4.6.0 (2022-10-13) Features --------
- Change 'requires_ansible' to use custom ansible ver spec instead of semver AAH-981
- Allow signature upload, expose public_keys on API AAH-1055
- Add option to log collection downloads. AAH-1118
- Add Container Signing Service AAH-1358
- Output an error if no changelog.rst file is present in the root of the collection AAH-1460
- Changed import_collection to work off of a fileobject without requiring an filesystem entry AAH-1506
- Allow set of GALAXY_MINIMUM_PASSWORD_LENGTH for AUTH_PASSWORD_VALIDATORS AAH-1531
- Serve all collections at synclist distro, stop curation AAH-1540
- Serve the pulp api at /api/automation-hub/pulp/api/v3/ AAH-1544
- Add LDAP integration AAH-1593
- Make /api/galaxy/pulp/api/v3/ part of the supported API. AAH-1681
- Add validated content repo. AAH-1943
- Fixes forbidden message when installing from ansible-galaxy a public collection and the settings has enable unautheticated download. AAH-1386
- Fix 500 error when listing Group Roles AAH-1595
- Redirect requests from /pulp/api/v3/ to /api/galaxy/pulp/api/v3/. AAH-1646
- Fix feature flags for signing AAH-1690
- add signature upload statements AAH-1700
- Remove guardian foreign key contraints in rbac migration AAH-1765
- Allow roles assignment to group with change_group permission AAH-1766
- Forbid user with change_user perms to update superuser AAH-1791
- Return only the sign state of the latest version of a collection. AAH-1794
- Remove conditional view_task. AAH-1805
- Fix a bug preventing keycloak SSO users from logging in to the container registry with podman/docker login. AAH-1921
- Disable signatures in the v3 collection detail serializer AAH-1937
- AAH-1092, AAH-1093, AAH-1127, AAH-1128, AAH-1360, AAH-1371, AAH-1443, AAH-1449, AAH-1468, AAH-1492, AAH-1493, AAH-1526, AAH-1530, AAH-1556, AAH-1585, AAH-1586, AAH-1587, AAH-1588, AAH-1589, AAH-1608, AAH-1609, AAH-1643, AAH-1654, AAH-1697, AAH-1712, AAH-1737, AAH-1738, AAH-1757, AAH-1768, AAH-1770, AAH-1780, AAH-1781, AAH-1788, AAH-1796, AAH-1821, AAH-1828, AAH-1846, AAH-1850, AAH-1906, AAH-1908
- Collection Signing, signature creation, upload, verification and APIs. AAH-312
- Add Signing Service to the dev environment AAH-1181
- Update pulp_ansible to 0.12.0, for signing features AAH-1353
- Add "related_fields" to the namespace serializer, which can optionally return "my_permissions" for namespaces. AAH-1458
- Improve queries on move api endpoint AAH-692
- Log query items to api access log to capture collection details when uploading a collection. AAH-1018
- Remote registry sync status not shown on registry page AAH-1094
- Fix response for downloading collections in insights mode AAH-1162
- Upgrade to pulp-container 2.8.3 to fix azure and S3 storage backends. AAH-1188
- Fix a bug preventing users upgrading from 1.2 to 2.1 from downloading content from the rh-certified repository. AAH-1200
- Add missing proxy_password if field is set on CollectionRemote update AAH-1254
- Combine copy and remove tasks into single task AAH-1349
- Update to the latest pulp_container release AAH-1373
- Make sure orphan_protection_time is not set to zero AAH-1384
- Prevent artifact removal from latest version when deleting images AAH-1389
- Update locks on synclist tasks so golden_repo will not be written to during tasks AAH-1395
- Check for existing synclist obj before create in RH Auth AAH-1399
- Remove custom admin as TaskAdmin was removed from pulpcore AAH-1478
- Fix collectionversion query build, it was taking too much time to calculate a django Q() expression AAH-1484
- Use simple string splitting to remove the requirements versions AAH-1545
- Ensure that container remotes exclude source images by default to prevent networking errors when syncing. AAH-1557
- AAH-765, AAH-804, AAH-1015, AAH-1038, AAH-1042, AAH-1090, AAH-1092, AAH-1097, AAH-1106, AAH-1212, AAH-1214, AAH-1219, AAH-1278, AAH-1361, AAH-1418, AAH-1442
- Update settings.py with Redis config provided by Clowder AAH-382
- Create new api endpoints for listing, getting, and updating container registries. AAH-434
- Create new api endpoints for listing, getting, and updating container remotes. AAH-435
- Create remote sync api endpoint. AAH-438
- Create templates to deploy Automation Hub services via the Clowder operator AAH-581
- Start deploying galaxy_ng to ephemeral environments in pr_check AAH-582
- Update to galaxy-importer version that uses ansible-core 2.11 AAH-588
- Add new healthz endpoint for liveness probe to check in ephemeral environments. AAH-683
- Ensure retain_repo_versions=1 is set for newly created repositories and existing AAH-708
- Enable Namespace deletion endpoint. AAH-709
- Allow collection versions to be deleted AAH-710
- Allow collections to be deleted AAH-711
- Allow container repository to be deleted AAH-712
- Allow container manifest to be deleted AAH-713
- Add configuration for api access logging. AAH-733
- Add unix socket support to collection version download view AAH-743
- Update settings.py and urls.py with Social Auth values when environment is configured AAH-846
- Add the ability to index execution environments from Red Hat registry remotes. This scans the registry for containers that are labeled with the execution environment label and creates remote container repositories for them which can be synced. AAH-864
- Enable unauthenticated view-only collection browsing AAH-881
- Add CONNECTED_ANSIBLE_CONTROLLERS setting which enables users to specify a list of controller instances that they wish to have galaxy ng connect to. AAH-888
- Create access policy for registries endpoint. AAH-896
- Create filters for container registries endpoint. AAH-897
- Enable basic (username/password) authentication for galaxy apis. AAH-901
- Add dependency filter to ui collection versions endpoint AAH-902
- Add api endpoint for getting a listof tags in a container repository. AAH-906
- Enable keycloak authentication using username and password for podman login. AAH-916
- Add pre-authorized-redirect content guard to distributions AAH-923
- Allow container registry-remote to be deleted AAH-931
- Add created_at and updated_at filters to container registries endpoint. AAH-938
- Add api endpoint to sync all remotes in a container registry. AAH-945
- Add image manifests to container images api. AAH-964
Made API Root view to raise 404 if distro path is provided but distro doesn´t exist. AAH-157
Disable streamed sync endpoints AAH-224
Improve errors for max length violations in collection filename import AAH-428
Uses optional file_url from caller, pulp-ansible>=0.8, to support additional pulp backend storage platforms AAH-431
Fix incorrect openapi.yml
Fix in this case mostly means removing an out of date version in lieu of the autogenerated version at /api/automation-hub/v3/openapi.yaml AAH-450
Fix "CVE-2021-32052 django: header injection" by moving to django ~=2.2.23 AAH-583
Fix synclist to exclude all versions of un-checked collection. AAH-585
Update the required django to ~=2.2.23 AAH-601
Pin 'click' version to 7.1.2 for 'rq' compat AAH-637
Implemented filters for state and keywords on imports API. AAH-646
Download collection artifacts from the galaxy apis instead of the pulp content app. AAH-661
Update to work with pulpcore 3.14 API AAH-706
Create 'inbound-namespaces' whenever a namespace is created. AAH-739
Fix typo in AWS S3 configuration for Clowder AAH-781
Fixed missing galaxy-importer configuration in Clowder template. AAH-815
Adds dependency django-automated-logging AAH-849
Fix keycloak setting not being loaded from /etc/pulp/settings.py AAH-915
Bump django-automated-logging version to include IP Address in logs AAH-918
Download collection artifacts from the pulp content app instead of the galaxy apis AAH-924
Fix container pull error to make compatible with drf-access-policy update AAH-940
Add auth_provider to users/ endpoint to denote an SSO user AAH-952
Add get_object to ContainerSyncRemoteView to fix AAH-989 AAH-989
Allow deleting execution environment repositories with a dot in name AAH-1049
Fix a bug where remote container repositories could not be deleted. AAH-1095
- AAH-224, AAH-424, AAH-460, AAH-563, AAH-570, AAH-576, AAH-579, AAH-581, AAH-584, AAH-603, AAH-606, AAH-647, AAH-707, AAH-750, AAH-799, AAH-830, AAH-837, AAH-871, AAH-873, AAH-917
Enable OpenAPI spec at cloud.redhat.com/api/automation-hub/v3/openapi.json
Update docs and decorators on viewsets and serializers to generate correct spec.
Modify pulpcore openapigenerator to include concrete hrefs in addition to {ansible_collection_href}/ style endpoints.
Need to provide the existing pulp /pulp/api/v3/docs/ view and a new view at /api/automation-hub/v3/openapi.json - new viewset may need drf-spectacular tweaks
Sub tasks: - Create a snapshot of the OpenAPI spec in CI.
- setup any useful tooling for validating/verifying the spec - openapidiff ?
- Enable swaggerui view (/v3/swagger/ ?)
Potential problems:
- May want/need to import pulpcore openapi generator utils, which may not be in plugin
api
Before:
Pulp uses drf-spectacular
A "live" generated version of the API is available at
http://localhost:5001/pulp/api/v3/docs/api.json http://localhost:5001/pulp/api/v3/docs/api.yaml
And a "redoc" view at: http://localhost:5001/pulp/api/v3/docs/
Note some issues:
- Lots of endpoints are in the form "{ansible_collection_import_href}" - in theory, all endpoints should start with a "/" but even when evaluated, the above is "ansible/ansible/v3/collections/artifacts"
- schema objects are inconsistent named - pulpcore has no prefix - pulp_ansible has ansible. prefix - galaxy_ng sometimes? has galaxy. prefix and sometimes Galaxy
Add OpenShift job template to run database migrations AAH-145
Allow on to customize version for sdist building AAH-185
Add debug level logging about access_policy permission evaluation. AAH-205
Add unpaginated collections, collectionversions and metadata endopints for better sync performance. AAH-224
Add rate_limit to remotes api. AAH-272
Add container list and detail endpoints for execution environments. AAH-274
Add the ability to view the changes that have been made to a container repo. AAH-276
Add api to return images in a container repo. AAH-277
Set pulp container access policies. AAH-278
Load initial data for repo, remote and distribution using data migrations AAH-281
Add GALAXY_FEATURE_FLAGS to enable/disable execution environments AAH-298
Add the ability to create readmes for container distributions. AAH-317
Add api for loading a container manifest configuration blob. AAH-338
Add requires_ansible to the collection api endpoints AAH-409
Add models for container registry sync config AAH-432
Allow creating super users. AAH-500
Fix how travis checks for existence of Jira issues AAH-44
Fixed synclist curation creating 2 * N tasks, where N is number of synclists. Now synclist curation is executed in batches. Number of batches is configured in project settings. By default it is set to 200 synclists per task. AAH-50
Fix NamespaceLink creation and Validation on duplicated name. AAH-132
API returns 409 in case of existing group with same name. AAH-152
The namespaces api now performs a partial match on namespace name and namespace company name when using the 'keywords' query parameter. AAH-166
Fix KeyError lookup in namespace and collection viewset AAH-195
Fix error in error msg when importing invalid filenames AAH-203
Fix the galaxy-importer check for max size of docs files AAH-220
Only show synclist toggles to org admin.
ie, non org admin's should get 403 response when viewing synclist endpoints. AAH-222
Users should not be able to delete themselves.
Even if they have 'delete-user' perms. AAH-265
Prevent users with delete-user perms from deleting admin users AAH-266
Make token and password obfuscated on the API docs for /sync/config AAH-282
split proxy_url in 3 fields: username, password, address AAH-291
Fix groups endpoint viewable only by admin AAH-453
Expose pulp API in generated openapi spec. AAH-482
Replace current PULP_REDIS* env variables with PULP_REDIS_URL env variable to accommodate PULP_REDIS_SSL. AAH-486
- AAH-16, AAH-31, AAH-120, AAH-139, AAH-176, AAH-177, AAH-257, AAH-295, AAH-299, AAH-344, AAH-387, AAH-393, AAH-425, AAH-433, AAH-478, AAH-483
- Fix URLs in remote fixtures for correct validation. AAH-12
- Fix importer running ansible-test in local image build AAH-89
- Fix my-synclist to show only synclists with obj permissions AAH-97
- Add deprecated annotated field to empty queryset AAH-122
- Support pulp_ansible collection deprecation edits AAH-76
- Add staging and rejected repos via migration and remove from dev fixture #485
- Update error messages on namespace links so that they can be differentiated from error messages on namespaces. AAH-18
- Fix my-distributions show only sycnlist distros with obj perms AAH-27
- Fix sort=created on ui /imports/collections/ AAH-98
- Fix "CollectionImport.task_id" must be a "CollectionImport" instance. errors on import task. AAH-99
- Make error return for upload filename parsing errors provides an error code 'invalid' #31
- Fixes missing collection documentation after syncing from cloud.redhat.com. #441
- Add missing RepositoryVersion to inbound repos created via migration #493
- On upload use filename namespace as distro when no distro specified #496
Allow a user to specify the protocol she wants to use to talk to the pulp backend. (ie. http vs. https) #464
Upgrade to pulpcore 3.7.0 and allow for 3.8.0
Based on the API stability guidance at https://docs.pulpproject.org/pulpcore/plugins/plugin-writer/concepts/index.html#plugin-api-stability-and-deprecation-policy #476
- The task for curating content needs to be initiated whenever a new collection lands in the golden repository. #428
- Order remotes and distributions by name instead of last updated. #445
When subscribers modify their synclist or the golden repository versions changes, AH needs to add/remove content from the associated repositories. #17
Configure and manage content sync and collection remotes #22
Support auto-created inbound pulp repositories per namespace #37
Migration to add repo and distro for existing namespaces #38
Add OpenAPI spec for exposing pulp collection viewsets. #93
After successful import move collection version from incoming repo to staging repo #117
Remove v3 api CollectionVersion certified flag filter #120
Move _ui/ to the same level as v3/ and add versions to it. #225
Create default synclist and associated repository/distribution on login. #264
When subscribers modify their synclist or the upstream repository versions changes, update the synclist repos.
Add /curate/ endpoints to synclists (POST /_ui/my-synclists/{pk}/curate/) to trigger curating a synclist repo.
Add /curate/ endpoints to repositories (POST /content/<repo_name>/v3/collections/curate/ to trigger updating all synclists repos whose upstream_repository points to /content/<repo_name>/
Add new tasks:
curate_synclist_repository(synclist_pk) * update synclist.repository based on synclist.policy, synclist.collections, and synclist.namespaces
curate_all_synclist_repositoies(upstream_repository_name) * Create a TaskGroup and create a curate_synclist_repository subtask for each synclist repo * Also creates a GroupProgressReport for the TaskGroup
- Could be used to surface promotion status in UI
Note: When using curate_all_synclist_repositoies with a lot of synclist repositories, it is recommended to enable multiple pulp workers.
For example, if using the galaxy_ng dev docker-compose tools:
$ ./compose up --scale worker=2
When creating a synclist, ensure that the curated repo and distribution exists, and create them if needed. #267
Add endpoints to manage Content Sync for community and rh-certified repositories. #282
API: Update org repositories when new collection version published
For c.rh.c, when a collection version is promoted from the staging repository to the published repository, the subscriber org repositories must be updated with the new artifact.
- The promotion event has to:
- Kick-off n number of tasks, where n is the number of synclist repos
Add endpoint to get status of pulp tasks #295
Implement RBAC. - Adds DRF Access Policy to control permissions on DRF viewsets - Adds Django Guardian for assigning permissions to objects #303
Expose the pulp core groups api. Exposes: - _ui/groups/ for listing and creating groups - _ui/groups/<pk> for deleting groups - _ui/groups/<pk>/model-permissions for listing and adding permissions to groups - _ui/groups/<pk>/model-permissions/<pk> for removing permissions from groups - _ui/groups/<pk>/users/ for listing and adding users to groups - _ui/groups/<pk>/users/<pk> for removing users from groups #304
Removal of existing permission system - Viewsets no longer check to see if the user is in the system:partner-engineers group to determine if the user is an admin. - Red Hat entitlements checks have been moved to DRF Access Policy - Existing permission classes have been removed and replaced with DRF Access Policy permission classes. #305
Add relevant user permissions to the _ui/me/ api for the UI to use. #306
Use pulp repos to denote approved content on auto-approval #316
Added Dockerfile.rhel8 for building docker images based on RHEL8. #362
On publish check if inbound repo allows publishing #372
Pin to pulpcore 3.6.0, pulp-ansible 0.2.0 and pulp-container 2.0.0 #380
Adds assign-permission management command for associating permissions to a group #389
Add distributions and my-distributions endpoints to the UI api. #397
- Fix PATCH on my-synclists #269
- Fixed bug in auto certification parameter check, that caused all submitted content being automatically approved. #318
- Update requirements to use latest git versions of pulp* #330
- Update uses of pulp_ansible import_collection tasks to use PulpTemporaryFile #333
- chillout check_pulpcore_imports for a bit #387
- Add docs_blob to v3 api for collection versions #403
- Create namespaces on content sync #404
- Release packages in sdist and wheel formats. Static assets are download and included automatically during package build process. #275
- Add synclist models and viewsets #18
- Add collection version move/ endpoint to move to and from repository #41
- Add synclist (blacklist/whitelist for currated sync repos) support #46
- Implement authentication API for local Automation Hub. #77
- Support config to auto-approve collection versions on import #170
- Namespace API is copied from UI to v3 and now is server at
<prefix>/v3/namespace/
.<prefix>/v3/_ui/namespace/
is left as is. The new<prefix>/v3/namespace/
endpoint changes how 'groups' are serialized. #180 - Token API is moved from UI to v3 and now is served at
<prefix>/v3/auth/token/
. Token API does not supportGET
method anymore, token is returned to client only once after creation. Add support of HTTP Basic authentication method to the Token API. #187 - Enable the UI to be run as a container along with the rest of the development environment #217
- Fix bug preventing links from being modified on namespaces. #277
- Fixed invalid authorization for root API endpoints #108
- Fixed galaxy-importer errors in galaxy_ng container environment #110
- Fixed collection version detail endpoint returning invalid format of a collection field. #113
- Fix importer job scheduling issues with importer resource params #122
- Fix importer exception on unexpected docstring format #159
- Fix CollectionVersionViewSet so it filters based on "certification" status. #214
- Fix compose file name mismatch. In fixture data associate admin user with system:partner-engineers group. #233
- Fix wrong href's in results from collection viewsets #247
- Add back workaround for multipart forms from ansible-galaxy. #256