Trusted publishing: surface pending publisher name collisions #16260
Conversation
|
Hey @twm, FYI our general policy is to not review draft PRs unless explicitly asked -- let us know if you have any questions here, otherwise we will wait for this to become ready to review. |
twm
force-pushed
the
16226-oidc-name-validation
branch
from
595eed9
to
66a2c83
Compare
|
Hi @di, thanks for approving the build! Some connectivity issues are making it difficult to get things working locally so it's very helpful. I'll remove the draft status when I'm ready for review! |
twm
force-pushed
the
16226-oidc-name-validation
branch
2 times, most recently
from
db324f3
to
2ab2a55
Compare
twm
force-pushed
the
16226-oidc-name-validation
branch
from
ed79c6b
to
7033c15
Compare
twm
force-pushed
the
16226-oidc-name-validation
branch
2 times, most recently
from
4065562
to
9cdb4ab
Compare
twm
force-pushed
the
16226-oidc-name-validation
branch
10 times, most recently
from
a8ede89
to
2182f86
Compare
| CREATE INDEX pending_project_name_ultranormalized | ||
| ON pending_oidc_publishers (ultranormalize_name(project_name)); |
There was a problem hiding this comment.
I opted against CREATE INDEX CONCURRENTLY here because the original migration didn't use it and I expect that there are orders of magnitude fewer pending_oidc_publishers rows than projects rows.
twm
force-pushed
the
16226-oidc-name-validation
branch
from
2182f86
to
79daaed
Compare
|
Hi @di, this is ready again. I'd appreciate a review within a few days if you can, as I keep having to rebase through conflicts. |
twm
force-pushed
the
16226-oidc-name-validation
branch
from
79daaed
to
0787590
Compare
warehouse/packaging/services.py
Outdated
| or_( | ||
| func.normalize_pep426_name(PendingOIDCPublisher.project_name) | ||
| == func.normalize_pep426_name(project.name), | ||
| func.ultranormalize_name(PendingOIDCPublisher.project_name) | ||
| == func.ultranormalize_name(project.name), | ||
| ), |
There was a problem hiding this comment.
I think the 'ultranormalized' set will include all of the 'normalized' matches as well? This or_ condition might not be necessary.
There was a problem hiding this comment.
I thought it safer to match on both since there is no formal relationship between the functions that guarantees that to be the case, but I will drop it per your preference.
twm
force-pushed
the
16226-oidc-name-validation
branch
from
0787590
to
c59f318
Compare
twm
force-pushed
the
16226-oidc-name-validation
branch
2 times, most recently
from
0c19353
to
13bd1d3
Compare
|
Hi @di, sorry for losing track of this. I've addressed your comment and merged forward. |
twm
force-pushed
the
16226-oidc-name-validation
branch
2 times, most recently
from
ac2cafd
to
18bfa3f
Compare
Extract the distribution name validation logic into a separate function for reuse elsewhere.
Co-authored-by: Dustin Ingram <[email protected]>
twm
force-pushed
the
16226-oidc-name-validation
branch
from
18bfa3f
to
2902664
Compare
Provide up-front validation of the project name within a pending publisher by:
ProjectService.create_projectto a newProjectService.check_project_nameroutineProjectService.create_projectto callcheck_project_nameProjectServiceinto the forms in place ofProjectFactory.Fixes #16226.