:</p>
<p>In 3.14, the following failure in <code>pulp_rpm.tests.functional.api.test_pulpimport.ParallelImportTestCase testMethod=test_clean_import</code> :</p>
<pre><code class="text syntaxhl" data-language="text">E pulp_smash.pulp3.bindings.PulpTaskError: (PulpTaskError(...), "Pulp task failed (Detected path traversal attempt in '/var/lib/pulp/media/artifact/d4/89a5ea552e5ea595976e39f891fe249e95d8eb40cbd7f50a46c0126a7072ab')")
</code></pre>
<p>Against core/main, the same test hangs.</p>
<p>The problem is that core/import builds a full-path to send to Storage.save(), which used to "work" but is now Not Allowed (for perfectly good security-reasons)</p>
<p>See <a href="https://github.com/pulp/pulpcore/blob/main/pulpcore/app/tasks/importer.py#L396" class="external">https://github.com/pulp/pulpcore/blob/main/pulpcore/app/tasks/importer.py#L396</a></p> Pulp - Backport #9662 (CLOSED - CURRENTRELEASE): Backport #9660 "django update broke pulpimport f...https://pulp.plan.io/issues/96622022-01-06T17:46:06Zttereshcttereshc@redhat.com
<p>Django addressed a security issue involving filepaths in a way that broke how pulpimport was using Storage:</p>
<p>In 3.14, the following failure in <code>pulp_rpm.tests.functional.api.test_pulpimport.ParallelImportTestCase testMethod=test_clean_import</code> :</p>
<pre><code class="text syntaxhl" data-language="text">E pulp_smash.pulp3.bindings.PulpTaskError: (PulpTaskError(...), "Pulp task failed (Detected path traversal attempt in '/var/lib/pulp/media/artifact/d4/89a5ea552e5ea595976e39f891fe249e95d8eb40cbd7f50a46c0126a7072ab')")
</code></pre>
<p>Against core/main, the same test hangs.</p>
<p>The problem is that core/import builds a full-path to send to Storage.save(), which used to "work" but is now Not Allowed (for perfectly good security-reasons)</p>
<p>See <a href="https://github.com/pulp/pulpcore/blob/main/pulpcore/app/tasks/importer.py#L396" class="external">https://github.com/pulp/pulpcore/blob/main/pulpcore/app/tasks/importer.py#L396</a></p> RPM Support - Backport #9650 (CLOSED - CURRENTRELEASE): Backport #9636 'FileNotFoundError: [Errno...https://pulp.plan.io/issues/96502021-12-20T16:06:20Zttereshcttereshc@redhat.com
<p>Pulp expects custom metadata files to have a specific format for filenames: -.</p>
<p>During pulp-2to3-migration, users get <code>FileNotFoundError: [Errno 2] No such file or directory: ' '</code> because the filename is only a checksum :/, which we remove to determine the filename, so the path we detect becomes an empty string.</p>
<pre><code>Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/migration.py", line 478, in migrate_repo_distributor
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: pulp2dist, repo_version)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/plugin/rpm/repository.py", line 91, in migrate_to_pulp3
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: publish(repo_version.pk, checksum_types=checksum_types, sqlite_metadata=sqlite)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py", line 344, in publish
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: publication_data.populate()
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py", line 253, in populate
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: self.repomdrecords = self.prepare_metadata_files(main_content)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py", line 99, in prepare_metadata_files
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: with open(path, "wb") as new_file:
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: FileNotFoundError: [Errno 2] No such file or directory: ''
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: pulp: rq.worker:INFO: 27738@1002a1103081001.xxx.com: c0d58c5a-9ff1-4d40-bbb3-9c24fdf0fdb4
Nov 22 21:31:34 1002a1103081001 pulpcore-resource-manager: pulp: rq.worker:INFO: resource-manager: 43f43c1a-d09e-46bd-99fe-73b6e2ee397c
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-3: pulp: rq.worker:INFO: 27740@1002a1103081001.xxx.com: Job OK (b25f3fa2-401c-425c-92eb-b49a61415617)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-2: pulp: pulp_rpm.app.tasks.publishing:INFO: Publishing: repository=XXX-Red_Hat_Ansible_Engine_2_7_RPMs_for_Red_Hat_Enterprise_Linux_7_Server_x86_64, version=1
</code></pre> RPM Support - Backport #9649 (CLOSED - CURRENTRELEASE): Backport #9636 'FileNotFoundError: [Errno...https://pulp.plan.io/issues/96492021-12-20T16:02:46Zttereshcttereshc@redhat.com
<p>Pulp expects custom metadata files to have a specific format for filenames: -.</p>
<p>During pulp-2to3-migration, users get <code>FileNotFoundError: [Errno 2] No such file or directory: ' '</code> because the filename is only a checksum :/, which we remove to determine the filename, so the path we detect becomes an empty string.</p>
<pre><code>Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/migration.py", line 478, in migrate_repo_distributor
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: pulp2dist, repo_version)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/plugin/rpm/repository.py", line 91, in migrate_to_pulp3
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: publish(repo_version.pk, checksum_types=checksum_types, sqlite_metadata=sqlite)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py", line 344, in publish
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: publication_data.populate()
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py", line 253, in populate
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: self.repomdrecords = self.prepare_metadata_files(main_content)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: File "/usr/lib/python3.6/site-packages/pulp_rpm/app/tasks/publishing.py", line 99, in prepare_metadata_files
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: with open(path, "wb") as new_file:
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: FileNotFoundError: [Errno 2] No such file or directory: ''
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-1: pulp: rq.worker:INFO: 27738@1002a1103081001.xxx.com: c0d58c5a-9ff1-4d40-bbb3-9c24fdf0fdb4
Nov 22 21:31:34 1002a1103081001 pulpcore-resource-manager: pulp: rq.worker:INFO: resource-manager: 43f43c1a-d09e-46bd-99fe-73b6e2ee397c
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-3: pulp: rq.worker:INFO: 27740@1002a1103081001.xxx.com: Job OK (b25f3fa2-401c-425c-92eb-b49a61415617)
Nov 22 21:31:34 1002a1103081001 pulpcore-worker-2: pulp: pulp_rpm.app.tasks.publishing:INFO: Publishing: repository=XXX-Red_Hat_Ansible_Engine_2_7_RPMs_for_Red_Hat_Enterprise_Linux_7_Server_x86_64, version=1
</code></pre> RPM Support - Issue #9627 (MODIFIED): publish fails on MD5-checksummed repos, on FIPShttps://pulp.plan.io/issues/96272021-12-09T18:59:35Zggainey
<p>See associated BZ for details, reproducer</p> RPM Support - Test #9622 (MODIFIED): Add a repo signed using 'sha' as alias for 'sha1'https://pulp.plan.io/issues/96222021-12-08T19:00:00Zggainey
<p>'sha' support exists in the wild, is the same as 'sha1', and has broken us several times now, Let's make it possible to write tests for it.</p> Pulp - Story #9621 (CLOSED - CURRENTRELEASE): As a user I can pass environment variables to the s...https://pulp.plan.io/issues/96212021-12-08T18:14:33Zipanova@redhat.comipanova@redhat.comContainer Support - Task #9618 (CLOSED - CURRENTRELEASE): Adjust code to work wiht recent group p...https://pulp.plan.io/issues/96182021-12-08T16:34:14ZmdellwegMigration Plugin - Backport #9612 (MODIFIED): Backport #8968 "'NoneType' object has no attribute ...https://pulp.plan.io/issues/96122021-12-07T18:13:47Zttereshcttereshc@redhat.com
<p>Backtrace:</p>
<pre>
"error"=>
{"traceback"=>
" File \"/usr/lib/python3.6/site-packages/rq/worker.py\", line 936, in perform_job\n" +
" rv = job.perform()\n" +
" File \"/usr/lib/python3.6/site-packages/rq/job.py\", line 684, in perform\n" +
" self._result = self._execute()\n" +
" File \"/usr/lib/python3.6/site-packages/rq/job.py\", line 690, in _execute\n" +
" return self.func(*self.args, **self.kwargs)\n" +
" File \"/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/tasks/migrate.py\", line 76, in migrate_from_pulp2\n" +
" pre_migrate_all_without_content(plan)\n" +
" File \"/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/pre_migration.py\", line 493, in pre_migrate_all_without_content\n" +
" pre_migrate_importer(repo_id, importer_types)\n" +
" File \"/usr/lib/python3.6/site-packages/pulp_2to3_migration/app/pre_migration.py\", line 601, in pre_migrate_importer\n" +
" importer.pulp3_remote.delete()\n",
"description"=>"'NoneType' object has no attribute 'delete'"},
"worker"=>"/pulp/api/v3/workers/fc6ba1d6-ddc6-494d-9385-2368544a09ef/",
</pre>
<p>This happened on Katello 3.18.3 which uses:</p>
<pre>
pulp-2to3-migration (0.11.1)
pulp-certguard (1.0.3)
pulp-container (2.1.2)
pulp-deb (2.7.0)
pulp-file (1.3.0)
pulp-rpm (3.10.0)
pulpcore (3.7.6)
</pre> Pulp - Story #9606 (CLOSED - CURRENTRELEASE): As a user who manages permissions, I can reset an a...https://pulp.plan.io/issues/96062021-12-06T15:40:13Zbmbouterbmbouter@redhat.com
<a name="Motivation"></a>
<h2 >Motivation<a href="#Motivation" class="wiki-anchor">¶</a></h2>
<p>Users can modify access policies, but sometimes they may want to reset it back to the shipped default.</p>
<a name="Design"></a>
<h2 >Design<a href="#Design" class="wiki-anchor">¶</a></h2>
<p>The detail view of an AccessPolicy should have a <code><path_to_AccessPolicy_instance>/reset/</code> endpoint that accepts a POST. Upon posting it should:</p>
<ol>
<li>Restore the default access policy</li>
<li>Ensure that the customized flag is false</li>
</ol> Pulp - Task #9604 (CLOSED - CURRENTRELEASE): As a developer, I can easily add add/remove/list Rol...https://pulp.plan.io/issues/96042021-12-03T17:33:08Zbmbouterbmbouter@redhat.com
<a name="Problem"></a>
<h2 >Problem<a href="#Problem" class="wiki-anchor">¶</a></h2>
<p>Now that pulpcore knows about Roles, and users can define their own, we need to allow users to manage the role assignments to specific objects and "model level" permissions.</p>
<a name="Design"></a>
<h2 >Design<a href="#Design" class="wiki-anchor">¶</a></h2>
<p>Create the following API calls that would be nested under any given viewset, e.g. TaskViewset.</p>
<ul>
<li>
<p><code> add_role</code> - If on a detail view, add the role the user specifies to the group or groups and/or user or users the user specifies to the specific object. If not on a detail view, add the role the user specifies to the group or gorups and/or user or users the user specifies as a model level role. The role is required. At least one group or user must be specified. If the Role does not have a permission applicable to this object type an error is expected.</p>
</li>
<li>
<p><code>remove_role</code> - If on a detail view, remove the role the user specifies from the group or groups and/or user or users the user specifies to the specific object. If not on a detail view, remove the role the user specifies from the group or gorups and/or user or users the user specifies as a model level role. The role is required. At least one group or user must be specified. If the Role does not have a permission applicable to this object type an error is expected. If no users or groups had that role no error is expected.</p>
</li>
<li>
<p><code>list_roles</code> - List the roles that could have at least one permission that is meaningful for this object type.</p>
</li>
<li>
<p><code>my_permissions</code> - If on a detail view, lists the effective object-level permissions a user has through both direct and group-based membership. If not on a detail view, lists the effective model level permissions a user has through both direct and group-based membership.</p>
</li>
</ul>
<p>Create a <code>RoleMixin</code> that allows developers to add ^ endpoint to any Viewset easily.</p>
<a name="Authorization-details"></a>
<h2 >Authorization details<a href="#Authorization-details" class="wiki-anchor">¶</a></h2>
<ul>
<li>
<p>The developer is expected to define a new "manage permissions" permission that is specific to that object type. For example, <code>core.manage_roles_task</code> would be a reasonable name for managing the permissions of a <code>Task</code>.</p>
</li>
<li>
<p>The developer needs to add to their access policy the specific calls to use that new permission to authorize only users who have these calls to make the calls to <code>list_roles</code>, <code>add_roles</code>, and <code>remove_role</code>. For example for <code>core.manage_roles_task</code> that would look like:</p>
</li>
</ul>
<pre><code> {
"action": ["list_roles", "add_role", "remove_role"],
"principal": "authenticated",
"effect": "allow",
"condition": "has_model_or_obj_perms:core.manage_roles_task",
},
</code></pre>
<p>It is expected the drf-access-policy would allow any authenticated user to list <code>my_permissions</code>.</p> Pulp - Issue #9590 (MODIFIED): Pulp CI badges are no longer validhttps://pulp.plan.io/issues/95902021-11-30T15:50:22Zlmjachky
<p>Current Pulp CI status badges are no longer valid after merging the commit <a href="https://github.com/pulp/pulpcore/commit/dae72fa404de50b347d877c89c1a269937ab27b0#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fL13-L15" class="external">https://github.com/pulp/pulpcore/commit/dae72fa404de50b347d877c89c1a269937ab27b0#diff-b803fcb7f17ed9235f1e5cb1fcd2f5d3b2838429d4368ae4c57ce4436577f03fL13-L15</a> (we did not want to run the CI pipeline once again after merging changes).</p>
<p>Removing status badges from all repositories should be sufficient to resolve the problem. Having only Pulp Nightly CI/CD badges available is good enough (<a href="https://github.com/pulp/pulp-ci" class="external">https://github.com/pulp/pulp-ci</a>).</p> Maven Plugin - Issue #8678 (MODIFIED): Provide 'view_name' warning when using the all in one cont...https://pulp.plan.io/issues/86782021-04-30T19:17:03Zgerrod
<p>A user from pulp-dev was worried about this warning message appearing after changing the admin password to the all in one container. Pretty sure it's harmless, but it can scare users thinking that their installation isn't correct.</p>
<p><code>pulpcore.app.serializers.base:WARNING: Please provide either 'view_name' or 'view_name_pattern' for DetailRelatedField on _call_with_frames_removed.</code></p>