Container Support

Issue #9589

Updated by ttereshc almost 3 years ago

Recent CI failures (https://github.com/pulp/pulp_container/runs/4348993881?check_suite_focus=true#step:13:1449): 

 ~~~ 
 E             Traceback (most recent call last): 
 E               File "/usr/local/lib/python3.8/site-packages/django/core/handlers/exception.py", line 47, in inner 
 E                 response = get_response(request) 
 E               File "/usr/local/lib/python3.8/site-packages/django/core/handlers/base.py", line 181, in _get_response 
 E                 response = wrapped_callback(request, *callback_args, **callback_kwargs) 
 E               File "/usr/local/lib/python3.8/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view 
 E                 return view_func(*args, **kwargs) 
 E               File "/usr/local/lib/python3.8/site-packages/rest_framework/viewsets.py", line 125, in view 
 E                 return self.dispatch(request, *args, **kwargs) 
 E               File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 509, in dispatch 
 E                 response = self.handle_exception(exc) 
 E               File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 469, in handle_exception 
 E                 self.raise_uncaught_exception(exc) 
 E               File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception 
 E                 raise exc 
 E               File "/usr/local/lib/python3.8/site-packages/rest_framework/views.py", line 506, in dispatch 
 E                 response = handler(request, *args, **kwargs) 
 E               File "/usr/local/lib/python3.8/site-packages/rest_framework/mixins.py", line 38, in list 
 E                 queryset = self.filter_queryset(self.get_queryset()) 
 E               File "/usr/local/lib/python3.8/site-packages/pulp_container/app/viewsets.py", line 199, in get_queryset 
 E                 repo_pks = self._repo_query_params(self.request, self, repo_info) 
 E               File "/usr/local/lib/python3.8/site-packages/pulp_container/app/viewsets.py", line 174, in _repo_query_params 
 E                 elif request.user.has_perm(repo_info.push_perm, repo) or request.user.has_perm( 
 E               File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/models.py", line 300, in has_perm 
 E                 return _user_has_perm(self, perm, obj) 
 E               File "/usr/local/lib/python3.8/site-packages/django/contrib/auth/models.py", line 210, in _user_has_perm 
 E                 if backend.has_perm(user, perm, obj): 
 E               File "/usr/local/lib/python3.8/site-packages/pulpcore/backends.py", line 46, in has_perm 
 E                 raise RuntimeError( 
 E            
 E             Exception Type: RuntimeError at /pulp/api/v3/content/container/tags/ 
 E             Exception Value: Permission container.view_containerpushrepository is not suitable for objects of class <class 'pulp_container.app.models.ContainerRepository'>. 
 ~~~ 

 They (https://github.com/pulp/pulp_container/runs/4348993881?check_suite_focus=true#step:13:1449), that were triggered after merging the commit [ab6225b6cfd29864a51baac4d9ad385b37983529](https://github.com/pulp/pulpcore/commit/ab6225b6cfd29864a51baac4d9ad385b37983529), caused pulp_container to fail when [checking](https://github.com/pulp/pulp_container/blob/aa0f6783d7fcfbf0f886a09d1ac11b4f28da8e3c/pulp_container/app/viewsets.py#L141-L178) object permissions. 

 We should at least perform similar checks to those in [`access_policy.py`](https://github.com/pulp/pulp_container/blob/09a63966a2ace4bc15c61b5b1e455cd7018c20c9/pulp_container/app/access_policy.py#L15-L31) and add a fallback that does not rigidly check for `view_containerpushrepository` and `view_containerrepository` in a strict order.

Back