From aad4228d2e8cdaef2cb79dfad035f5a6803c6ac8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20=22decko=22=20de=20Brito?= Date: Mon, 24 Jun 2024 16:53:01 -0300 Subject: [PATCH] Fixes the permission issue with import-all. Closes #373 (cherry picked from commit 94ed3e570a8fdb60ad926f159bea50abe49ad49d) --- CHANGES/373.bugfix | 1 + pulp_ostree/app/tasks/importing.py | 3 +- pulp_ostree/app/viewsets.py | 2 +- .../tests/functional/api/test_import.py | 47 +++++++++++++++++++ 4 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 CHANGES/373.bugfix diff --git a/CHANGES/373.bugfix b/CHANGES/373.bugfix new file mode 100644 index 00000000..149fa3c6 --- /dev/null +++ b/CHANGES/373.bugfix @@ -0,0 +1 @@ +Fixed an issue when trying to use import-all as a non-admin user. diff --git a/pulp_ostree/app/tasks/importing.py b/pulp_ostree/app/tasks/importing.py index cf8ea47b..18eb5528 100644 --- a/pulp_ostree/app/tasks/importing.py +++ b/pulp_ostree/app/tasks/importing.py @@ -42,8 +42,7 @@ def import_all_refs_and_commits(artifact_pk, repository_pk, repository_name): repository_name (str): The name of an OSTree repository (e.g., "repo"). Raises: - ValueError: If an OSTree repository could not be properly parsed or the specified ref - does not exist. + ValueError: If an OSTree repository could not be properly parsed. """ tarball_artifact = Artifact.objects.get(pk=artifact_pk) repository = Repository.objects.get(pk=repository_pk) diff --git a/pulp_ostree/app/viewsets.py b/pulp_ostree/app/viewsets.py index b2c692c1..026422a5 100755 --- a/pulp_ostree/app/viewsets.py +++ b/pulp_ostree/app/viewsets.py @@ -160,7 +160,7 @@ class OstreeRepositoryViewSet(core.RepositoryViewSet, ModifyRepositoryActionMixi "principal": "authenticated", "effect": "allow", "condition": [ - "has_model_or_domain_or_obj_perms:ostree.import_commits_ostreerepository" + "has_model_or_domain_or_obj_perms:ostree.import_commits_ostreerepository", "has_model_or_domain_or_obj_perms:ostree.view_ostreerepository", ], }, diff --git a/pulp_ostree/tests/functional/api/test_import.py b/pulp_ostree/tests/functional/api/test_import.py index f50e6c7f..4513d73f 100644 --- a/pulp_ostree/tests/functional/api/test_import.py +++ b/pulp_ostree/tests/functional/api/test_import.py @@ -354,3 +354,50 @@ def test_import_commits_same_ref( assert added_content["ostree.commit"]["count"] == 1 assert added_content["ostree.content"]["count"] == 2 assert added_content["ostree.summary"]["count"] == 1 + + +@pytest.mark.parallel +def test_import_all_as_ostree_repo_admin( + pulpcore_bindings, + gen_user, + role_factory, + gen_object_with_cleanup, + monitor_task, + ostree_repository_factory, + ostree_repositories_api_client, + ostree_repositories_versions_api_client, + tmp_path, +): + """Create a role for ostree admin, then import a repository with import-all.""" + + os.chdir(tmp_path) + repo_name = "repo" + sample_dir = tmp_path / str(uuid.uuid4()) + sample_file1 = sample_dir / str(uuid.uuid4()) + branch_name = "foo" + + # 1. create a first file + sample_dir.mkdir() + sample_file1.touch() + + # 2. initialize a local OSTree repository and commit the created file + subprocess.run(["ostree", f"--repo={repo_name}", "init", "--mode=archive"]) + subprocess.run( + ["ostree", f"--repo={repo_name}", "commit", f"--branch={branch_name}", f"{sample_dir}/"] + ) + subprocess.run(["tar", "-cvf", f"{repo_name}.tar", f"{repo_name}/"]) + + user = gen_user(model_roles=["ostree.ostreerepository_creator"]) + + with user: + artifact = gen_object_with_cleanup(pulpcore_bindings.ArtifactsApi, f"{repo_name}.tar") + repo = ostree_repository_factory(name=repo_name) + commit_data = OstreeImportAll(artifact.pulp_href, repo_name) + response = ostree_repositories_api_client.import_all(repo.pulp_href, commit_data) + + repo_version = monitor_task(response.task).created_resources[0] + + repository_version = ostree_repositories_versions_api_client.read(repo_version) + added_content = repository_version.content_summary.added + assert added_content["ostree.refs"]["count"] == 1 + assert added_content["ostree.commit"]["count"] == 1