As a user Galaxy V3 user, I can submit expected_namespace, expected_name, expected_version and if the metadata doesn't match it fails
There is a use case where the user is Galaxy and submitting data it received from a user it does not trust. The problem is that the actual metadata isn't known until the tarball is extracted, but by then regardless of what it is, it's imported and live.
Have the Galaxy v3/artifacts/collections/ endpoint take 3 optional arguments: 'expected_namespace', 'expected_name', 'expected_version'. If set, validate that the uploaded Collection is asserting these values.
If they do not match, fail the import task and delete the Artifact since it was not appropriate to be saved.
Add CollectionImport log handler and Validation
Add add_log_message() facility to the CollectionImport model. This is
called by the log handler which is auto-configured by pulp_ansible with
The logger is 'pulp_ansible.app.tasks.collection.import_collection'.
Add validation feature to CollectionImport where the
`expected_namespace`, `expected_name`, and `expected_version` are
specified. When used the import will fail if the tarball does not
contain the same values. These are optional parameters and only
available in the Galaxy V3 API currently.
#1 Updated by bmbouter about 1 month ago
- Subject changed from As a user Galaxy V3 user, I can submit expected_namespace, expected_name, expected_version and if the metadata doisn't match it fails to As a user Galaxy V3 user, I can submit expected_namespace, expected_name, expected_version and if the metadata doesn't match it fails
- Description updated (diff)
#4 Updated by bmbouter about 1 month ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulp_ansible|b2342c0412116c2a120f27e9d16ab70853f12c28.
Please register to edit this issue