Project

Profile

Help

Issue #8408

global_access_conditions.has_obj_perms() triggers a DRF AssertError 'Expected view ContainerNamespaceViewSet to be called with a URL keyword argument named "pk"...'

Added by alikins about 2 months ago. Updated about 1 month ago.

Status:
CLOSED - WORKSFORME
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Quarter:

Description

When using:

$ docker exec  galaxy_ng_api_1 pulpcore-manager access-policy-views --url /pulp/api/v3/pulp_container/namespaces/ --userid 2

management command 'access-policy-views' is cli tool to introspect pulp rbac info for each viewset, in this case the '--userid 2' arg trys to test 'safe' viewset objects has_permission for the user in question.

userid=2 is 'alikins', a non-admin user in this galaxy_ng instance.

When it tries to introspect the 'retrive' action on the namespace viewset, it triggers the DRF errror:

AssertionError: Expected view ContainerNamespaceViewSet to be called with a URL keyword argument named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the view correctly.

Output from the command including some DEBUG logging and full stack trace:

DEBUG 2021-03-15 19:57:54,169 galaxy_ng.app.management.commands.access-policy-views access-policy-views._has_permission:326   809 - pre viewset_info={'url': '/pulp/api/v3/pulp_container/namespaces/', 'module': 'pulp_container.app.viewsets.ContainerNamespaceViewSet', 'name': 'pulp_container/namespaces-list', 'permission_classes': (<class 'pulp_container.app.access_policy.NamespaceAccessPolicy'>,), 'perms': [<pulp_container.app.access_policy.NamespaceAccessPolicy object at 0x7f361e2c61d0>], 'access_policy': <pulp_container.app.access_policy.NamespaceAccessPolicy object at 0x7f361e2c61d0>, 'path_regex': '/pulp/api/v3/pulp_container/namespaces/', 'decorators': '', 'view': <class 'pulp_container.app.viewsets.ContainerNamespaceViewSet'>, 'resolved_match': ResolverMatch(func=pulp_container.app.viewsets.ContainerNamespaceViewSet, args=(), kwargs={}, url_name=pulp_container/namespaces-list, app_names=[], namespaces=[], route=/pulp/api/v3/pulp_container/namespaces/), 'p': <URLPattern '/pulp/api/v3/pulp_container/namespaces/' [name='pulp_container/namespaces-list']>} action=retrieve user=alikins url=/pulp/api/v3/pulp_container/namespaces/
DEBUG 2021-03-15 19:57:54,170 galaxy_ng.app.management.commands.access-policy-views access-policy-views._has_permission:341   809 - request: <galaxy_ng.app.management.commands.access-policy-views.FauxRequest object at 0x7f361e2c6898> request.method: GET
DEBUG 2021-03-15 19:57:54,170 galaxy_ng.app.management.commands.access-policy-views access-policy-views._has_permission:347   809 - view_instance: <pulp_container.app.viewsets.ContainerNamespaceViewSet object at 0x7f361e2836a0>
Traceback (most recent call last):
  File "/venv/bin/pulpcore-manager", line 33, in <module>
    sys.exit(load_entry_point('pulpcore', 'console_scripts', 'pulpcore-manager')())
  File "/src/pulpcore/pulpcore/app/manage.py", line 11, in manage
    execute_from_command_line(sys.argv)
  File "/venv/lib64/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
    utility.execute()
  File "/venv/lib64/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/venv/lib64/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
    self.execute(*args, **cmd_options)
  File "/venv/lib64/python3.6/site-packages/django/core/management/base.py", line 364, in execute
    output = self.handle(*args, **options)
  File "/src/galaxy_ng/galaxy_ng/app/management/commands/access-policy-views.py", line 195, in handle
    self.show_access_policy(view, **options)
  File "/src/galaxy_ng/galaxy_ng/app/management/commands/access-policy-views.py", line 313, in show_access_policy
    result = self._has_permission(viewset_info, user, action, viewset_info['url'])
  File "/src/galaxy_ng/galaxy_ng/app/management/commands/access-policy-views.py", line 350, in _has_permission
    result = policy.has_permission(request, view_instance)
  File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 26, in has_permission
    return self._evaluate_statements(statements, request, view, action)
  File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 63, in _evaluate_statements
    request, view, action, matched
  File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 177, in _get_statements_matching_context_conditions
    passed = bool(boolExpr.parseString(condition)[0])
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1943, in parseString
    loc, tokens = self._parse(instring, 0)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
    return self.expr._parse(instring, loc, doActions, callPreParse=False)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
    return self.expr._parse(instring, loc, doActions, callPreParse=False)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4254, in parseImpl
    ret = e._parse(instring, loc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
    return self.expr._parse(instring, loc, doActions, callPreParse=False)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4254, in parseImpl
    ret = e._parse(instring, loc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
    return self.expr._parse(instring, loc, doActions, callPreParse=False)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
    loc, tokens = self.parseImpl(instring, preloc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4254, in parseImpl
    ret = e._parse(instring, loc, doActions)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1716, in _parseNoCache
    tokens = fn(instring, tokensStart, retTokens)
  File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1316, in wrapper
    ret = func(*args[limit[0]:])
  File "/venv/lib64/python3.6/site-packages/rest_access_policy/parsing.py", line 13, in __init__
    self.value = self.check_condition_fn(t[0])
  File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 164, in <lambda>
    cond, request, view, action
  File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 201, in _check_condition
    result = method(request, view, action, arg)
  File "/src/pulpcore/pulpcore/app/global_access_conditions.py", line 104, in has_model_or_obj_perms
    if has_obj_perms(request, view, action, permission):
  File "/src/pulpcore/pulpcore/app/global_access_conditions.py", line 68, in has_obj_perms
    obj = view.get_object()
  File "/venv/lib64/python3.6/site-packages/rest_framework/generics.py", line 92, in get_object
    (self.__class__.__name__, lookup_url_kwarg)
AssertionError: Expected view ContainerNamespaceViewSet to be called with a URL keyword argument named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the view correctly.

History

#1 Updated by mdellweg about 2 months ago

Still trying to understand what is going on here. But looking at the error message, the ViewSet is correctly asserting that a "retrieve" (GET for an instance in contrast to "list") call will be made with a "pk" argument parsed from the URL. And that seems to be missing on the ResolverMatch.

Can you give more detail on how you call the View here? Maybe with a (close to) minimal command in pulpcore-manager shell_plus?

#2 Updated by daviddavis about 2 months ago

  • Project changed from Pulp to Container Support

#3 Updated by ipanova@redhat.com about 1 month ago

  • Status changed from NEW to CLOSED - WORKSFORME

Please re-open by providing more details in case you see it again.

Please register to edit this issue

Also available in: Atom PDF