Story #7487
closed
Story #3778: [Epic] As a user, I can run Pulp 3 in a FIPS-enabled environment
As a user, I'm prevented from changing ALLOWED_CONTENT_CHECKSUMS if I already have content in my DB
100%
Description
Background¶
Users should not change the ALLOWED_CONTENT_CHECKSUMS if they already have content in their DB.
Idea¶
Let's add a check at Pulp start time that causes them to not do that
Implementation¶
As suggested by @daviddavis, at the bottom of the pulpcore.app.settings, add another check that performs a select like SELECT * FROM artifacts WHERE a IS NULL or b IS NULL ... and if this returns any artifacts, raise an ImproperlyConfigured error.
Testing¶
Since we can't change settings during functional test runs, we cannot reasonably test for this.
Related issues
Updated by daviddavis about 4 years ago
- Groomed changed from No to Yes
- Sprint Candidate changed from No to Yes
- Sprint set to Sprint 81
Updated by bmbouter about 4 years ago
- Description updated (diff)
As @mdellweg correctly points out my implementation won't work well. Rewrote the story to use the suggestion from @daviddavis.
Updated by pulpbot about 4 years ago
- Status changed from ASSIGNED to POST
Updated by daviddavis about 4 years ago
- Related to Task #7536: Add support for ALLOWED_CONTENT_CHECKSUMS added
Updated by daviddavis about 4 years ago
- Related to deleted (Task #7536: Add support for ALLOWED_CONTENT_CHECKSUMS)
Added by daviddavis about 4 years ago
Updated by daviddavis about 4 years ago
- Status changed from POST to MODIFIED
- % Done changed from 0 to 100
Applied in changeset pulpcore|69ae7bc5e31b8c70a979ae25f454dee690d60e84.
Updated by daviddavis about 4 years ago
- Status changed from MODIFIED to ASSIGNED
- Sprint/Milestone deleted (
3.7.0)
This causes a bug in pclean where a database session gets created and thus the db cannot be dropped. Reverting and removing from 3.7:
Updated by pulpbot about 4 years ago
- Status changed from ASSIGNED to POST
Added by daviddavis about 4 years ago
Revision 9a9a06f1 | View on GitHub
Added check for ALLOWED_CONTENT_CHECKSUMS that Artifacts are missing
fixes #7487
Updated by daviddavis about 4 years ago
- Status changed from POST to MODIFIED
Applied in changeset pulpcore|9a9a06f1e37f5367e36a24b9aa3aca6ca78dab53.
Updated by pulpbot about 4 years ago
- Status changed from MODIFIED to CLOSED - CURRENTRELEASE
Updated by daviddavis about 4 years ago
- Related to Issue #7774: `podman push` leads to missing checksums on the Artifacts added
.
Added check for ALLOWED_CONTENT_CHECKSUMS that Artifacts are missing
fixes #7487