1012572 – User can upload incompatible content to a repo (i.e., puppet into a yum repo)

Red Hat Satellite engineering is moving the tracking of its product development work on Satellite to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "Satellite project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs will be migrated starting at the end of May. If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "Satellite project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/SAT-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1012572 - User can upload incompatible content to a repo (i.e., puppet into a yum repo)

Summary: User can upload incompatible content to a repo (i.e., puppet into a yum repo)

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite
Classification:	Red Hat
Component:	Content Management
Sub Component:
Version:	Nightly
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	medium
Target Milestone:	Unspecified
Assignee:	David Davis
QA Contact:	Garik Khachikyan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-26 16:27 UTC by Corey Welton
Modified:	2019-09-25 21:10 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-04-24 17:08:54 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Corey Welton 2013-09-26 16:27:16 UTC

Description of problem:
There is no restriction keeping a user from uploading incompatible content into a repo which is already designated as a different type.  While this content does not appear in webui, we should restrict it from ever getting there in the first place.

Version-Release number of selected component (if applicable):
katello 1.4.6-13.el6sat


How reproducible:


Steps to Reproduce:
1.  repo content_upload --repo=zooup --product=Zooshop --filepath=my_test_rpm.noarch.rpm --content_type=yum --org=ACME_Corporation
2.  repo content_upload --repo=zooup --product=Zooshop --filepath=adob-good-2.0.0.tar.gz --content_type=puppet --org=ACME_Corporation


Actual results:
Successfully uploaded 'my_test_rpm.noarch.rpm' into repository
Successfully uploaded 'adob-good-2.0.0.tar.gz' into repository

Both content types are accepted, despite the fact that we should only allow one type in repo.  Note that the second does not actually show up in the UI.

Expected results:
Check the repo type in order to validate potential uploads; do not allow mixed content

Additional info:

Comment 2 David Davis 2013-09-29 23:39:47 UTC

katello-cli pull request:

https://github.com/Katello/katello-cli/pull/95

Comment 3 David Davis 2013-09-30 19:53:08 UTC

katello-cli

91e835471a3a914517856140d11241e6723f125c

1012572: Check the upload type against the repo's content type

Why are we checking the content type in the CLI and not the API?

1. The content type is not being passed to the API. The content type is used to
parse the upload's metadata which happens in the CLI and not API (we copied
pulp's python code over to do the metadata parsing).
2. It's better to do it before we upload the package than at the very end. If
we were to pass the content type to the API, we probably wouldn't do it until
import_into_repo which is the last call (after the package or module gets
uploaded). This would mean the user would have to sit through actually
uploading the package before knowing it wasn't valid.

Comment 7 Garik Khachikyan 2013-10-11 08:53:28 UTC

# VERIFIED

cli.RepoTests.test_uploadContentInvalidContent shows up green now.

checked against version:
---
candlepin-0.8.25-1.el6sam.noarch
candlepin-cert-consumer-hephaestus.usersys.redhat.com-1.0-1.noarch
candlepin-scl-1-5.el6_4.noarch
candlepin-scl-quartz-2.1.5-5.el6_4.noarch
candlepin-scl-rhino-1.7R3-1.el6_4.noarch
candlepin-scl-runtime-1-5.el6_4.noarch
candlepin-selinux-0.8.25-1.el6sam.noarch
candlepin-tomcat6-0.8.25-1.el6sam.noarch
createrepo-0.9.9-21.2.pulp.el6sat.noarch
elasticsearch-0.19.9-8.el6sat.noarch
katello-1.4.6-29.el6sat.noarch
katello-agent-1.4.4-3.el6sat.noarch
katello-all-1.4.6-29.el6sat.noarch
katello-candlepin-cert-key-pair-1.0-1.noarch
katello-certs-tools-1.4.4-1.el6sat.noarch
katello-cli-1.4.3-19.el6sat.noarch
katello-cli-common-1.4.3-19.el6sat.noarch
katello-common-1.4.6-29.el6sat.noarch
katello-configure-1.4.5-10.el6sat.noarch
katello-configure-foreman-1.4.5-10.el6sat.noarch
katello-configure-foreman-proxy-1.4.5-10.el6sat.noarch
katello-foreman-all-1.4.6-29.el6sat.noarch
katello-glue-candlepin-1.4.6-29.el6sat.noarch
katello-glue-elasticsearch-1.4.6-29.el6sat.noarch
katello-glue-pulp-1.4.6-29.el6sat.noarch
katello-qpid-broker-key-pair-1.0-1.noarch
katello-qpid-client-key-pair-1.0-1.noarch
katello-selinux-1.4.4-4.el6sat.noarch
m2crypto-0.21.1.pulp-8.el6sat.x86_64
mod_wsgi-3.4-1.pulp.el6sat.x86_64
pulp-katello-plugins-0.2-1.el6sat.noarch
pulp-nodes-common-2.3.0-0.17.beta.el6sat.noarch
pulp-nodes-parent-2.3.0-0.17.beta.el6sat.noarch
pulp-puppet-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-handlers-2.3.0-0.17.beta.el6sat.noarch
pulp-rpm-plugins-2.3.0-0.17.beta.el6sat.noarch
pulp-selinux-2.3.0-0.17.beta.el6sat.noarch
pulp-server-2.3.0-0.17.beta.el6sat.noarch
python-isodate-0.5.0-1.pulp.el6sat.noarch
python-oauth2-1.5.170-3.pulp.el6sat.noarch
python-pulp-agent-lib-2.3.0-0.17.beta.el6sat.noarch
python-pulp-bindings-2.3.0-0.17.beta.el6sat.noarch
python-pulp-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-puppet-common-2.3.0-0.17.beta.el6sat.noarch
python-pulp-rpm-common-2.3.0-0.17.beta.el6sat.noarch
python-qpid-0.18-5.el6_4.noarch
qpid-cpp-client-0.14-22.el6_3.x86_64
qpid-cpp-client-ssl-0.14-22.el6_3.x86_64
qpid-cpp-server-0.14-22.el6_3.x86_64
qpid-cpp-server-ssl-0.14-22.el6_3.x86_64
ruby193-rubygem-foreman-katello-engine-0.0.14-5.el6sat.noarch
ruby193-rubygem-katello-foreman-engine-0.0.7-2.el6sat.noarch
ruby193-rubygem-katello_api-0.0.3-4.el6sat.noarch
ruby193-rubygem-ldap_fluff-0.2.2-2.el6sat.noarch
signo-katello-0.0.22-2.el6sat.noarch

Comment 8 Bryan Kearney 2014-04-24 17:08:54 UTC

This was verified and delivered with MDP2. Closing it out.

Comment 9 Bryan Kearney 2014-04-24 17:10:32 UTC

This was delivered and verified with MDP2. Closing the bug.

Note You need to log in before you can comment on or make changes to this bug.