Actions
Issue #8408
closedglobal_access_conditions.has_obj_perms() triggers a DRF AssertError 'Expected view ContainerNamespaceViewSet to be called with a URL keyword argument named "pk"...'
Status:
CLOSED - WORKSFORME
Priority:
Normal
Assignee:
-
Sprint/Milestone:
-
Start date:
Due date:
Estimated time:
Severity:
2. Medium
Platform Release:
OS:
Triaged:
No
Groomed:
No
Sprint Candidate:
No
Tags:
GalaxyNG
Sprint:
Quarter:
Description
When using:
$ docker exec galaxy_ng_api_1 pulpcore-manager access-policy-views --url /pulp/api/v3/pulp_container/namespaces/ --userid 2
management command 'access-policy-views' is cli tool to introspect pulp rbac info for each viewset, in this case the '--userid 2' arg trys to test 'safe' viewset objects has_permission for the user in question.
userid=2 is 'alikins', a non-admin user in this galaxy_ng instance.
When it tries to introspect the 'retrive' action on the namespace viewset, it triggers the DRF errror:
AssertionError: Expected view ContainerNamespaceViewSet to be called with a URL keyword argument named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the view correctly.
Output from the command including some DEBUG logging and full stack trace:
DEBUG 2021-03-15 19:57:54,169 galaxy_ng.app.management.commands.access-policy-views access-policy-views._has_permission:326 809 - pre viewset_info={'url': '/pulp/api/v3/pulp_container/namespaces/', 'module': 'pulp_container.app.viewsets.ContainerNamespaceViewSet', 'name': 'pulp_container/namespaces-list', 'permission_classes': (<class 'pulp_container.app.access_policy.NamespaceAccessPolicy'>,), 'perms': [<pulp_container.app.access_policy.NamespaceAccessPolicy object at 0x7f361e2c61d0>], 'access_policy': <pulp_container.app.access_policy.NamespaceAccessPolicy object at 0x7f361e2c61d0>, 'path_regex': '/pulp/api/v3/pulp_container/namespaces/', 'decorators': '', 'view': <class 'pulp_container.app.viewsets.ContainerNamespaceViewSet'>, 'resolved_match': ResolverMatch(func=pulp_container.app.viewsets.ContainerNamespaceViewSet, args=(), kwargs={}, url_name=pulp_container/namespaces-list, app_names=[], namespaces=[], route=/pulp/api/v3/pulp_container/namespaces/), 'p': <URLPattern '/pulp/api/v3/pulp_container/namespaces/' [name='pulp_container/namespaces-list']>} action=retrieve user=alikins url=/pulp/api/v3/pulp_container/namespaces/
DEBUG 2021-03-15 19:57:54,170 galaxy_ng.app.management.commands.access-policy-views access-policy-views._has_permission:341 809 - request: <galaxy_ng.app.management.commands.access-policy-views.FauxRequest object at 0x7f361e2c6898> request.method: GET
DEBUG 2021-03-15 19:57:54,170 galaxy_ng.app.management.commands.access-policy-views access-policy-views._has_permission:347 809 - view_instance: <pulp_container.app.viewsets.ContainerNamespaceViewSet object at 0x7f361e2836a0>
Traceback (most recent call last):
File "/venv/bin/pulpcore-manager", line 33, in <module>
sys.exit(load_entry_point('pulpcore', 'console_scripts', 'pulpcore-manager')())
File "/src/pulpcore/pulpcore/app/manage.py", line 11, in manage
execute_from_command_line(sys.argv)
File "/venv/lib64/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
utility.execute()
File "/venv/lib64/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/venv/lib64/python3.6/site-packages/django/core/management/base.py", line 323, in run_from_argv
self.execute(*args, **cmd_options)
File "/venv/lib64/python3.6/site-packages/django/core/management/base.py", line 364, in execute
output = self.handle(*args, **options)
File "/src/galaxy_ng/galaxy_ng/app/management/commands/access-policy-views.py", line 195, in handle
self.show_access_policy(view, **options)
File "/src/galaxy_ng/galaxy_ng/app/management/commands/access-policy-views.py", line 313, in show_access_policy
result = self._has_permission(viewset_info, user, action, viewset_info['url'])
File "/src/galaxy_ng/galaxy_ng/app/management/commands/access-policy-views.py", line 350, in _has_permission
result = policy.has_permission(request, view_instance)
File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 26, in has_permission
return self._evaluate_statements(statements, request, view, action)
File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 63, in _evaluate_statements
request, view, action, matched
File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 177, in _get_statements_matching_context_conditions
passed = bool(boolExpr.parseString(condition)[0])
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1943, in parseString
loc, tokens = self._parse(instring, 0)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
return self.expr._parse(instring, loc, doActions, callPreParse=False)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
return self.expr._parse(instring, loc, doActions, callPreParse=False)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4254, in parseImpl
ret = e._parse(instring, loc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
return self.expr._parse(instring, loc, doActions, callPreParse=False)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4254, in parseImpl
ret = e._parse(instring, loc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4462, in parseImpl
return self.expr._parse(instring, loc, doActions, callPreParse=False)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1683, in _parseNoCache
loc, tokens = self.parseImpl(instring, preloc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 4254, in parseImpl
ret = e._parse(instring, loc, doActions)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1716, in _parseNoCache
tokens = fn(instring, tokensStart, retTokens)
File "/venv/lib64/python3.6/site-packages/pyparsing.py", line 1316, in wrapper
ret = func(*args[limit[0]:])
File "/venv/lib64/python3.6/site-packages/rest_access_policy/parsing.py", line 13, in __init__
self.value = self.check_condition_fn(t[0])
File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 164, in <lambda>
cond, request, view, action
File "/venv/lib64/python3.6/site-packages/rest_access_policy/access_policy.py", line 201, in _check_condition
result = method(request, view, action, arg)
File "/src/pulpcore/pulpcore/app/global_access_conditions.py", line 104, in has_model_or_obj_perms
if has_obj_perms(request, view, action, permission):
File "/src/pulpcore/pulpcore/app/global_access_conditions.py", line 68, in has_obj_perms
obj = view.get_object()
File "/venv/lib64/python3.6/site-packages/rest_framework/generics.py", line 92, in get_object
(self.__class__.__name__, lookup_url_kwarg)
AssertionError: Expected view ContainerNamespaceViewSet to be called with a URL keyword argument named "pk". Fix your URL conf, or set the `.lookup_field` attribute on the view correctly.
Actions