Network maintenance. Planio will be observing two scheduled maintenance windows this Tuesday, March 2 and Wednesday, March 3 from 02:00 UTC until 06:00 UTC each in order to perform maintenance on access routers in our primary datacenter. Your account might observe short downtimes during these periods up to several minutes at a time.
Issue #6402
secret fields on Remote objects can cause mutation of data
Description
When using the bindings, if you take the FileRemote object returned by the read() or create() method and pass it to the update() method, the client_cert field gets updated to a new value. This will be true for any SecretCharField.
(Pdb) file_remote {'ca_cert': None, 'client_cert': 'b3226466e6d9c43c7058f69e1ff41daaf688cd223c084faa3e28202813ecff28', 'client_key': None, 'download_concurrency': 20, 'name': 'bar25', 'policy': 'immediate', 'proxy_url': None, 'pulp_created': datetime.datetime(2020, 3, 25, 17, 9, 13, 631685, tzinfo=tzlocal()), 'pulp_href': '/pulp/api/v3/remotes/file/file/e42eea0d-e583-45ce-bdca-342169385cb2/', 'pulp_last_updated': datetime.datetime(2020, 3, 25, 17, 9, 13, 631703, tzinfo=tzlocal()), 'tls_validation': True, 'url': 'https://repos.fedorapeople.org/pulp/pulp/demo_repos/test_file_repo/PULP_MANIFEST'} (Pdb) fileremotes.update(file_remote.pulp_href, file_remote) {'task': '/pulp/api/v3/tasks/ec6a2bb6-4ce4-4a0e-ab1c-62d37aecfd27/'} (Pdb) file_updated_remote = fileremotes.read(file_remote.pulp_href) (Pdb) file_updated_remote {'ca_cert': None, 'client_cert': '7fc2a6b69d81c4581eac98454217b173a8b23256eefad0bb9eaabe199d8baae8', 'client_key': None, 'download_concurrency': 20, 'name': 'bar25', 'policy': 'immediate', 'proxy_url': None, 'pulp_created': datetime.datetime(2020, 3, 25, 17, 9, 13, 631685, tzinfo=tzlocal()), 'pulp_href': '/pulp/api/v3/remotes/file/file/e42eea0d-e583-45ce-bdca-342169385cb2/', 'pulp_last_updated': datetime.datetime(2020, 3, 25, 17, 10, 37, 747011, tzinfo=tzlocal()), 'tls_validation': True, 'url': 'https://repos.fedorapeople.org/pulp/pulp/demo_repos/test_file_repo/PULP_MANIFEST'}
Associated revisions
Revision a7da2e1d
View on GitHub
Ignores secret fields if the incoming value is the sha256 checksum of current value
fixes: #6402 https://pulp.plan.io/issues/6402 (cherry picked from commit e22b3725c6ac51e5ef29a107b2012459c36d6dab)
History
#2
Updated by dkliban@redhat.com 11 months ago
- Status changed from POST to MODIFIED
Applied in changeset pulpcore|e22b3725c6ac51e5ef29a107b2012459c36d6dab.
#3
Updated by dkliban@redhat.com 11 months ago
Applied in changeset pulpcore|a7da2e1d3a7997e79c8d0eeb535eb8efefd172b5.
Please register to edit this issue
Ignores secret fields if the incoming value is the sha256 checksum of current value
fixes: #6402 https://pulp.plan.io/issues/6402