Pulp

Background¶

The BaseRemote.ca_cert and BaseRemote.client_cert fields the current serializers tell the user "All new line characters must be escaped". You can see that here.

There are two issues with this:

1. It's not needed. For example pulp-certguard allows users to submit certs without modification, they are saved in the database, and openssl uses them correctly.

2. It's extra work for users.

Solution¶

1. Update the serializers to not have newlines escaped
2. Audit the handling of these fields throughout the code and remove any "unescaping" that is done
3. Add a .removal release note indicating this is a breaking change and users will need to re-save their ca_cert and client_cert fields
4. Audit client_key as well just for good measure
5. Add a test that sync's content where a ca_cert is required
6. Add a test that sync's content where a client_cert and client_key is required

How to add these tests?¶

These tests will use the Red Hat CDN and will use a test certificate and key registered to pulp-infra, along with the master ca_cert of the Red Hat CDN. The test certs will be stored as a Travis secret and made available to the tests via environment variables. If the test goes to run and the environment variables are not present the test should skip.