Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for ALLOWED_CONTENT_CHECKSUMS #183

Merged
merged 1 commit into from
Apr 20, 2021

Conversation

jlsherrill
Copy link
Contributor

No description provided.

@@ -188,6 +191,7 @@
Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],
Array[Stdlib::Absolutepath] $allowed_export_path = [],
Array[String] $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be Array[Enum[…]] to limit possibilities to only known ones? Or would that be to limiting for future pulpcore releases?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that makes sense? we'd need to update it anyways to adjust the default i would think? Its unlikely to be a frequent occurrence either :)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If pulpcore releases a new supported checksum, instead of say puppet-foreman_proxy_content updating what it passes to this parameter to include that new parameter, a release of this module will have to be made to update the list of allowed values to then allow the update to puppet-foreman_proxy_content as a consumer. It is balancing specifying only "valid" values and future proofing. Does Pulp throw an error if an incorrect value is supplied?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You get an error on startup of the workers:
django.core.exceptions.ImproperlyConfigured: ALLOWED_CONTENT_CHECKSUMS may only contain algorithms known to pulp - see constants.ALL_KNOWN_CONTENT_CHECKSUMS for the allowed list.

Also, sha256 is required, it won't startup without, not sure if we should handle that here. @ehelms you bring up a good point, maybe we should drop the Enum here and only have it in the foreman_proxy_content change?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I lean towards not having the Enum personally to allow easier future proofing. This is usually where @ekohl shows up and sets us all straight :)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to reuse it, you can define it a type alias. https://github.com/theforeman/puppet-foreman_proxy/blob/master/types/listenon.pp is probably the easiest example from our codebase. So you would end up with

type Pulpcore::ContentChecksums = Array[Enum[...], 1]

Then you can use, both in this module and puppet-foreman_proxy_content, Pulpcore::ContentChecksums $allowed_content_checksums. Benefits are that you only need to maintain it in one place while still having strong validation.

https://rspec-puppet.com/documentation/type_aliases/ documents how to write simple tests for it.

It's not that often that a new checksum type is added and it needs actual code on the Pulp side. Given that there is a list of constants, I do lean to an enum. Especially if we plan to expose this to users. Debugging a failed service start is a much worse experience than an up front error.

@jlsherrill
Copy link
Contributor Author

note that these are the pulp defaults. Katello will likely want to default to allowing 'sha1' as well. Going to open a pr to foreman_proxy_content to do that and make it user configurable

Copy link
Collaborator

@wbclark wbclark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

@wbclark
Copy link
Collaborator

wbclark commented Apr 15, 2021

If there is an existing Redmine for the issue, could you please update the commit message with it?

This one could be "Refs #xxxxx - Add support for ALLOWED_CONTENT_CHECKSUMS" and the puppet-FPC PR could be "Fixes #xxxxx - expose pulpcore allowed_content_checksums"

@@ -188,6 +191,7 @@
Stdlib::Fqdn $servername = $facts['networking']['fqdn'],
Array[Stdlib::Absolutepath] $allowed_import_path = ['/var/lib/pulp/sync_imports'],
Array[Stdlib::Absolutepath] $allowed_export_path = [],
Array[Enum['md5', 'sha1', 'sha224', 'sha256', 'sha384', 'sha512']] $allowed_content_checksums = ['sha224', 'sha256', 'sha384', 'sha512'],
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did suggest to extract the Array[Enum[]] to a type alias. That makes it easy to reuse in another module.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ahh, thanks for clarifying, will add that

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I should have linked back to #183 (comment) for that suggestion.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added!

types/checksumtypes.pp Outdated Show resolved Hide resolved
Co-authored-by: Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
@jlsherrill
Copy link
Contributor Author

If this looks good i'll update the foreman proxy content pr to match

Copy link
Member

@ekohl ekohl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was supported in 3.9, right? (which is currently the only version we support in this module)

@jlsherrill
Copy link
Contributor Author

yes, its supported all the way back to 3.7: https://github.com/pulp/pulpcore/blob/3.7/pulpcore/app/settings.py#L235

@jlsherrill
Copy link
Contributor Author

and if you want to wait for #184 for a release, i think that makes sense

@ekohl ekohl merged commit 2e1347b into theforeman:master Apr 20, 2021
@evgeni
Copy link
Member

evgeni commented Apr 26, 2021

And now nightly fails with

[ERROR ] [root] Parameter foreman-proxy-content-pulpcore-allowed-content-checksums invalid: Elements of the array are invalid: ['sha1', 'sha224', 'sha256', 'sha384', 'sha512'] must be one of md5, sha1, sha224, sha256, sha384, sha512

Why?!

@evgeni
Copy link
Member

evgeni commented Apr 26, 2021

Can we band-aid it somehow?

@ekohl
Copy link
Member

ekohl commented Apr 26, 2021

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Enhancement New feature or request Needs testing
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants