Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes 3942: valid meta_key shows no gpg key found #714

Merged
merged 2 commits into from
Jun 21, 2024
Merged

Fixes 3942: valid meta_key shows no gpg key found #714

merged 2 commits into from
Jun 21, 2024

Conversation

xbhouse
Copy link
Contributor

@xbhouse xbhouse commented Jun 20, 2024
edited
Loading

Summary

Adds the request body to the api spec for /repository_parameters/external_gpg_key/. This was missing and is needed for QE to test validation of gpg keys when fetching from a remote repo.

Testing steps

POST /repository_parameters/external_gpg_key/

Request:
{
     "url": "https://jlsherrill.fedorapeople.org/fake-repos/signed/GPG-KEY.gpg"
}

Response:
{
    "gpg_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGPhWqgBEACnFSBzQlJ1ilLhS/toT46iJqInMQFtQz...-----END PGP PUBLIC KEY BLOCK-----\n"
}
  • Using the gpg key from the previous response, validate the gpg key for the repository
POST /repository_parameters/validate/

Request:
[
  {
    "gpg_key": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGPhWqgBEACnFS...",
    "metadata_verification": true,
    "name": "test1",
    "url": "https://jlsherrill.fedorapeople.org/fake-repos/signed/",
    "uuid": "1c90d2e1-642b-409f-a3ee-256e1a3e6d78"
  }
]

Response:
[
    {
        "name": {
            "skipped": false,
            "valid": true,
            "error": ""
        },
        "url": {
            "skipped": false,
            "valid": true,
            "error": "",
            "http_code": 200,
            "metadata_present": true,
            "metadata_signature_present": false
        },
        "gpg_key": {
            "skipped": false,
            "valid": true,
            "error": ""
        }
    }
]

Checklist

  • Tested with snapshotting feature disabled and pulp server URL not configured if appropriate

@jlsherrill
Copy link
Member

https://issues.redhat.com/browse/HMS-3942

jlsherrill
jlsherrill approved these changes Jun 20, 2024
View reviewed changes
Copy link
Member

@jlsherrill jlsherrill left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch!

@swadeley
Copy link
Member

swadeley commented Jun 21, 2024
edited
Loading

Hi

I tried (with http and https):

app.content_sources.rest_client.gpg_key_api.fetch_gpg_key(dict(url="https://jlsherrill.fedorapeople.org/fake-repos/signed/GPG-KEY.gpg"))
and

app.content_sources.rest_client.gpg_key_api.fetch_gpg_key({"url": "https://jlsherrill.fedorapeople.org/fake-repos/signed/GPG-KEY.gpg"})

but get

HTTP response body: {"errors":[{"status":400,"detail":"Bad Request"}]}

@swadeley
Copy link
Member

Hi

If I create a repo with a key I can download that:

In [18]: app.content_sources.rest_client.repositories_api.get_gpg_key_file('bf5b5ddf-6cdf-454b-95c9-a37f25b031c3')
2024-06-21 13:30:07.510 [    INFO] [iqe.base.rest_client] REST: METHOD=GET, request_id=<>, params=[]
Out[18]: '-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBGP<snip><snip>uQy8Gk0M=\n=Avdh\n-----END PGP PUBLIC KEY BLOCK-----\n'

Confusingly the attribute_map says:

In [19]: app.content_sources.rest_client.repositories_api.get_gpg_key_file.attribute_map
Out[19]: {'uuid': 'uuid'}

@xbhouse
Copy link
Contributor Author

xbhouse commented Jun 21, 2024

hi @swadeley can you try with the new openapi spec? the endpoint was missing a slash, fixed that and this request works for me:

In [1]: app.content_sources.rest_client.gpg_key_api.fetch_gpg_key(dict(url="https://jlsherrill.fedorapeople.org/fake-repos/signed/GPG-KEY.gpg"))
2024-06-21 09:59:41.031 [    INFO] [root] Using <function client_obj_maker.<locals>.make_obj at 0x10e023430> object....with url https://ee-6kkc3juv.apps.crc-eph.r9lp.p1.openshiftapps.com/api/content-sources/v1 and verify_ssl set to True
2024-06-21 09:59:41.031 [    INFO] [iqe.base.auth] Setting auth_type to jwt
2024-06-21 09:59:41.031 [    INFO] [iqe.base.auth] Setting jwt_grant_type to password
2024-06-21 09:59:41.590 [    INFO] [iqe.base.rest_client] REST: METHOD=POST, request_id=4ad1caab-5bd4-4476-8e48-a6539865c333, params=[]
Out[1]: 
{'gpg_key': '-----BEGIN PGP PUBLIC KEY BLOCK-----\n'
            '\n'
            'mQINBGPhWqgBEACnFSBzQlJ1ilLhS/toT46iJqInMQFtQzQgexR6/XKNfvovqwzH\n'
            'O5KlPFc3zfl1PWfUqhhH4o4YcxXpRa9pv7MiJEc+AMLC9ziNutw+eAdYpNU8l29k\n'
            'ZgoMQWrT5zKB5o48He7cgZigGBoHTL2MVoMQ5bPZDu1mh3ERVeefL2bEc5D00NPD\n'
            'QMDca7LAoy5V131sm4zuVWG8KMomCvB9Jp5B3IraZTdZMveV3sFhQRui7nIJTHkk\n'
            ...
            '-----END PGP PUBLIC KEY BLOCK-----\n'}

@swadeley
Copy link
Member

Hi @xbhouse , yes, that fixed it. Thank you.

In [1]: app.content_sources.rest_client.gpg_key_api.fetch_gpg_key({'url':'http://jlsherrill.fedorapeople.org/fake-repos/signed/GPG-KEY.gpg'})

2024-06-21 15:41:19.119 [    INFO] [iqe.base.rest_client] REST: METHOD=POST, request_id=<>, params=[]
Out[1]: 
{'gpg_key': '-----BEGIN PGP PUBLIC KEY BLOCK-----\n'
            '\n'
            'mQINBGPhWqgBEACnFSBzQlJ1ilLhS/toT46iJqInMQFtQzQgexR6/XKNfvovqwzH\n'

@swadeley swadeley merged commit 998ab60 into content-services:main Jun 21, 2024
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jlsherrill jlsherrill jlsherrill approved these changes

Assignees
No one assigned
Labels
qe-testing-needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xbhouse @jlsherrill @swadeley