Add support for Role-based Access Control and Domains

.github/workflows/scripts/install.sh

@@ -96,7 +96,7 @@ if [ "$TEST" = "s3" ]; then
   sed -i -e '$a s3_test: true\
 minio_access_key: "'$MINIO_ACCESS_KEY'"\
 minio_secret_key: "'$MINIO_SECRET_KEY'"\
-pulp_scenario_settings: null\
+pulp_scenario_settings: {"domain_enabled": true}\
 pulp_scenario_env: {}\
 ' vars/main.yaml
   export PULP_API_ROOT="/rerouted/djnd/"

CHANGES/321.feature

@@ -0,0 +1 @@
+Added support for domains.

CHANGES/331.feature

@@ -0,0 +1 @@
+Added role-based access control.

pulp_ostree/app/__init__.py

@@ -8,3 +8,4 @@ class PulpOstreePluginAppConfig(PulpPluginAppConfig):
     label = "ostree"
     version = "2.3.0.dev"
     python_package_name = "pulp-ostree"
+    domain_compatible = True

pulp_ostree/app/migrations/0007_add_model_permissions.py

@@ -0,0 +1,25 @@
+# Generated by Django 4.2.9 on 2024-02-02 12:14
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('ostree', '0006_alter_pointers_to_related_models_globally'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='ostreedistribution',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_ostreedistribution', 'Can manage roles on ostree distributions')]},
+        ),
+        migrations.AlterModelOptions(
+            name='ostreeremote',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_ostreeremote', 'Can manage roles on ostree remotes')]},
+        ),
+        migrations.AlterModelOptions(
+            name='ostreerepository',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('sync_ostreerepository', 'Can start a sync task'), ('modify_ostreerepository', 'Can modify content of the repository'), ('manage_roles_ostreerepository', 'Can manage roles on ostree repositories'), ('repair_ostreerepository', 'Can repair repository versions'), ('import_commits_ostreerepository', 'Can import commits into a repository')]},
+        ),
+    ]

pulp_ostree/app/migrations/0008_add_domain_support.py

@@ -0,0 +1,94 @@
+# Generated by Django 4.2.9 on 2024-02-06 10:31
+
+from django.db import migrations, models
+import django.db.models.deletion
+import pulpcore.app.util
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('core', '0116_alter_remoteartifact_md5_alter_remoteartifact_sha1_and_more'),
+        ('ostree', '0007_add_model_permissions'),
+    ]
+
+    operations = [
+        migrations.AlterUniqueTogether(
+            name='ostreecommit',
+            unique_together=set(),
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreeconfig',
+            unique_together=set(),
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreecontent',
+            unique_together=set(),
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreeobject',
+            unique_together=set(),
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreeref',
+            unique_together=set(),
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreesummary',
+            unique_together=set(),
+        ),
+        migrations.AddField(
+            model_name='ostreecommit',
+            name='_pulp_domain',
+            field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
+        ),
+        migrations.AddField(
+            model_name='ostreeconfig',
+            name='_pulp_domain',
+            field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
+        ),
+        migrations.AddField(
+            model_name='ostreecontent',
+            name='_pulp_domain',
+            field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
+        ),
+        migrations.AddField(
+            model_name='ostreeobject',
+            name='_pulp_domain',
+            field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
+        ),
+        migrations.AddField(
+            model_name='ostreeref',
+            name='_pulp_domain',
+            field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
+        ),
+        migrations.AddField(
+            model_name='ostreesummary',
+            name='_pulp_domain',
+            field=models.ForeignKey(default=pulpcore.app.util.get_domain_pk, on_delete=django.db.models.deletion.PROTECT, to='core.domain'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreecommit',
+            unique_together={('checksum', 'relative_path', '_pulp_domain')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreeconfig',
+            unique_together={('sha256', 'relative_path', '_pulp_domain')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreecontent',
+            unique_together={('relative_path', 'digest', '_pulp_domain')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreeobject',
+            unique_together={('checksum', 'relative_path', '_pulp_domain')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreeref',
+            unique_together={('name', 'commit', 'relative_path', '_pulp_domain')},
+        ),
+        migrations.AlterUniqueTogether(
+            name='ostreesummary',
+            unique_together={('sha256', 'relative_path', '_pulp_domain')},
+        ),
+    ]

pulp_ostree/app/models.py

@@ -4,13 +4,16 @@
 from django.contrib.postgres.fields import ArrayField
 
 from pulpcore.plugin.models import (
+    AutoAddObjPermsMixin,
     Content,
     Remote,
     Repository,
     Distribution,
 )
 from pulpcore.plugin.repo_version_utils import remove_duplicates, validate_duplicate_content
 
+from pulpcore.plugin.util import get_domain_pk
+
 logger = getLogger(__name__)
 
 
@@ -31,28 +34,30 @@ class OstreeObject(Content):
 
     TYPE = "object"
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     typ = models.IntegerField(choices=OstreeObjectType.choices)
     checksum = models.CharField(max_length=64, db_index=True)
     relative_path = models.TextField(null=False)
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = [["checksum", "relative_path"]]
+        unique_together = [["checksum", "relative_path", "_pulp_domain"]]
 
 
 class OstreeCommit(Content):
     """A content model for an OSTree commit."""
 
     TYPE = "commit"
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     parent_commit = models.ForeignKey("self", null=True, blank=True, on_delete=models.CASCADE)
     checksum = models.CharField(max_length=64, db_index=True)
     relative_path = models.TextField(null=False)
     objs = models.ManyToManyField(OstreeObject, through="OstreeCommitObject")
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = [["checksum", "relative_path"]]
+        unique_together = [["checksum", "relative_path", "_pulp_domain"]]
 
 
 class OstreeRef(Content):
@@ -61,6 +66,7 @@ class OstreeRef(Content):
     TYPE = "refs"
     repo_key_fields = ("name",)
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     commit = models.ForeignKey(
         OstreeCommit, related_name="refs_commit", null=True, on_delete=models.CASCADE
     )
@@ -69,7 +75,7 @@ class OstreeRef(Content):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = [["name", "commit", "relative_path"]]
+        unique_together = [["name", "commit", "relative_path", "_pulp_domain"]]
 
 
 class OstreeCommitObject(models.Model):
@@ -87,12 +93,13 @@ class OstreeContent(Content):
 
     repo_key_fields = ("relative_path",)
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     relative_path = models.TextField(null=False)
     digest = models.CharField(max_length=64, null=False)
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = ("relative_path", "digest")
+        unique_together = ("relative_path", "digest", "_pulp_domain")
 
 
 class OstreeConfig(Content):
@@ -101,12 +108,13 @@ class OstreeConfig(Content):
     TYPE = "config"
     repo_key_fields = ("relative_path",)
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     sha256 = models.CharField(max_length=64, db_index=True)
     relative_path = models.TextField(null=False)
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = [["sha256", "relative_path"]]
+        unique_together = [["sha256", "relative_path", "_pulp_domain"]]
 
 
 class OstreeSummary(Content):
@@ -115,15 +123,16 @@ class OstreeSummary(Content):
     TYPE = "summary"
     repo_key_fields = ("relative_path",)
 
+    _pulp_domain = models.ForeignKey("core.Domain", default=get_domain_pk, on_delete=models.PROTECT)
     sha256 = models.CharField(max_length=64, db_index=True)
     relative_path = models.TextField(null=False)
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
-        unique_together = [["sha256", "relative_path"]]
+        unique_together = [["sha256", "relative_path", "_pulp_domain"]]
 
 
-class OstreeRemote(Remote):
+class OstreeRemote(Remote, AutoAddObjPermsMixin):
     """A remote model for OSTree content."""
 
     TYPE = "ostree"
@@ -134,9 +143,12 @@ class OstreeRemote(Remote):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_ostreeremote", "Can manage roles on ostree remotes"),
+        ]
 
 
-class OstreeRepository(Repository):
+class OstreeRepository(Repository, AutoAddObjPermsMixin):
     """A repository model for OSTree content."""
 
     TYPE = "ostree"
@@ -155,17 +167,27 @@ class OstreeRepository(Repository):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("sync_ostreerepository", "Can start a sync task"),
+            ("modify_ostreerepository", "Can modify content of the repository"),
+            ("manage_roles_ostreerepository", "Can manage roles on ostree repositories"),
+            ("repair_ostreerepository", "Can repair repository versions"),
+            ("import_commits_ostreerepository", "Can import commits into a repository"),
+        ]
 
     def finalize_new_version(self, new_version):
         """Handle repository duplicates."""
         remove_duplicates(new_version)
         validate_duplicate_content(new_version)
 
 
-class OstreeDistribution(Distribution):
+class OstreeDistribution(Distribution, AutoAddObjPermsMixin):
     """A distribution model for OSTree content."""
 
     TYPE = "ostree"
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_ostreedistribution", "Can manage roles on ostree distributions"),
+        ]

pulp_ostree/app/tasks/importing.py

@@ -92,7 +92,7 @@ async def parse_ref(self, name, ref_commit_checksum, has_referenced_parent=False
         parent_checksum = OSTree.commit_get_parent(ref_commit)
         if not parent_checksum:
             # there are not any parent commits, return and continue parsing the next ref
-            commit = OstreeCommit(checksum=ref_commit_checksum)
+            commit = OstreeCommit(checksum=ref_commit_checksum, _pulp_domain=self.domain)
             commit_dc = self.create_dc(relative_path, commit)
             await self.put(commit_dc)
 
@@ -103,7 +103,7 @@ async def parse_ref(self, name, ref_commit_checksum, has_referenced_parent=False
             return
 
         checksum = ref_commit_checksum
-        ref_commit = OstreeCommit(checksum=checksum)
+        ref_commit = OstreeCommit(checksum=checksum, _pulp_domain=self.domain)
         ref_commit_dc = self.create_dc(relative_path, ref_commit)
         self.commit_dcs.append(ref_commit_dc)
 
@@ -118,7 +118,9 @@ async def parse_ref(self, name, ref_commit_checksum, has_referenced_parent=False
                 return parent_checksum, ref_commit_dc
             else:
                 try:
-                    parent_commit = await OstreeCommit.objects.aget(checksum=parent_checksum)
+                    parent_commit = await OstreeCommit.objects.aget(
+                        checksum=parent_checksum, _pulp_domain=self.domain
+                    )
                 except OstreeCommit.DoesNotExist:
                     raise ValueError(
                         gettext("The parent commit '{}' could not be loaded").format(
@@ -138,7 +140,7 @@ async def load_next_commits(self, parent_commit, checksum, has_referenced_parent
         parent_checksum = OSTree.commit_get_parent(parent_commit)
 
         while parent_checksum:
-            commit = OstreeCommit(checksum=checksum)
+            commit = OstreeCommit(checksum=checksum, _pulp_domain=self.domain)
             commit_dc = self.create_dc(relative_path, commit)
             self.commit_dcs.append(commit_dc)
 
@@ -161,7 +163,7 @@ async def load_next_commits(self, parent_commit, checksum, has_referenced_parent
                     )
             parent_checksum = OSTree.commit_get_parent(parent_commit)
 
-        commit = OstreeCommit(checksum=checksum)
+        commit = OstreeCommit(checksum=checksum, _pulp_domain=self.domain)
         commit_dc = self.create_dc(relative_path, commit)
         self.commit_dcs.append(commit_dc)
 
@@ -263,7 +265,9 @@ async def run(self):
                 parent_commit = None
 
                 try:
-                    parent_commit = await OstreeCommit.objects.aget(checksum=parent_checksum)
+                    parent_commit = await OstreeCommit.objects.aget(
+                        checksum=parent_checksum, _pulp_domain=self.domain
+                    )
                 except OstreeCommit.DoesNotExist:
                     pass
                 else:
@@ -332,7 +336,7 @@ async def run(self):
                         num_of_parsed_commits = len(self.commit_dcs)
 
                         commit = await OstreeCommit.objects.select_related("parent_commit").aget(
-                            checksum=ref_commit_checksum
+                            checksum=ref_commit_checksum, _pulp_domain=self.domain
                         )
                         parent_commit = commit.parent_commit
                         if parent_commit and num_of_parsed_commits == 1:
@@ -364,7 +368,7 @@ async def run(self):
                 ref_file = await ref._artifacts.aget()
                 copy_to_local_storage(ref_file.file, file_path)
 
-                commit = await OstreeCommit.objects.aget(refs_commit=ref)
+                commit = await OstreeCommit.objects.aget(refs_commit=ref, _pulp_domain=self.domain)
                 await self.copy_from_storage_to_tmp(commit, OstreeObject.objects.none())
 
             self.repo.regenerate_summary()