Bug 1012572

Summary: User can upload incompatible content to a repo (i.e., puppet into a yum repo)
Product: Red Hat Satellite Reporter: Corey Welton <cwelton>
Component: Content ManagementAssignee: David Davis <daviddavis>
Status: CLOSED CURRENTRELEASE QA Contact: Garik Khachikyan <gkhachik>
Severity: medium Docs Contact:
Priority: unspecified    
Version: NightlyCC: ehelms, gkhachik, jmontleo, mkoci
Target Milestone: UnspecifiedKeywords: Triaged
Target Release: Unused   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-04-24 17:08:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Corey Welton 2013-09-26 16:27:16 UTC 
Description of problem:
There is no restriction keeping a user from uploading incompatible content into a repo which is already designated as a different type.  While this content does not appear in webui, we should restrict it from ever getting there in the first place.

Version-Release number of selected component (if applicable):
katello 1.4.6-13.el6sat


How reproducible:


Steps to Reproduce:
1.  repo content_upload --repo=zooup --product=Zooshop --filepath=my_test_rpm.noarch.rpm --content_type=yum --org=ACME_Corporation
2.  repo content_upload --repo=zooup --product=Zooshop --filepath=adob-good-2.0.0.tar.gz --content_type=puppet --org=ACME_Corporation


Actual results:
Successfully uploaded 'my_test_rpm.noarch.rpm' into repository
Successfully uploaded 'adob-good-2.0.0.tar.gz' into repository

Both content types are accepted, despite the fact that we should only allow one type in repo.  Note that the second does not actually show up in the UI.

Expected results:
Check the repo type in order to validate potential uploads; do not allow mixed content

Additional info:
Comment 2 David Davis 2013-09-29 23:39:47 UTC 
katello-cli pull request:

https://github.com/Katello/katello-cli/pull/95
Comment 3 David Davis 2013-09-30 19:53:08 UTC 
katello-cli

91e835471a3a914517856140d11241e6723f125c

1012572: Check the upload type against the repo's content type

Why are we checking the content type in the CLI and not the API?

1. The content type is not being passed to the API. The content type is used to
parse the upload's metadata which happens in the CLI and not API (we copied
pulp's python code over to do the metadata parsing).
2. It's better to do it before we upload the package than at the very end. If
we were to pass the content type to the API, we probably wouldn't do it until
import_into_repo which is the last call (after the package or module gets
uploaded). This would mean the user would have to sit through actually
uploading the package before knowing it wasn't valid.
Comment 7 Garik Khachikyan 2013-10-11 08:53:28 UTC 
# VERIFIED

cli.RepoTests.test_uploadContentInvalidContent shows up green now.

checked against version:
---
candlepin-0.8.25-1.el6sam.noarch
candlepin-cert-consumer-hephaestus.usersys.redhat.com-1.0-1.noarch
candlepin-scl-1-5.el6_4.noarch
candlepin-scl-quartz-2.1.5-5.el6_4.noarch
candlepin-scl-rhino-1.7R3-1.el6_4.noarch
candlepin-scl-runtime-1-5.el6_4.noarch
candlepin-selinux-0.8.25-1.el6sam.noarch
candlepin-tomcat6-0.8.25-1.el6sam.noarch
createrepo-0.9.9-21.2.pulp.el6sat.noarch
elasticsearch-0.19.9-8.el6sat.noarch
katello-1.4.6-29.el6sat.noarch
katello-agent-1.4.4-3.el6sat.noarch
katello-all-1.4.6-29.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-cli-1.4.3-19.el6sat.noarch
katello-cli-common-1.4.3-19.el6sat.noarch
katello-common-1.4.6-29.el6sat.noarch
katello-configure-1.4.5-10.el6sat.noarch
katello-configure-foreman-1.4.5-10.el6sat.noarch
katello-configure-foreman-proxy-1.4.5-10.el6sat.noarch
katello-foreman-all-1.4.6-29.el6sat.noarch
katello-glue-candlepin-1.4.6-29.el6sat.noarch
katello-glue-elasticsearch-1.4.6-29.el6sat.noarch
katello-glue-pulp-1.4.6-29.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-qpid-client-key-pair-1.0-1.noarch
katello-selinux-1.4.4-4.el6sat.noarch
m2crypto-0.21.1.pulp-8.el6sat.x86_64
mod_wsgi-3.4-1.pulp.el6sat.x86_64
pulp-katello-plugins-0.2-1.el6sat.noarch
pulp-nodes-common-2.3.0-0.17.beta.el6sat.noarch
pulp-nodes-parent-2.3.0-0.17.beta.el6sat.noarch
pulp-puppet-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-handlers-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-selinux-2.3.0-0.17.beta.el6sat.noarch
pulp-server-2.3.0-0.17.beta.el6sat.noarch
python-isodate-0.5.0-1.pulp.el6sat.noarch
python-oauth2-1.5.170-3.pulp.el6sat.noarch
python-pulp-agent-lib-2.3.0-0.17.beta.el6sat.noarch
python-pulp-bindings-2.3.0-0.17.beta.el6sat.noarch
python-pulp-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-puppet-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-rpm-common-2.3.0-0.17.beta.el6sat.noarch
python-qpid-0.18-5.el6_4.noarch
qpid-cpp-client-0.14-22.el6_3.x86_64
qpid-cpp-client-ssl-0.14-22.el6_3.x86_64
qpid-cpp-server-0.14-22.el6_3.x86_64
qpid-cpp-server-ssl-0.14-22.el6_3.x86_64
ruby193-rubygem-foreman-katello-engine-0.0.14-5.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.7-2.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
ruby193-rubygem-ldap_fluff-0.2.2-2.el6sat.noarch
signo-katello-0.0.22-2.el6sat.noarch
Comment 8 Bryan Kearney 2014-04-24 17:08:54 UTC 
This was verified and delivered with MDP2. Closing it out.
Comment 9 Bryan Kearney 2014-04-24 17:10:32 UTC 
This was delivered and verified with MDP2. Closing the bug.