Red Hat Bugzilla – Bug 859981
Systems > $system > Content > Packages: I shouldn't be able to enter non-existent/broken package group names
Last modified: 2014-03-18 13:37:51 EDT
Description of problem:
User can enter totally non-existent package group names, including some with wildcard characters or other funkiness, and the UI blindly accepts them.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Register a system; sync/promote appropriate content
2. Systems > $system > Content > Packages
3. Select the package groups radio button
4. Enter the string "Craptastic*" in the field and +Add
Bogus package group is added - or at least attempted. It appears in the UI
We should be validating data entered into this field. Really, this field should probably be much more integrated with the rest of the search system implemented elsewhere in the UI.
Created attachment 616593 [details]
Marking as a blocker to for triage consideration
not severe enough for blocker+, 2.0
This particular issue is a bit more complicated to support than it might appear. On the packages pane, the user may use the input box to perform Add or Remove of packages; therefore, what is valid actually depends on the action being performed. For Add, it would a be any package that is available to the consumer (this could be content that is managed by Katello/Pulp or even other repos known only to the consumer). For Remove, it would be a package that exists on the consumer.
Ideally we could leverage Pulp with it's knowledge of the consumer, the consumer's profile and the repositories bound to it. At this time, however, there isn't an API in Pulp v1 or v2 available to determine what might be valid for the consumer.
I raised this briefly with the Pulp team in irc. Based on the initial feedback, they actually wanted to support something like this in Pulp v2; however, due to how yum works and the fact that the consumer could be using non-pulp repositories, they cannot really determine what is valid; therefore, the decision was made not to support it.
If we want to enforce that a user may only perform these actions for content that is managed by Katello/Pulp, we could probably revisit this with the Pulp team. Alternatively, we could attempt to derive what is valid from Katello using the information currently available in Pulp; however, that would likely be a more complicated solution.
getting rid of 6.0.0 version since that doesn't exist
This bug was closed because of a lack of activity. If you feel this bug should be reconsidered for attention please feel free to re-open the bug with a comment stating why it should be reconsidered.