Project

Profile

Help

Issue #6849

Pulp X509 Certguard - post certificate

Added by david.macneil@actual-experience.com 11 months ago. Updated 11 months ago.

Status:
CLOSED - WORKSFORME
Priority:
Normal
Assignee:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
CentOS 7
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
Sprint:
Quarter:

Description

This may be no more than a documentation issue but I'd like some clarification on it.

I'm attempting to use the pulp-certguard plugin (0.1.0rc4) to protect an rpm repository and following the documentation here:

https://github.com/pulp/pulp-certguard/blob/0.1.0rc4/docs/yum-howto.rst

Specifically the way provided to upload a certificate is:

http --form POST http://localhost:8000/pulp/api/v3/contentguards/certguard/x509/ name=boomi-ca ca_certificate@/var/lib/pulp-certs/easy-rsa/3/pki/ca.pem

I've tried to replicate this using:

http --form POST $AD/pulp/api/v3/contentguards/certguard/x509/ name=certguard-test ca_certificate@/home/centos/ca.pem
HTTP/1.1 400 Bad Request
Allow: GET, POST, HEAD, OPTIONS
Connection: close
Content-Length: 42
Content-Type: application/json
Date: Wed, 27 May 2020 19:27:41 GMT
Server: gunicorn/20.0.4
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN

{
    "ca_certificate": [
        "Not a valid string."
    ]
}

The relevant logs would seem to be:

May 27 19:27:41 ip-10-15-0-89.int.aws.actual-experience.com gunicorn[20055]: pulp: django.request:WARNING: Bad Request: /pulp/api/v3/contentguards/certguard/x509/
May 27 19:27:41 ip-10-15-0-89.int.aws.actual-experience.com gunicorn[20055]: 127.0.0.1 - admin [27/May/2020:19:27:41 +0000] "POST /pulp/api/v3/contentguards/certguard/x509/ HTTP/1.1" 400 42 "-" "HTTPie/0.9.4"

I've attached a test ca.pem file which was the one that was used in the above test. I am currently using the following versions:

  • pulp-certguard 0.1.0rc4
  • pulp-deb 2.3.0b1
  • pulp-file 0.3.0
  • pulp-rpm 3.3.2
  • pulpcore 3.3.1

I'm confident that this worked previously using the following package versions:

  • pulp-certguard (0.1.0rc3.dev0, /usr/local/lib/pulp/src/pulp-certguard)
  • pulp-deb (2.1.0b1.dev0, /usr/local/lib/pulp/src/pulp-deb)
  • pulp-file (0.1.1)
  • pulp-rpm (3.1.0)
  • pulpcore (3.1.1)
ca.pem (1.18 KB) ca.pem Certificate used for testing purposes david.macneil@actual-experience.com, 05/27/2020 09:31 PM

History

#1 Updated by bmbouter 11 months ago

I struggled with this same thing for a while when I was developing this. The issue is the --form encoding and the cert payload containing newlines in it.

That page you're reading from is out of date and needs to be updated :( That is probably the only page that is out of date currently https://pulp.plan.io/issues/6830

If you can use the usage docs instead, those are up to date: https://pulp-certguard.readthedocs.io/en/latest/usage.html#create-a-content-guard

So if I take your command and permute it, does this work?

http POST $AD/pulp/api/v3/contentguards/certguard/x509/ name=certguard-test ca_certificate@/home/centos/ca.pem

I think the --form being removed is the only problem.

#2 Updated by bmbouter 11 months ago

  • Status changed from NEW to CLOSED - WORKSFORME

I'm going to close this because I believe it's working. Please post a comment if we need to reopen due to this not working for you.

Thank you for filing.

Please register to edit this issue

Also available in: Atom PDF