Fixes #30436 - add allowed_export_paths to settings.py

theforeman · Nov 12, 2020 · 73351dc · 73351dc
1 parent 233347f
commit 73351dc
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 4 deletions.
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -123,7 +123,10 @@
 #   Django remote user environment variable
 #
 # @param allowed_import_path
-#   Allowed paths that pulp can sync from using file:// protocol
+#   Allowed paths that pulp can use for content view imports, or sync from using file:// protocol
+#
+# @param allowed_export_path
+#   Allowed paths that pulp can use for content view exports
 #
 # @param worker_count
 #   Number of pulpcore workers. Defaults to 8 or the number of CPU cores, whichever is smaller. Enabling more than 8 workers, even with additional CPU cores
@@ -174,7 +177,8 @@
   String $django_secret_key = extlib::cache_data('pulpcore_cache_data', 'secret_key', extlib::random_password(32)),
   Integer[0] $redis_db = 8,
   Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
-  Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],
+  Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports', '/var/lib/pulp/imports'],
+  Array[Stdlib::Absolutepath] $allowed_export_path = ['/var/lib/pulp/exports'],
   String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER',
   Integer[0] $worker_count = min(8, $facts['processors']['count']),
   Boolean $service_enable = true,

diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb
@@ -342,7 +342,31 @@
         it do
           is_expected.to compile.with_all_deps
           is_expected.to contain_concat__fragment('base')
-            .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
+            .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports", "/var/lib/pulp/imports"\]})
+
+        end
+      end
+
+      context 'with allowed export paths' do
+        let :params do
+          {
+            allowed_export_path: ['/test/path', '/test/path2'],
+          }
+        end
+
+        it do
+          is_expected.to compile.with_all_deps
+          is_expected.to contain_concat__fragment('base')
+            .with_content(%r{ALLOWED_EXPORT_PATHS = \["/test/path", "/test/path2"\]})
+
+        end
+      end
+
+      context 'with empty allowed export paths' do
+        it do
+          is_expected.to compile.with_all_deps
+          is_expected.to contain_concat__fragment('base')
+            .with_content(%r{ALLOWED_EXPORT_PATHS = \["/var/lib/pulp/exports"\]})
 
         end
       end

diff --git a/templates/settings.py.erb b/templates/settings.py.erb
@@ -38,8 +38,11 @@ REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
     'pulpcore.app.authentication.PulpRemoteUserAuthentication'
 )
 
-<%# This setting whitelists paths that can be used for repository sync with file protocol. Katello uses the path /var/lib/pulp/sync_imports/ to run tests -%>
+<%# These settings specify paths that can be used for repository sync with file protocol, -%>
+<%# and for content view version import/export. -%>
+<%# Katello uses the path /var/lib/pulp/sync_imports/ to run tests -%>
 ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>
+ALLOWED_EXPORT_PATHS = <%= scope['pulpcore::allowed_export_path'] %>
 
 # Derive HTTP/HTTPS via the X-Forwarded-Proto header set by Apache
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')