Bug 1104106 - Before doing import content into a repo the posted data should be checked for presence and content of required keys
Summary: Before doing import content into a repo the posted data should be checked for...
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Pulp
Classification: Retired
Component: API/integration
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
: ---
Assignee: pulp-bugs
QA Contact: pulp-qe-list
URL:
Whiteboard:
Depends On:
Blocks: 1104148
TreeView+ depends on / blocked
 
Reported: 2014-06-03 09:55 UTC by Ina Panova
Modified: 2015-02-28 22:09 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-02-28 22:09:41 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Pulp Redmine 445 0 None None None Never

Description Ina Panova 2014-06-03 09:55:07 UTC
Description of problem:
Before doing import content into a repo the posted data should be checked for presence of required keys instead of creating an async task.


For example here I completely skipped all unit_key data:

$ curl -H "Accept: application/json" -X POST -k -u admin:admin  -d '{"unit_type_id": "iso", "upload_id": "d281d911-5231-4e2b-a865-cb669e6ce694", "unit_key":{}}' 'https://example.com/pulp/api/v2/repositories/isorepo/actions/import_upload/'|python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   263  100   172  100    91    109     58  0:00:01  0:00:01 --:--:--   109
{
    "error": null,
    "result": null,
    "spawned_tasks": [
        {
            "_href": "/pulp/api/v2/tasks/5f8aa1f1-5d77-408b-8d6f-822afaa38cf5/",
            "task_id": "5f8aa1f1-5d77-408b-8d6f-822afaa38cf5"
        }
    ]
}


Here I try to import upload into *non-existent* repo:

$ curl -H "Accept: application/json" -X POST -k -u admin:admin  -d '{"unit_type_id": "iso", "upload_id": "d281d911-5231-4e2b-a865-cb669e6ce694", "unit_key":{}}' 'https://example.com/pulp/api/v2/repositories/non-existent-repo/actions/import_upload/'|python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   263  100   172  100    91    110     58  0:00:01  0:00:01 --:--:--   110
{
    "error": null,
    "result": null,
    "spawned_tasks": [
        {
            "_href": "/pulp/api/v2/tasks/a508ba1b-c596-41e0-b768-5ed6ed418eaa/",
            "task_id": "a508ba1b-c596-41e0-b768-5ed6ed418eaa"
        }
    ]
}

Here I try to post iso unit type into an rpm type repo:

$ curl -H "Accept: application/json" -X POST -k -u admin:admin  -d '{"unit_type_id": "iso", "upload_id": "d281d911-5231-4e2b-a865-cb669e6ce694", "unit_key":{}}' 'https://example.com/pulp/api/v2/repositories/rpmrepo/actions/import_upload/'|python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   263  100   172  100    91    110     58  0:00:01  0:00:01 --:--:--   110
{
    "error": null,
    "result": null,
    "spawned_tasks": [
        {
            "_href": "/pulp/api/v2/tasks/6a3b6aee-3636-4179-be96-f4a66975d669/",
            "task_id": "6a3b6aee-3636-4179-be96-f4a66975d669"
        }
    ]
}

In all these cases async tasks should NOT be created but instead have 404 or 400 code returned depending on the situation.

Version-Release number of selected component (if applicable):
2.4.0-0.19.beta

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
in the posted data presence and content of the keys are not checked

Expected results:
in the posted data presence and content of the keys are checked, and 404/400 code returned

Additional info:

Comment 1 Brian Bouterse 2015-02-28 22:09:41 UTC
Moved to https://pulp.plan.io/issues/445


Note You need to log in before you can comment on or make changes to this bug.