Project

Profile

Help

Story #7487

closed

Story #3778: [Epic] As a user, I can run Pulp 3 in a FIPS-enabled environment

As a user, I'm prevented from changing ALLOWED_CONTENT_CHECKSUMS if I already have content in my DB

Added by bmbouter over 4 years ago. Updated about 4 years ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Sprint 83
Quarter:

Description

Background

Users should not change the ALLOWED_CONTENT_CHECKSUMS if they already have content in their DB.

Idea

Let's add a check at Pulp start time that causes them to not do that

Implementation

As suggested by @daviddavis, at the bottom of the pulpcore.app.settings, add another check that performs a select like SELECT * FROM artifacts WHERE a IS NULL or b IS NULL ... and if this returns any artifacts, raise an ImproperlyConfigured error.

Testing

Since we can't change settings during functional test runs, we cannot reasonably test for this.


Related issues

Related to Container Support - Issue #7774: `podman push` leads to missing checksums on the ArtifactsCLOSED - CURRENTRELEASEipanova@redhat.comActions
Actions #1

Updated by bmbouter over 4 years ago

  • Description updated (diff)
Actions #2

Updated by bmbouter over 4 years ago

  • Parent issue set to #3778
Actions #3

Updated by daviddavis over 4 years ago

  • Groomed changed from No to Yes
  • Sprint Candidate changed from No to Yes
  • Sprint set to Sprint 81
Actions #4

Updated by bmbouter over 4 years ago

  • Description updated (diff)

As @mdellweg correctly points out my implementation won't work well. Rewrote the story to use the suggestion from @daviddavis.

Actions #5

Updated by daviddavis over 4 years ago

  • Status changed from NEW to ASSIGNED
Actions #6

Updated by daviddavis over 4 years ago

  • Assignee set to daviddavis
Actions #7

Updated by bmbouter over 4 years ago

  • Sprint/Milestone set to 3.7.0
Actions #8

Updated by pulpbot over 4 years ago

  • Status changed from ASSIGNED to POST
Actions #9

Updated by rchan over 4 years ago

  • Sprint changed from Sprint 81 to Sprint 82
Actions #10

Updated by daviddavis about 4 years ago

  • Related to Task #7536: Add support for ALLOWED_CONTENT_CHECKSUMS added
Actions #11

Updated by daviddavis about 4 years ago

  • Related to deleted (Task #7536: Add support for ALLOWED_CONTENT_CHECKSUMS)

Added by daviddavis about 4 years ago

Revision 69ae7bc5 | View on GitHub

Added check for ALLOWED_CONTENT_CHECKSUMS that Artifacts are missing

fixes #7487

Actions #12

Updated by daviddavis about 4 years ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100
Actions #13

Updated by daviddavis about 4 years ago

  • Status changed from MODIFIED to ASSIGNED
  • Sprint/Milestone deleted (3.7.0)

This causes a bug in pclean where a database session gets created and thus the db cannot be dropped. Reverting and removing from 3.7:

https://github.com/pulp/pulpcore/pull/926

Actions #14

Updated by rchan about 4 years ago

  • Sprint changed from Sprint 82 to Sprint 83
Actions #15

Updated by pulpbot about 4 years ago

  • Status changed from ASSIGNED to POST

Added by daviddavis about 4 years ago

Revision 9a9a06f1 | View on GitHub

Added check for ALLOWED_CONTENT_CHECKSUMS that Artifacts are missing

fixes #7487

Actions #16

Updated by daviddavis about 4 years ago

  • Status changed from POST to MODIFIED
Actions #17

Updated by ttereshc about 4 years ago

  • Sprint/Milestone set to 3.8.0
Actions #18

Updated by pulpbot about 4 years ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Actions #19

Updated by daviddavis about 4 years ago

  • Related to Issue #7774: `podman push` leads to missing checksums on the Artifacts added

Also available in: Atom PDF