Actions
Issue #6402
closedsecret fields on Remote objects can cause mutation of data
Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Version:
Platform Release:
OS:
Triaged:
Yes
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Sprint 69
Quarter:
Description
When using the bindings, if you take the FileRemote object returned by the read() or create() method and pass it to the update() method, the client_cert field gets updated to a new value. This will be true for any SecretCharField.
(Pdb) file_remote {'ca_cert': None, 'client_cert': 'b3226466e6d9c43c7058f69e1ff41daaf688cd223c084faa3e28202813ecff28', 'client_key': None, 'download_concurrency': 20, 'name': 'bar25', 'policy': 'immediate', 'proxy_url': None, 'pulp_created': datetime.datetime(2020, 3, 25, 17, 9, 13, 631685, tzinfo=tzlocal()), 'pulp_href': '/pulp/api/v3/remotes/file/file/e42eea0d-e583-45ce-bdca-342169385cb2/', 'pulp_last_updated': datetime.datetime(2020, 3, 25, 17, 9, 13, 631703, tzinfo=tzlocal()), 'tls_validation': True, 'url': 'https://repos.fedorapeople.org/pulp/pulp/demo_repos/test_file_repo/PULP_MANIFEST'} (Pdb) fileremotes.update(file_remote.pulp_href, file_remote) {'task': '/pulp/api/v3/tasks/ec6a2bb6-4ce4-4a0e-ab1c-62d37aecfd27/'} (Pdb) file_updated_remote = fileremotes.read(file_remote.pulp_href) (Pdb) file_updated_remote {'ca_cert': None, 'client_cert': '7fc2a6b69d81c4581eac98454217b173a8b23256eefad0bb9eaabe199d8baae8', 'client_key': None, 'download_concurrency': 20, 'name': 'bar25', 'policy': 'immediate', 'proxy_url': None, 'pulp_created': datetime.datetime(2020, 3, 25, 17, 9, 13, 631685, tzinfo=tzlocal()), 'pulp_href': '/pulp/api/v3/remotes/file/file/e42eea0d-e583-45ce-bdca-342169385cb2/', 'pulp_last_updated': datetime.datetime(2020, 3, 25, 17, 10, 37, 747011, tzinfo=tzlocal()), 'tls_validation': True, 'url': 'https://repos.fedorapeople.org/pulp/pulp/demo_repos/test_file_repo/PULP_MANIFEST'}
Actions
Ignores secret fields if the incoming value is the sha256 checksum of current value
fixes: #6402 https://pulp.plan.io/issues/6402