Skip to content

Commit

Permalink
Add support for Role-based Access Control and Domains
Browse files Browse the repository at this point in the history 
[noissue]
  • Loading branch information
@lubosmj
lubosmj authored Feb 19, 2024
2 parents 6b115a4 + f350521 commit d74603a
Show file tree
Hide file tree
Showing 17 changed files with 721 additions and 51 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/scripts/install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ if [ "$TEST" = "s3" ]; then
sed -i -e '$a s3_test: true\
minio_access_key: "'$MINIO_ACCESS_KEY'"\
minio_secret_key: "'$MINIO_SECRET_KEY'"\
pulp_scenario_settings: null\
pulp_scenario_settings: {"domain_enabled": true}\
pulp_scenario_env: {}\
' vars/main.yaml
export PULP_API_ROOT="/rerouted/djnd/"
Expand Down
1 change: 1 addition & 0 deletions CHANGES/321.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added support for domains.
1 change: 1 addition & 0 deletions CHANGES/331.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added role-based access control.
1 change: 1 addition & 0 deletions pulp_ostree/app/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,3 +8,4 @@ class PulpOstreePluginAppConfig(PulpPluginAppConfig):
label = "ostree"
version = "2.3.0.dev"
python_package_name = "pulp-ostree"
domain_compatible = True
25 changes: 25 additions & 0 deletions pulp_ostree/app/migrations/0007_add_model_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Generated by Django 4.2.9 on 2024-02-02 12:14

from django.db import migrations


class Migration(migrations.Migration):

dependencies = [
('ostree', '0006_alter_pointers_to_related_models_globally'),
]

operations = [
migrations.AlterModelOptions(
name='ostreedistribution',
options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_ostreedistribution', 'Can manage roles on ostree distributions')]},
),
migrations.AlterModelOptions(
name='ostreeremote',
options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_ostreeremote', 'Can manage roles on ostree remotes')]},
),
migrations.AlterModelOptions(
name='ostreerepository',
options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('sync_ostreerepository', 'Can start a sync task'), ('modify_ostreerepository', 'Can modify content of the repository'), ('manage_roles_ostreerepository', 'Can manage roles on ostree repositories'), ('repair_ostreerepository', 'Can repair repository versions'), ('import_commits_ostreerepository', 'Can import commits into a repository')]},
),
]
94 changes: 94 additions & 0 deletions pulp_ostree/app/migrations/0008_add_domain_support.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# Generated by Django 4.2.9 on 2024-02-06 10:31

from django.db import migrations, models
import django.db.models.deletion
import pulpcore.app.util


class Migration(migrations.Migration):

dependencies = [
('core', '0116_alter_remoteartifact_md5_alter_remoteartifact_sha1_and_more'),
('ostree', '0007_add_model_permissions'),
]

operations = [
migrations.AlterUniqueTogether(
name='ostreecommit',
unique_together=set(),
),
migrations.AlterUniqueTogether(
name='ostreeconfig',
unique_together=set(),
),
migrations.AlterUniqueTogether(
name='ostreecontent',
unique_together=set(),
),
migrations.AlterUniqueTogether(
name='ostreeobject',
unique_together=set(),
),
migrations.AlterUniqueTogether(
name='ostreeref',
unique_together=set(),
),
migrations.AlterUniqueTogether(
name='ostreesummary',
unique_together=set(),
),
migrations.AddField(
model_name='ostreecommit',
name='_pulp_domain',
field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
),
migrations.AddField(
model_name='ostreeconfig',
name='_pulp_domain',
field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
),
migrations.AddField(
model_name='ostreecontent',
name='_pulp_domain',
field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
),
migrations.AddField(
model_name='ostreeobject',
name='_pulp_domain',
field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
),
migrations.AddField(
model_name='ostreeref',
name='_pulp_domain',
field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
),
migrations.AddField(
model_name='ostreesummary',
name='_pulp_domain',
field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
),
migrations.AlterUniqueTogether(
name='ostreecommit',
unique_together={('checksum', 'relative_path', '_pulp_domain')},
),
migrations.AlterUniqueTogether(
name='ostreeconfig',
unique_together={('sha256', 'relative_path', '_pulp_domain')},
),
migrations.AlterUniqueTogether(
name='ostreecontent',
unique_together={('relative_path', 'digest', '_pulp_domain')},
),
migrations.AlterUniqueTogether(
name='ostreeobject',
unique_together={('checksum', 'relative_path', '_pulp_domain')},
),
migrations.AlterUniqueTogether(
name='ostreeref',
unique_together={('name', 'commit', 'relative_path', '_pulp_domain')},
),
migrations.AlterUniqueTogether(
name='ostreesummary',
unique_together={('sha256', 'relative_path', '_pulp_domain')},
),
]
40 changes: 31 additions & 9 deletions pulp_ostree/app/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@
from django.contrib.postgres.fields import ArrayField

from pulpcore.plugin.models import (
AutoAddObjPermsMixin,
Content,
Remote,
Repository,
Distribution,
)
from pulpcore.plugin.repo_version_utils import remove_duplicates, validate_duplicate_content

from pulpcore.plugin.util import get_domain_pk

logger = getLogger(__name__)


Expand All @@ -31,28 +34,30 @@ class OstreeObject(Content):

TYPE = "object"

_pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
typ = models.IntegerField(choices=OstreeObjectType.choices)
checksum = models.CharField(max_length=64, db_index=True)
relative_path = models.TextField(null=False)

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
unique_together = [["checksum", "relative_path"]]
unique_together = [["checksum", "relative_path", "_pulp_domain"]]


class OstreeCommit(Content):
"""A content model for an OSTree commit."""

TYPE = "commit"

_pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
parent_commit = models.ForeignKey("self", null=True, blank=True, on_delete=models.CASCADE)
checksum = models.CharField(max_length=64, db_index=True)
relative_path = models.TextField(null=False)
objs = models.ManyToManyField(OstreeObject, through="OstreeCommitObject")

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
unique_together = [["checksum", "relative_path"]]
unique_together = [["checksum", "relative_path", "_pulp_domain"]]


class OstreeRef(Content):
Expand All @@ -61,6 +66,7 @@ class OstreeRef(Content):
TYPE = "refs"
repo_key_fields = ("name",)

_pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
commit = models.ForeignKey(
OstreeCommit, related_name="refs_commit", null=True, on_delete=models.CASCADE
)
Expand All @@ -69,7 +75,7 @@ class OstreeRef(Content):

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
unique_together = [["name", "commit", "relative_path"]]
unique_together = [["name", "commit", "relative_path", "_pulp_domain"]]


class OstreeCommitObject(models.Model):
Expand All @@ -87,12 +93,13 @@ class OstreeContent(Content):

repo_key_fields = ("relative_path",)

_pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
relative_path = models.TextField(null=False)
digest = models.CharField(max_length=64, null=False)

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
unique_together = ("relative_path", "digest")
unique_together = ("relative_path", "digest", "_pulp_domain")


class OstreeConfig(Content):
Expand All @@ -101,12 +108,13 @@ class OstreeConfig(Content):
TYPE = "config"
repo_key_fields = ("relative_path",)

_pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
sha256 = models.CharField(max_length=64, db_index=True)
relative_path = models.TextField(null=False)

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
unique_together = [["sha256", "relative_path"]]
unique_together = [["sha256", "relative_path", "_pulp_domain"]]


class OstreeSummary(Content):
Expand All @@ -115,15 +123,16 @@ class OstreeSummary(Content):
TYPE = "summary"
repo_key_fields = ("relative_path",)

_pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
sha256 = models.CharField(max_length=64, db_index=True)
relative_path = models.TextField(null=False)

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
unique_together = [["sha256", "relative_path"]]
unique_together = [["sha256", "relative_path", "_pulp_domain"]]


class OstreeRemote(Remote):
class OstreeRemote(Remote, AutoAddObjPermsMixin):
"""A remote model for OSTree content."""

TYPE = "ostree"
Expand All @@ -134,9 +143,12 @@ class OstreeRemote(Remote):

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
permissions = [
("manage_roles_ostreeremote", "Can manage roles on ostree remotes"),
]


class OstreeRepository(Repository):
class OstreeRepository(Repository, AutoAddObjPermsMixin):
"""A repository model for OSTree content."""

TYPE = "ostree"
Expand All @@ -155,17 +167,27 @@ class OstreeRepository(Repository):

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
permissions = [
("sync_ostreerepository", "Can start a sync task"),
("modify_ostreerepository", "Can modify content of the repository"),
("manage_roles_ostreerepository", "Can manage roles on ostree repositories"),
("repair_ostreerepository", "Can repair repository versions"),
("import_commits_ostreerepository", "Can import commits into a repository"),
]

def finalize_new_version(self, new_version):
"""Handle repository duplicates."""
remove_duplicates(new_version)
validate_duplicate_content(new_version)


class OstreeDistribution(Distribution):
class OstreeDistribution(Distribution, AutoAddObjPermsMixin):
"""A distribution model for OSTree content."""

TYPE = "ostree"

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
permissions = [
("manage_roles_ostreedistribution", "Can manage roles on ostree distributions"),
]
20 changes: 12 additions & 8 deletions pulp_ostree/app/tasks/importing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ async def parse_ref(self, name, ref_commit_checksum, has_referenced_parent=False
parent_checksum = OSTree.commit_get_parent(ref_commit)
if not parent_checksum:
# there are not any parent commits, return and continue parsing the next ref
commit = OstreeCommit(checksum=ref_commit_checksum)
commit = OstreeCommit(checksum=ref_commit_checksum, _pulp_domain=self.domain)
commit_dc = self.create_dc(relative_path, commit)
await self.put(commit_dc)

Expand All @@ -103,7 +103,7 @@ async def parse_ref(self, name, ref_commit_checksum, has_referenced_parent=False
return

checksum = ref_commit_checksum
ref_commit = OstreeCommit(checksum=checksum)
ref_commit = OstreeCommit(checksum=checksum, _pulp_domain=self.domain)
ref_commit_dc = self.create_dc(relative_path, ref_commit)
self.commit_dcs.append(ref_commit_dc)

Expand All @@ -118,7 +118,9 @@ async def parse_ref(self, name, ref_commit_checksum, has_referenced_parent=False
return parent_checksum, ref_commit_dc
else:
try:
parent_commit = await OstreeCommit.objects.aget(checksum=parent_checksum)
parent_commit = await OstreeCommit.objects.aget(
checksum=parent_checksum, _pulp_domain=self.domain
)
except OstreeCommit.DoesNotExist:
raise ValueError(
gettext("The parent commit '{}' could not be loaded").format(
Expand All @@ -138,7 +140,7 @@ async def load_next_commits(self, parent_commit, checksum, has_referenced_parent
parent_checksum = OSTree.commit_get_parent(parent_commit)

while parent_checksum:
commit = OstreeCommit(checksum=checksum)
commit = OstreeCommit(checksum=checksum, _pulp_domain=self.domain)
commit_dc = self.create_dc(relative_path, commit)
self.commit_dcs.append(commit_dc)

Expand All @@ -161,7 +163,7 @@ async def load_next_commits(self, parent_commit, checksum, has_referenced_parent
)
parent_checksum = OSTree.commit_get_parent(parent_commit)

commit = OstreeCommit(checksum=checksum)
commit = OstreeCommit(checksum=checksum, _pulp_domain=self.domain)
commit_dc = self.create_dc(relative_path, commit)
self.commit_dcs.append(commit_dc)

Expand Down Expand Up @@ -263,7 +265,9 @@ async def run(self):
parent_commit = None

try:
parent_commit = await OstreeCommit.objects.aget(checksum=parent_checksum)
parent_commit = await OstreeCommit.objects.aget(
checksum=parent_checksum, _pulp_domain=self.domain
)
except OstreeCommit.DoesNotExist:
pass
else:
Expand Down Expand Up @@ -332,7 +336,7 @@ async def run(self):
num_of_parsed_commits = len(self.commit_dcs)

commit = await OstreeCommit.objects.select_related("parent_commit").aget(
checksum=ref_commit_checksum
checksum=ref_commit_checksum, _pulp_domain=self.domain
)
parent_commit = commit.parent_commit
if parent_commit and num_of_parsed_commits == 1:
Expand Down Expand Up @@ -364,7 +368,7 @@ async def run(self):
ref_file = await ref._artifacts.aget()
copy_to_local_storage(ref_file.file, file_path)

commit = await OstreeCommit.objects.aget(refs_commit=ref)
commit = await OstreeCommit.objects.aget(refs_commit=ref, _pulp_domain=self.domain)
await self.copy_from_storage_to_tmp(commit, OstreeObject.objects.none())

self.repo.regenerate_summary()
Expand Down
Loading

0 comments on commit d74603a

Please sign in to comment.