Project

Profile

Help

Story #7487

Story #3778: [Epic] As a user, I can run Pulp 3 in a FIPS-enabled environment

As a user, I'm prevented from changing ALLOWED_CONTENT_CHECKSUMS if I already have content in my DB

Added by bmbouter 11 months ago. Updated 9 months ago.

Status:
CLOSED - CURRENTRELEASE
Priority:
Normal
Assignee:
Category:
-
Sprint/Milestone:
Start date:
Due date:
% Done:

100%

Estimated time:
Platform Release:
Groomed:
Yes
Sprint Candidate:
Yes
Tags:
Sprint:
Sprint 83
Quarter:

Description

Background

Users should not change the ALLOWED_CONTENT_CHECKSUMS if they already have content in their DB.

Idea

Let's add a check at Pulp start time that causes them to not do that

Implementation

As suggested by @daviddavis, at the bottom of the pulpcore.app.settings, add another check that performs a select like SELECT * FROM artifacts WHERE a IS NULL or b IS NULL ... and if this returns any artifacts, raise an ImproperlyConfigured error.

Testing

Since we can't change settings during functional test runs, we cannot reasonably test for this.


Related issues

Related to Container Support - Issue #7774: `podman push` leads to missing checksums on the ArtifactsCLOSED - CURRENTRELEASE<a title="Actions" class="icon-only icon-actions js-contextmenu" href="#">Actions</a>

Associated revisions

Revision 69ae7bc5 View on GitHub
Added by daviddavis 10 months ago

Added check for ALLOWED_CONTENT_CHECKSUMS that Artifacts are missing

fixes #7487

Revision 9a9a06f1 View on GitHub
Added by daviddavis 10 months ago

Added check for ALLOWED_CONTENT_CHECKSUMS that Artifacts are missing

fixes #7487

History

#1 Updated by bmbouter 11 months ago

  • Description updated (diff)

#2 Updated by bmbouter 11 months ago

  • Parent task set to #3778

#3 Updated by daviddavis 11 months ago

  • Groomed changed from No to Yes
  • Sprint Candidate changed from No to Yes
  • Sprint set to Sprint 81

#4 Updated by bmbouter 11 months ago

  • Description updated (diff)

As @mdellweg correctly points out my implementation won't work well. Rewrote the story to use the suggestion from @daviddavis.

#5 Updated by daviddavis 11 months ago

  • Status changed from NEW to ASSIGNED

#6 Updated by daviddavis 11 months ago

  • Assignee set to daviddavis

#7 Updated by bmbouter 11 months ago

  • Sprint/Milestone set to 3.7.0

#8 Updated by pulpbot 11 months ago

  • Status changed from ASSIGNED to POST

#9 Updated by rchan 10 months ago

  • Sprint changed from Sprint 81 to Sprint 82

#10 Updated by daviddavis 10 months ago

  • Related to Task #7536: Add support for ALLOWED_CONTENT_CHECKSUMS added

#11 Updated by daviddavis 10 months ago

  • Related to deleted (Task #7536: Add support for ALLOWED_CONTENT_CHECKSUMS)

#12 Updated by daviddavis 10 months ago

  • Status changed from POST to MODIFIED
  • % Done changed from 0 to 100

#13 Updated by daviddavis 10 months ago

  • Status changed from MODIFIED to ASSIGNED
  • Sprint/Milestone deleted (3.7.0)

This causes a bug in pclean where a database session gets created and thus the db cannot be dropped. Reverting and removing from 3.7:

https://github.com/pulp/pulpcore/pull/926

#14 Updated by rchan 10 months ago

  • Sprint changed from Sprint 82 to Sprint 83

#15 Updated by pulpbot 10 months ago

  • Status changed from ASSIGNED to POST

#16 Updated by daviddavis 10 months ago

  • Status changed from POST to MODIFIED

#17 Updated by ttereshc 9 months ago

  • Sprint/Milestone set to 3.8.0

#18 Updated by pulpbot 9 months ago

  • Status changed from MODIFIED to CLOSED - CURRENTRELEASE

#19 Updated by daviddavis 9 months ago

  • Related to Issue #7774: `podman push` leads to missing checksums on the Artifacts added

Please register to edit this issue

Also available in: Atom PDF