From aa2df35c656867a1d15f834e8362ae978b943f7a Mon Sep 17 00:00:00 2001
From: Justin Sherrill <jsherril@redhat.com>
Date: Thu, 15 Apr 2021 15:47:47 -0400
Subject: [PATCH] Add support for ALLOWED_CONTENT_CHECKSUMS

---
 manifests/init.pp             | 4 ++++
 spec/classes/pulpcore_spec.rb | 1 +
 templates/settings.py.erb     | 1 +
 3 files changed, 6 insertions(+)

diff --git a/manifests/init.pp b/manifests/init.pp
index eb6f267f..8c51f5ed 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -124,6 +124,9 @@
 # @param allowed_export_path
 #   Allowed paths that pulp can use for content exports
 #
+# @param allowed_content_checksums
+#   List of checksum types to allow for content operations
+#
 # @param worker_count
 #   Number of pulpcore workers. Defaults to 8 or the number of CPU cores, whichever is smaller. Enabling more than 8 workers, even with additional CPU cores
 #   available, likely results in performance degradation due to I/O blocking and is not recommended in most cases. Modifying this parameter should
@@ -188,6 +191,7 @@
   Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
   Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],
   Array[Stdlib::Absolutepath] $allowed_export_path = [],
+  Array[Enum['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']] $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
   String[1] $remote_user_environ_name = 'HTTP_REMOTE_USER',
   Integer[0] $worker_count = min(8, $facts['processors']['count']),
   Boolean $service_enable = true,
diff --git a/spec/classes/pulpcore_spec.rb b/spec/classes/pulpcore_spec.rb
index 94efdfa1..1a5268fe 100644
--- a/spec/classes/pulpcore_spec.rb
+++ b/spec/classes/pulpcore_spec.rb
@@ -22,6 +22,7 @@
           is_expected.to contain_concat__fragment('base')
             .with_content(%r{ALLOWED_EXPORT_PATHS = \[\]})
             .with_content(%r{ALLOWED_IMPORT_PATHS = \["/var/lib/pulp/sync_imports"\]})
+            .with_content(%r{ALLOWED_CONTENT_CHECKSUMS = \["sha224", "sha256", "sha384", "sha512"\]})
             .without_content(/sslmode/)
           is_expected.to contain_file('/etc/pulp')
           is_expected.to contain_file('/var/lib/pulp')
diff --git a/templates/settings.py.erb b/templates/settings.py.erb
index 757dc3c6..54e847fb 100644
--- a/templates/settings.py.erb
+++ b/templates/settings.py.erb
@@ -39,6 +39,7 @@ REST_FRAMEWORK__DEFAULT_AUTHENTICATION_CLASSES = (
 
 ALLOWED_IMPORT_PATHS = <%= scope['pulpcore::allowed_import_path'] %>
 ALLOWED_EXPORT_PATHS = <%= scope['pulpcore::allowed_export_path'] %>
+ALLOWED_CONTENT_CHECKSUMS = <%= scope['pulpcore::allowed_content_checksums'] %>
 
 # Derive HTTP/HTTPS via the X-Forwarded-Proto header set by Apache
 SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')