Task #2635
closedDetermine which fields are mutable on each resource.
Added by jortel@redhat.com over 7 years ago. Updated over 5 years ago.
0%
Description
Determine which fields are mutable on each resource in pulpcore. This will affect which fields a user can update using the REST API.
Related issues
Updated by mhrivnak over 7 years ago
This would be good for a team of 2-3 people to work together.
Updated by ttereshc almost 6 years ago
- Subject changed from Planning: determine which fields are mutable on each resource. to Determine which fields are mutable on each resource.
- Groomed changed from No to Yes
- Sprint Candidate changed from No to Yes
Updated by ttereshc almost 6 years ago
- Status changed from NEW to ASSIGNED
- Assignee set to ttereshc
- Sprint set to Sprint 47
Updated by ttereshc almost 6 years ago
Criteria¶
The field should be read_only if it's not supposed to be set or updated by users via any REST API calls.
When unsure, set field to read_only (we can make it writable later. Due to semver we can't do it the other way around).
UPD (from comment#9): If a field should be set by user but should remain immutable, this can be adjusted at the viewset level.
Ways for a field to be a read-only one¶
- a field can only be a read-only one
- any IdentityFields
- ManyToManyFields with Through model https://www.django-rest-framework.org/api-guide/relations/#manytomanyfields-with-a-through-model
- StringRelatedField
- nested serializers are read-only by default
- explicitly set on a serializer read_only=True
- editable=False or auto_now=True or auto_now=True or any AutoField on a model
- read_only_fields are specified in Meta class for a serializer
Updated by amacdona@redhat.com almost 6 years ago
Just to be complete, `read_only` is a little different from immutable. Some fields may need to be set, but only during creation time. For one case, ContentUnits are not read-only, but are immutable because their ViewSets do not have have the Update mixin. https://github.com/pulp/pulp/blob/cf30f2e9a77f7ad935184c5cbe58dfad788febc3/pulpcore/app/viewsets/content.py#L90-L93
Another hypothetical case (I don't know of any in our code base) is that some fields may need to be set at creation time, but other fields are update-able. If this is necessary, some custom update code can be created on the ViewSet and/or Serializer to enforce it.
The important takeaway from this comment is that we need to audit more than just the serializers. We need to also check the ViewSets to get the real picture for what is/isn't mutable.
Updated by ttereshc almost 6 years ago
Current state which looks good to me. Any concerns/thoughts are welcome.
All resources have the following read-only attributes:
- _ href
- _created
- _last_updated
Content¶
read-only:
- _type
read-write (can be set once, can't be updated - restricted in a viewset):
- _artifacts
Artifact¶
read-write:
- file
- size
- all checksums
ContentGuard¶
read-only:
- _type
read-write (as per serializer; create/update are not provided by pulpcore, should be done in plugins):
- name
- description
Repository¶
read-only:
- _versions_href
- _latest_version_href
read-write:
- name
- description
Remote¶
read-only:
- _type
read-write:
- name
- url
- validate
- ssl_validation
- proxy_url
- download_concurrency
- policy
write-only (aka not shown in API responses):
- ssl_ca_certificate
- ssl_client_certificate
- ssl_client_key
- username
- password
Publisher¶
read-only:
- _type
- distributions
read-write:
- name
Exporter¶
read-only:
- _type
- last_export
read-write:
- name
Distribution¶
read-only:
- last_export
- base_url
read-write:
- name
- base_path
- publisher
- content_guard
- publication
- repository
Publication¶
read-only:
- distributions
- repository_version
read-write:
- pass_through
- publisher
RepositoryVersion¶
read-only:
- number
- content_hrefs
- content_added_hrefs
- content_removed_hrefs
- content_summary
- content_added_summary
- content_removed_summary
read-write:
- base_version
write-only:
- add_content_units
- remove_content_units
Task/Worker¶
- no create/update are allowed
- all fields are read_only
User¶
read-write:
- username
write-only:
- password
Updated by ttereshc almost 6 years ago
- Related to Issue #4313: Username is mutable and can be updated/changed via REST API added
Updated by ttereshc almost 6 years ago
- Status changed from ASSIGNED to CLOSED - COMPLETE
As a result of this task:
- #4313 is created
- ContentGuard duplicated serializers/viewsets removed, publication related code is reorganized into a separate module https://github.com/pulp/pulp/pull/3823