Changelog¶
Warning
Until Role-Based Access Control is added to Pulp, REST API is not safe for multi-user use.
Sensitive credentials can be read by any user, e.g. Remote.password
, Remote.client_key
.
3.7.3 (2020-10-28)¶
REST API¶
Bugfixes¶
Fixed a serious bug data integrity bug where some Artifact files could be silently deleted from storage in specific circumstances. (Backported from https://pulp.plan.io/issues/7676) #7757
Plugin API¶
No significant changes.
3.7.0 (2020-09-22)¶
REST API¶
Features¶
Added setting ALLOWED_CONTENT_CHECKSUMS to support limiting the checksum-algorithms Pulp uses. #5216
Added progress-reports to the PulpExport task. #6541
Improve performance and memory consumption of orphan cleanup. #6581
Extra require: s3, azure, prometheus and test #6844
Added the toc_info attribute with filename/sha256sum to PulpExport, to enable direct access to the export-TOC. #7221
Taught export-process to clean up broken files if the export fails. #7246
Added the django-cleanup handlers for removing files stored within FileField #7316
Added deprecations section to the changelog. #7415
Bugfixes¶
Address some problems with stuck tasks when connection to redis is interrupted. #6449
Fixed a bug where creating an incomplete repository version (via canceled or failed task) could cause future operations to fail. #6463
Added validation for unknown serializers’ fields #7245
Fixed: PulpTemporaryFile stored in the wrong location #7319
Fixed an edge case where canceled tasks might sometimes be processed and marked completed. #7389
Fixed pulp-export scenario where specifying full= could fail silently. #7403
Fixed OpenAPI creation response status code to 201 #7444
The
AccessPolicy.permissions_assignment
can now be null, which some viewset endpoints may require. #7448Taught export to insure export-dir was writeable by group as well as owner. #7459
Fixed orphan cleanup for subrepositories (e.g. an add-on repository in RPM distribution tree repository). #7460
Fixed issue with reserved resources not being displayed for waiting tasks. #7497
Fixed broken bindings resulting from drf-spectacular 0.9.13 release. #7510
Fix filesystem exports failing due to undefinied
validate_path
method. #7521Fix a bug that prevented users from adding permissions for models have conflicting names across different django apps. #7541
Plugin API¶
Features¶
Bugfixes¶
The
AccessPolicy.permissions_assignment
can now be null, which some viewset endpoints may require. #7448
Improved Documentation¶
Added an example how to use a serializer to create validated objects. #5927
Document the URLField OpenAPI issue #6828
Added all exported models to the autogenerated API reference. #7045
Updated docs recommending plugins to rely on a 1-release deprecation process for backwards incompatible changes in the
pulpcore.plugin
. #7413Adds plugin writer docs on how to ship snippets which override default webserver routes provided by the installer. #7471
Revises the “installation plugin custom tasks” documentation to reflect that plugin writers can contribute their custom installation needs directly to the installer. #7523
3.6.0 (2020-08-13)¶
REST API¶
Features¶
Added table-of-contents to export and gave import a toc= to find/reassemble pieces on import. #6737
Added ability to associate a Remote with a Repository so users no longer have to specify Remote when syncing. #7015
The /pulp/api/v3/access_policies/ endpoint is available for reading and modifying the AccessPolicy used for Role Based Access Control for all Pulp endpoints. This allows for complete customization of the Authorization policies.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7160
The /pulp/api/v3/access_policies/ endpoint also includes a permissions_assignment section which customizes the permissions assigned to new objects. This allows for complete customization for how new objects work with custom define Authorization policies. #7210
The /pulp/api/v3/users/ endpoint is available for reading the Users, Group membership, and Permissions.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7231
The /pulp/api/v3/groups/ endpoint is available for reading the Groups, membership, and Permissions.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7232
The /pulp/api/v3/tasks/ endpoint now provides a user-isolation behavior for non-admin users. This policy is controllable at the /pulp/api/v3/access_policies/ endpoint.
NOTE: The user-isolation behavior is in “tech preview” and production systems are recommended to continue using the build-in
admin
user only. #7301Extended endpoint /pulp/api/v3/groups/:pk/users to add and remove users from a group.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7310
Extended endpoints /pulp/api/v3/groups/:pk/model_permissions and /pulp/api/v3/groups/:pk/object_permissions to add and remove permissions from a group.
NOTE: this endpoint is in tech-preview and may change in backwards incompatible ways in the future. #7311
Bugfixes¶
WorkerDirectory.delete() no longer recursively trys to delete itself when encountering a permission error #6504
Stopped preventing removal of PulpExport/Exporter when last-export existed. #6555
First time on demand content requests appear in the access log. #7002
Fixed denial of service caused by extra slashes in content urls. #7066
Set a default DJANGO_SETTINGS_MODULE env var in content app #7179
Added plugin namespace to openapi href identifier. #7209
By default, html in field descriptions filtered out in REST API docs unless ‘include_html’ is set. #7299
Fixed plugin filtering in bindings to work independently from “bindings” parameter. #7306
Improved Documentation¶
Deprecations and Removals¶
Removed unnecessary fields from the import/export transfer. #6515
Upgrading the api documentation from OpenAPI v2 to OpenAPI v3. - Methods signatures for bindings may change. #7108
Changed default
download_concurrency
on Remotes from 20 to 10 to avoid connection problems. Also updated existing Remotes withdownload_concurrency
of 20 to 10. #7212
Plugin API¶
Features¶
Adding PulpTemporaryFile for handling temporary files between the viewset and triggered tasks #6749
RepositorySyncURLSerializer
will now check remote on the repository before it raises an exception if the remote param is not set. #7015Added a hook on
Repository
calledartifacts_for_version()
that plugins can override to modify the logic behindRepositoryVersion.artifacts
. For now, this is used when exporting artifacts. #7021Enabling plugin writers to have more control on HttpDownloader response codes 400+ by subclassing HttpDownloader and overwriting raise_for_status method #7117
BaseModel now inherits from LifecycleModel provided by django-lifecycle allowing any subclass to also use it instead of signals. #7151
A new pulpcore.plugin.models.AutoDeleteObjPermsMixin object can be added to models to automatically delete all user and group permissions for an object just before the object is deleted. This provides an easy cleanup mechanism and can be added to models as a mixin. Note that your model must support django-lifecycle to use this mixin. #7157
A new model pulpcore.plugin.models.AccessPolicy is available to store AccessPolicy statements in the database. The model’s statements field stores the list of policy statements as a JSON field. The name field stores the name of the Viewset the AccessPolicy is protecting.
Additionally, the pulpcore.plugin.access_policy.AccessPolicyFromDB is a drf-access-policy which viewsets can use to protect their viewsets with. See the Viewset Enforcement for more information on this. #7158
Adds the TaskViewSet and TaskGroupViewSet objects to the plugin api. #7187
Enabled plugin writers to create immutable repository ViewSets #7191
A new pulpcore.plugin.models.AutoAddObjPermsMixin object can be added to models to automatically add permissions for an object just after the object is created. This is controlled by data saved in the permissions_assignment attribute of the pulpcore.plugin.models.AccessPolicy allowing users to control what permissions are created. Note that your model must support django-lifecycle to use this mixin. #7210
Added ability for plugin writers to set a
content_mapping
property on content resources to provide a custom mapping of content to repositories. #7252Automatically excluding
pulp_id
,pulp_created
, andpulp_last_updated
forQueryModelResources
. #7277Viewsets that subclass
pulpcore.plugin.viewsets.NamedModelViewSet` can declare the ``queryset_filtering_required_permission
class attribute naming the permission required to view an object. See the Restricting Viewable Objects documentation for more information. #7300
Bugfixes¶
Making operation_id unique #7233
Making ReDoc OpenAPI summary human readable #7237
OpenAPI schema generation from CLI #7258
Allow pulpcore.plugin.models.AutoAddObjPermsMixin.add_for_object_creator to skip assignment of permissions if there is no known user. This allows endpoints that do not use authorization but still create objects in the DB to execute without error. #7312
Improved Documentation¶
Deprecations and Removals¶
Newlines in certificate string (ca_cert, client_cert, client_key) on Remotes are not required to be escaped. #6735
Replaced drf-yasg with drf-spectacular. - This updates the api documentation to openapi v3. - Plugins may require changes. - Methods signatures for bindings may change. #7108
Moving containers from pulpcore to pulp-operator #7171
3.5.0 (2020-07-08)¶
REST API¶
Features¶
Bugfixes¶
Fixed ‘integer out of range’ error during sync by changing RemoteArtifact size field to BigIntegerField. #6717
Added a more descriptive error message that is shown when CONTENT_ORIGIN is not properly configured #6771
Including requirements.txt on MANIFEST.in #6888
Corrected a number of filters to be django-filter-2.3.0-compliant. #6915
Locked Content table to prevent import-deadlock. #7073
Improved Documentation¶
3.4.0 (2020-05-27)¶
REST API¶
Features¶
Implemented incremental-exporting for PulpExport. #6136
Added support for S3 and other non-filesystem storage options to pulp import/export functionality. #6456
Optimized imports by having repository versions processed using child tasks. #6484
Added repository type check during Pulp imports. #6532
Added version checking to import process. #6558
Taught PulpExport to export by RepositoryVersions if specified. #6566
Task groups now have an ‘all_tasks_dispatched’ field which denotes that no more tasks will spawn as part of this group. #6591
Taught export how to split export-file into chunk_size bytes. #6736
Bugfixes¶
Remote fields username and password show up in: REST docs, API responses, and are available in the bindings. #6346
Fixed a bug, where the attempt to cancel a completed task lead to a strange response. #6465
Fixed KeyError during OpenAPI schema generation. #6468
Added a missing trailing slash to distribution’s base_url #6507
Fixed a bug where the wrong kind of error was being raised for href parameters of mismatched types. #6521
containers: Fix pulp_rpm 3.3.0 install by replacing the python3-createrepo_c RPM with its build-dependencies, so createrep_c gets installed & built from PyPI #6523
Fixed OpenAPI schema for importer and export APIs. #6556
Normalized export-file-path for PulpExports. #6564
Changed repository viewset to use the general_update and general_delete tasks. This fixes a bug where updating specialized fields of a repository was impossible due to using the wrong serializer. #6569
Only uses multipart OpenAPI Schema when dealing with file fields #6702
Fixed a bug that prevented write_only fields from being present in the API docs and bindings #6775
Added proper headers for index.html pages served by content app. #6802
Removed Content-Encoding header from pulpcore-content responses. #6831
Improved Documentation¶
Adding docs for importing and exporting from Pulp to Pulp. #6364
Add some documentation around TaskGroups. #6641
Introduced a brief explanation about pulp_installer #6674
Added a warning that the REST API is not safe for multi-user use until RBAC is implemented. #6692
Updated the required roles names #6758
Deprecations and Removals¶
Changed repositories field on
/pulp/api/v3/exporters/core/pulp/
from UUIDs to hrefs. #6457Imports now spawn child tasks which can be fetched via the
child_tasks
field of the import task. #6484Content of ssl certificates and keys changed to be return their full value instead of sha256 through REST API. #6691
Replaced PulpExport filename/sha256 fields, with output_info_file, a ‘<filename>’: ‘<hash>’ dictionary. #6736
Plugin API¶
Features¶
Added new NoArtifactContentUploadSerializer and NoArtifactContentUploadViewSet to enable plugin writers to upload content without storing an Artifact #6281
Added view_name_pattern to DetailRelatedField and DetailIdentityField to properly identify wrong resource types. #6521
Added support for Distributions to provide non-Artifact content via a content_handler. #6570
Added constants to the plugin API at
pulpcore.plugin.constants
. #6579TaskGroups now have an ‘all_tasks_dispatched’ field that can be used to notify systems that no further tasks will be dispatched for a TaskGroup. Plugin writers should call “.finish()” on all TaskGroups created once they are done using them to set this field. #6591
Deprecations and Removals¶
Fields: username and password will be returned to the rest API user requesting a Remote #6346
Rehomed QueryModelResource to pulpcore.plugin.importexport. #6514
The
pulpcore.content.handler.Handler.list_directory()
function now returns a set of strings where it returned a string of HTML before. #6570
3.3.0 (2020-04-15)¶
REST API¶
Features¶
Added support for repairing a RepositoryVersion by redownloading corrupted artifact files. Sending a POST request to
/pulp/api/v3/repositories/<plugin>/<type>/<repository-uuid>/versions/<version-number>/repair/
will trigger a task that scans all associated artfacts and attempts to fetch missing or corrupted ones again. #5613Added support for exporting pulp-repo-versions. POSTing to an exporter using the
/pulp/api/v3/exporters/core/pulp/<exporter-uuid>/exports/
API will instantiate a PulpExport entity, which will generate an export-tar.gz file at<exporter.path>/export-<export-uuid>-YYYYMMDD_hhMM.tar.gz
#6135Added API for importing Pulp Exports at
POST /importers/core/pulp/<uuid>/imports/
. #6137Added the new setting CHUNKED_UPLOAD_DIR for configuring a default directory used for uploads #6253
Exported SigningService in plugin api #6256
Added name filter for SigningService #6257
Relationships between tasks that spawn other tasks will be shown in the Task API. #6282
Added a new APIs for PulpExporters and Exports at
/exporters/core/pulp/
and/exporters/core/pulp/<uuid>/exports/
. #6328Added PulpImporter API at
/pulp/api/v3/importers/core/pulp/
. PulpImporters are used for importing exports from Pulp. #6329Added an
ALLOWED_EXPORT_PATHS
setting with list of filesystem locations that exporters can export to. #6335Indroduced ordering keyword, which orders the results by specified field. Pulp objects will by default be ordered by pulp_created if that field exists. #6347
Task Groups added – Plugin writers can spawn tasks as part of a “task group”, which facilitates easier monitoring of related tasks. #6414
Bugfixes¶
Improved the overall performance while syncing very large repositories #6121
Made chunked uploads to be stored in a local file system instead of a default file storage #6253
Fixed 500 error when calling modify on nonexistent repo. #6284
Fixed bug where user could delete repository version 0 but not recreate it by preventing users from deleting repo version 0. #6308
Fixed non unique content units on content list #6347
Properly sort endpoints during generation of the OpenAPI schema. #6372
Improved resync performance by up to 2x with a change to the content stages. #6373
Fixed bug where ‘secret’ fields would be set to the sha256 checksum of the original value. #6402
Fixed pulp containers not allowing commands to be run via absolute path. #6420
Improved Documentation¶
Documented bindings installation for a dev environment #6221
Added documentation for how to write changelog messages. #6336
Cleared up a line in the database settings documentation that was ambiguous. #6384
Updated docs to reflect that S3/Azure are supported and no longer tech preview. #6443
Added tech preview note to docs for importers/exporters. #6454
Renamed ansible-pulp to pulp_installer (to avoid confusion with pulp-ansible) #6461
Fixed missing terms in documentation. #6485
Deprecations and Removals¶
Plugin API¶
Features¶
Tasks can now be spawned from inside other tasks, and these relationships can be explored via the “parent_task” field and “child_tasks” related name on the Task model. #6282
Added a new Export model, serializer, and viewset. #6328
Added models Import and Importer (as well as serializers and viewsets) that can be used for importing data into Pulp. #6329
NamedModelViewSet uses a default ordering of -pulp_created using the StableOrderingFilter. Users using the ordering keyword will be the primary ordering used when specified. #6347
Added two new repo validation methods (validate_repo_version and validate_duplicate_content). #6362
enqueue_with_reservation() provides a new optional argument for “task_group”. #6414
Improved Documentation¶
Deprecations and Removals¶
Changed master model from FileSystemExporter to Exporter. Plugins will still need to extend FileSystemExporter but the master table is now core_exporter. This will require that plugins drop and recreate their filesystem exporter tables. #6328
RepositoryVersion add_content no longer checks for duplicate content. #6362
3.2.0 (2020-02-26)¶
REST API¶
Features¶
Bugfixes¶
Considering base version when removing duplicates #5964
Renames /var/lib/pulp/static/ to /var/lib/pulp/assets/. #5995
Disabled the trimming of leading and trailing whitespace characters which led to a situation where a hash of a certificate computed in Pulp was not equal to a hash generated locally #6025
Repository.latest_version() considering deleted versions #6147
Stopped HttpDownloader sending basic auth credentials to redirect location if domains don’t match. #6227
3.1.1 (2020-02-17)¶
REST API¶
Bugfixes¶
Content with duplicate repo_key_fields raises an error #5567
Resolve content app errors
django.db.utils.InterfaceError: connection already closed
. #6045Fix a bug that could cause an inability to detect an invalid signing script during the validation #6077
Fixing broken S3 redirect #6154
Pin idna==2.8` to avoid a version conflict caused by the idna 2.9 release. #6169
3.1.0 (2020-01-30)¶
REST API¶
Features¶
Allow administrators to add a signing service #5943
Adds
pulpcore.app.authentication.PulpDoNotCreateUsersRemoteUserBackend
which can be used to verify authentication in the webserver, but will not automatically create users likedjango.contrib.auth.backends.RemoteUserBackend
does. #5949Allow Azure blob storage to be used as DEFAULT_FILE_STORAGE for Pulp #5954
Allow to filter publications by
repository_version
andpulp_created
#5968Adds the
ALLOWED_IMPORT_PATHS
setting which can specify the file path prefix thatfile:///
remote paths can import from. #5974Allow the same artifact to be published at multiple relative paths in the same publication. #6037
Bugfixes¶
Improved Documentation¶
Rewrote the Authentication page for more clarity on how to configure Pulp’s authentication. #5949
Deprecations and Removals¶
Removed the
django.contrib.auth.backends.RemoteUserBackend
as a default configured backend insettings.AUTHENTICATION_BACKENDS
. Also removedpulpcore.app.authentication.PulpRemoteUserAuthentication
from the DRF configuration ofDEFAULT_AUTHENTICATION_CLASSES
. #5949Importing from file:/// now requires the configuration of the
ALLOWED_IMPORT_PATHS
setting. Without this configuration, Pulp will not import content fromfile:///
locations correctly. #5974
Plugin API¶
Features¶
Deprecations and Removals¶
The
`Handler._handle_file_response` has been removed. It was renamed to ``_serve_content_artifact
and has the following signature:def _serve_content_artifact(self, content_artifact, headers):
Remove get_or_create_future and does_batch from DeclarativeContent. Replaced by awaiting for resolution on the DeclarativeContent itself. #5668
3.0.1 (2020-01-15)¶
REST API¶
Bugfixes¶
Fix bug where content shows as being added and removed in the same version. #5707
Fix bug where calling Repository new_version() outside of task raises exception. #5894
Adjusts setup.py classifier to show 3.0 as Production/Stable. #5896
Importing from file:/// paths no longer destroys the source repository. #5941
Webserver auth no longer prompts for csrf incorrectly. #5955
Deprecations and Removals¶
Removed
pulpcore.app.middleware.PulpRemoteUserMiddleware
from the default middleware section. Also replacedrest_framework.authentication.RemoteUserAuthentication
withpulpcore.app.authentication.PulpRemoteUserAuthentication
in the Django Rest Framework portion of the config. #5955
3.0.0 (2019-12-11)¶
Note
Task names, e.g. pulpcore.app.tasks.orphan.orphan_cleanup
, are subject to change in future
releases 3.y releases. These are represented in the Task API as the “name” attribute. Please
check future release notes to see when these names will be considered stable. Otherwise, the
REST API pulpcore provides is considered semantically versioned.
3.0.0rc2¶
Comprehensive list of changes and bugfixes for rc 2.
Breaking Changes¶
Default port changes happened in the Ansible Installer for Pulp and pulpcore was updated to match with this PR. Existing installs are unaffected. This was done to avoid conflicts that would prevent Pulp from starting by default in many environments; the previous ports (8000 & 8080) are commonly used by management webGUIs, development webservers, etc.
Publications are now Master/Detail which causes any Publication URL endpoint to change. To give an example from pulp_file see the URL changes made here as an example. See plugin docs compatible with 3.0.0rc2 for more details.
Distributions are now Master/Detail which causes the Distribution URL endpoint to change. To give an example from pulp_file see the URL changes made in this PR as an example. See plugin docs compatible with 3.0.0rc2 for more details.
The semantics of Remote attributes ssl_ca_certificate
, ssl_client_certificate
, and
ssl_client_key
changed even though the field names didn’t. Now these assets are saved directly
in the database instead of on the filesystem, and they are prevented from being read back out to
users after being set for security reasons. This was done with these changes.