Bug 1012572 - User can upload incompatible content to a repo (i.e., puppet into a yum repo)
User can upload incompatible content to a repo (i.e., puppet into a yum repo)
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 6
Classification: Red Hat
Component: Content Management (Show other bugs)
Nightly
Unspecified Unspecified
unspecified Severity medium (vote)
: Unspecified
: --
Assigned To: David Davis
Garik Khachikyan
: Triaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-26 12:27 EDT by Corey Welton
Modified: 2015-01-04 17:00 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-04-24 13:08:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Corey Welton 2013-09-26 12:27:16 EDT
Description of problem:
There is no restriction keeping a user from uploading incompatible content into a repo which is already designated as a different type.  While this content does not appear in webui, we should restrict it from ever getting there in the first place.

Version-Release number of selected component (if applicable):
katello 1.4.6-13.el6sat


How reproducible:


Steps to Reproduce:
1.  repo content_upload --repo=zooup --product=Zooshop --filepath=my_test_rpm.noarch.rpm --content_type=yum --org=ACME_Corporation
2.  repo content_upload --repo=zooup --product=Zooshop --filepath=adob-good-2.0.0.tar.gz --content_type=puppet --org=ACME_Corporation


Actual results:
Successfully uploaded 'my_test_rpm.noarch.rpm' into repository
Successfully uploaded 'adob-good-2.0.0.tar.gz' into repository

Both content types are accepted, despite the fact that we should only allow one type in repo.  Note that the second does not actually show up in the UI.

Expected results:
Check the repo type in order to validate potential uploads; do not allow mixed content

Additional info:
Comment 2 David Davis 2013-09-29 19:39:47 EDT
katello-cli pull request:

https://github.com/Katello/katello-cli/pull/95
Comment 3 David Davis 2013-09-30 15:53:08 EDT
katello-cli

91e835471a3a914517856140d11241e6723f125c

1012572: Check the upload type against the repo's content type

Why are we checking the content type in the CLI and not the API?

1. The content type is not being passed to the API. The content type is used to
parse the upload's metadata which happens in the CLI and not API (we copied
pulp's python code over to do the metadata parsing).
2. It's better to do it before we upload the package than at the very end. If
we were to pass the content type to the API, we probably wouldn't do it until
import_into_repo which is the last call (after the package or module gets
uploaded). This would mean the user would have to sit through actually
uploading the package before knowing it wasn't valid.
Comment 7 Garik Khachikyan 2013-10-11 04:53:28 EDT
# VERIFIED

cli.RepoTests.test_uploadContentInvalidContent shows up green now.

checked against version:
---
candlepin-0.8.25-1.el6sam.noarch
candlepin-cert-consumer-hephaestus.usersys.redhat.com-1.0-1.noarch
candlepin-scl-1-5.el6_4.noarch
candlepin-scl-quartz-2.1.5-5.el6_4.noarch
candlepin-scl-rhino-1.7R3-1.el6_4.noarch
candlepin-scl-runtime-1-5.el6_4.noarch
candlepin-selinux-0.8.25-1.el6sam.noarch
candlepin-tomcat6-0.8.25-1.el6sam.noarch
createrepo-0.9.9-21.2.pulp.el6sat.noarch
elasticsearch-0.19.9-8.el6sat.noarch
katello-1.4.6-29.el6sat.noarch
katello-agent-1.4.4-3.el6sat.noarch
katello-all-1.4.6-29.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-cli-1.4.3-19.el6sat.noarch
katello-cli-common-1.4.3-19.el6sat.noarch
katello-common-1.4.6-29.el6sat.noarch
katello-configure-1.4.5-10.el6sat.noarch
katello-configure-foreman-1.4.5-10.el6sat.noarch
katello-configure-foreman-proxy-1.4.5-10.el6sat.noarch
katello-foreman-all-1.4.6-29.el6sat.noarch
katello-glue-candlepin-1.4.6-29.el6sat.noarch
katello-glue-elasticsearch-1.4.6-29.el6sat.noarch
katello-glue-pulp-1.4.6-29.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-qpid-client-key-pair-1.0-1.noarch
katello-selinux-1.4.4-4.el6sat.noarch
m2crypto-0.21.1.pulp-8.el6sat.x86_64
mod_wsgi-3.4-1.pulp.el6sat.x86_64
pulp-katello-plugins-0.2-1.el6sat.noarch
pulp-nodes-common-2.3.0-0.17.beta.el6sat.noarch
pulp-nodes-parent-2.3.0-0.17.beta.el6sat.noarch
pulp-puppet-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-handlers-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-selinux-2.3.0-0.17.beta.el6sat.noarch
pulp-server-2.3.0-0.17.beta.el6sat.noarch
python-isodate-0.5.0-1.pulp.el6sat.noarch
python-oauth2-1.5.170-3.pulp.el6sat.noarch
python-pulp-agent-lib-2.3.0-0.17.beta.el6sat.noarch
python-pulp-bindings-2.3.0-0.17.beta.el6sat.noarch
python-pulp-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-puppet-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-rpm-common-2.3.0-0.17.beta.el6sat.noarch
python-qpid-0.18-5.el6_4.noarch
qpid-cpp-client-0.14-22.el6_3.x86_64
qpid-cpp-client-ssl-0.14-22.el6_3.x86_64
qpid-cpp-server-0.14-22.el6_3.x86_64
qpid-cpp-server-ssl-0.14-22.el6_3.x86_64
ruby193-rubygem-foreman-katello-engine-0.0.14-5.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.7-2.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
ruby193-rubygem-ldap_fluff-0.2.2-2.el6sat.noarch
signo-katello-0.0.22-2.el6sat.noarch
Comment 8 Bryan Kearney 2014-04-24 13:08:54 EDT
This was verified and delivered with MDP2. Closing it out.
Comment 9 Bryan Kearney 2014-04-24 13:10:32 EDT
This was delivered and verified with MDP2. Closing the bug.

Note You need to log in before you can comment on or make changes to this bug.