Project

Profile

Help

Task #2635

Determine which fields are mutable on each resource.

Added by jortel@redhat.com over 2 years ago. Updated 6 months ago.

Status:
CLOSED - COMPLETE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

0%

Platform Release:
Blocks Release:
Backwards Incompatible:
No
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
QA Contact:
Complexity:
Smash Test:
Verified:
No
Verification Required:
No
Sprint:
Sprint 47

Description

Determine which fields are mutable on each resource in pulpcore. This will affect which fields a user can update using the REST API.


Checklist


Related issues

Related to Pulp - Issue #4313: Username is mutable and can be updated/changed via REST API MODIFIED Actions

History

#1 Updated by mhrivnak over 2 years ago

This would be good for a team of 2-3 people to work together.

#2 Updated by amacdona@redhat.com 11 months ago

  • Tags Pulp 3 RC Blocker added

#3 Updated by ttereshc 10 months ago

  • Description updated (diff)

#4 Updated by ttereshc 10 months ago

  • Checklist item deleted (Divide and conquer)
  • Checklist item Audit current models in pulpcore and pulpcore-plugin added
  • Checklist item Adjust mutability upon reaching the agreement added
  • Subject changed from Planning: determine which fields are mutable on each resource. to Determine which fields are mutable on each resource.
  • Groomed changed from No to Yes
  • Sprint Candidate changed from No to Yes

#5 Updated by ttereshc 10 months ago

#6 Updated by ttereshc 9 months ago

  • Status changed from NEW to ASSIGNED
  • Assignee set to ttereshc
  • Sprint set to Sprint 47

#7 Updated by ttereshc 9 months ago

  • Checklist item changed from Audit current models in pulpcore and pulpcore-plugin to Audit current serializers in pulpcore
  • Description updated (diff)

#8 Updated by ttereshc 9 months ago

Criteria

The field should be read_only if it's not supposed to be set or updated by users via any REST API calls.
When unsure, set field to read_only (we can make it writable later. Due to semver we can't do it the other way around).
UPD (from comment#9): If a field should be set by user but should remain immutable, this can be adjusted at the viewset level.

Ways for a field to be a read-only one

  • nested serializers are read-only by default
  • explicitly set on a serializer read_only=True
  • editable=False or auto_now=True or auto_now=True or any AutoField on a model
  • read_only_fields are specified in Meta class for a serializer

#9 Updated by amacdona@redhat.com 9 months ago

Just to be complete, `read_only` is a little different from immutable. Some fields may need to be set, but only during creation time. For one case, ContentUnits are not read-only, but are immutable because their ViewSets do not have have the Update mixin. https://github.com/pulp/pulp/blob/cf30f2e9a77f7ad935184c5cbe58dfad788febc3/pulpcore/app/viewsets/content.py#L90-L93

Another hypothetical case (I don't know of any in our code base) is that some fields may need to be set at creation time, but other fields are update-able. If this is necessary, some custom update code can be created on the ViewSet and/or Serializer to enforce it.

The important takeaway from this comment is that we need to audit more than just the serializers. We need to also check the ViewSets to get the real picture for what is/isn't mutable.

#10 Updated by ttereshc 9 months ago

  • Checklist item Audit current viewsets in pulpcore added

#11 Updated by ttereshc 9 months ago

Current state which looks good to me. Any concerns/thoughts are welcome.

All resources have the following read-only attributes:

  • _ href
  • _created
  • _last_updated

Content

read-only:

  • _type

read-write (can be set once, can't be updated - restricted in a viewset):

  • _artifacts

Artifact

read-write:

  • file
  • size
  • all checksums

ContentGuard

read-only:

  • _type

read-write (as per serializer; create/update are not provided by pulpcore, should be done in plugins):

  • name
  • description

Repository

read-only:

  • _versions_href
  • _latest_version_href

read-write:

  • name
  • description

Remote

read-only:

  • _type

read-write:

  • name
  • url
  • validate
  • ssl_validation
  • proxy_url
  • download_concurrency
  • policy

write-only (aka not shown in API responses):

  • ssl_ca_certificate
  • ssl_client_certificate
  • ssl_client_key
  • username
  • password

Publisher

read-only:

  • _type
  • distributions

read-write:

  • name

Exporter

read-only:

  • _type
  • last_export

read-write:

  • name

Distribution

read-only:

  • last_export
  • base_url

read-write:

  • name
  • base_path
  • publisher
  • content_guard
  • publication
  • repository

Publication

read-only:

  • distributions
  • repository_version

read-write:

  • pass_through
  • publisher

RepositoryVersion

read-only:

  • number
  • content_hrefs
  • content_added_hrefs
  • content_removed_hrefs
  • content_summary
  • content_added_summary
  • content_removed_summary

read-write:

  • base_version

write-only:

  • add_content_units
  • remove_content_units

Task/Worker

  • no create/update are allowed
  • all fields are read_only

User

read-write:

  • username

write-only:

  • password

#12 Updated by ttereshc 9 months ago

  • Checklist item Document criteria for determining which fields should be mutable set to Done
  • Checklist item Share that criteria and get feedback from the team set to Done
  • Checklist item Audit current serializers in pulpcore set to Done
  • Checklist item Adjust mutability upon reaching the agreement set to Done
  • Checklist item Audit current viewsets in pulpcore set to Done

#13 Updated by ttereshc 9 months ago

  • Related to Issue #4313: Username is mutable and can be updated/changed via REST API added

#14 Updated by ttereshc 9 months ago

  • Status changed from ASSIGNED to CLOSED - COMPLETE

As a result of this task:
- #4313 is created
- ContentGuard duplicated serializers/viewsets removed, publication related code is reorganized into a separate module https://github.com/pulp/pulp/pull/3823

#15 Updated by daviddavis 6 months ago

  • Sprint/Milestone set to 3.0

#16 Updated by bmbouter 6 months ago

  • Tags deleted (Pulp 3, Pulp 3 RC Blocker)

Please register to edit this issue

Also available in: Atom PDF