Set default sigkey if user doesn't insert one

[xiangge]

Set default sigkey if user doesn't insert one

[lubomir]

I'm not sure about changing the value on update: can users still create a release without a sigkey if they want to?

[lubomir]

It's not a key_id, but name of the key. Also maybe a dummy value would be better as an example (e.g. Gold Key or something)?

[xiangge]

Here will get the Sigkey object by the default key name, this is also set in et side.
And the name is also unique and not null. And we should keep the sigkey table with the default key_id/name before create a release.

[lubomir]

The comment should say name of key, not key_id.

[xiangge]

Yes, will change it.

[lubomir]

If I understand correctly:

• if the config option is missing, an error will be reported to users
• if the config specifies a key that does not exist, nothing will happen

To me it this seems unintuitive: I would expect to be told when I make a typo in the configuration and the key does not exist. Also when the config is not given, it might work similarly to how it did before.

[xiangge]

Yep, correct, should change it. Here we want the default sigkey must in the database. So I think we should raise error on both Exception.

[xiangge]

Commit new changes, please help to review. And this pr is based on #533

@lubomir User can still insert the data without sigkey, so nothing needs change in ct's input data or scripts.
The default sigkey will set as it is config in the settings file, and also the default key must include in the db first, otherwise it will raise error.

[hluk]

Explain the option in comment instead.

[xiangge]

Added it in the comment

[hluk]

Choose some generic example name, this value looks like it's used somewhere internally.

[xiangge]

If you mean "redhatrelease2", this is the name which is set in ET, can't change.
And as another pr is canceled, here it should be the id not a name. Will change it.
In my understanding, this sigkey is used for ET, so we should keep it same with ET.

[hluk]

Remove the comment.

[xiangge]

Have already removed that.

[hluk]

What's the additional change about?

[xiangge]

I was also confused here. After I print the changeset, I really saw two changes.
Here it is:
[{'old_value': u'{"release_id": "release-1.0", "product_version": null, "integrated_with": null, "sigkey": null, "active": true, "allow_buildroot_push": false, "short": "release", "name": "Test Release", "allowed_debuginfo_services": [], "version": "1.0", "allowed_push_targets": [], "base_product": null, "release_type": "ga"}', 'target_id': 1, 'new_value': u'{"release_id": "release-1.0", "product_version": null, "integrated_with": null, "sigkey": "ABCDEF", "active": true, "allow_buildroot_push": false, "short": "release", "name": "Test Release", "allowed_debuginfo_services": [], "version": "1.0", "allowed_push_targets": [], "base_product": null, "release_type": "ga"}', 'target_class': u'release', u'changeset_id': 1, u'id': 1},
{'old_value': u'{"dist_git_branch": "release_branch", "release_id": "release-1.0"}', 'target_id': 1, 'new_value': u'null', 'target_class': u'releasedistgitmapping', u'changeset_id': 1, u'id': 2}]

I think the original one is just dist_git_branch change, but after set the default sigkey, here is one release change.

[lubomir]

This is correct: dist git mapping is stored in a separate model, and now also the release itself is changing.

[hluk]

Remove.

[hluk]

From this description I still wouldn't know what the option does.

[xiangge]

Add more comment

[hluk]

In a comment you say:

User can still insert the data without sigkey, so nothing needs change in ct's input data or scripts.

but it doesn't seem to be possible here.

Can you also add tests for that?

Note: You can override settings in Django like this.

[xiangge]

This try/catch just checks if the default key includes in db.
And it means if people not insert one sigkey, will set a default one, so the users' scripts don't need change, they can still add the release without a sigkey input.

[hluk]

But it requires RELEASE_DEFAULT_SIGKEY option to be set and refer to an existing sigkey. Right? This will require manual update of PDC server's configuration and data after upgrading to a new version.

Also, I don't understand where the default values ("redhatrelease2", "fd431d51") come from. Any specific data shouldn't be pushed to this repository.

[xiangge]

Yes, the default sigkey should be included into the db first.
And the default sigkey shouldn't change once it set even doing the upgrade. This ("redhatrelease2", "fd431d51") is set as default in ET's settings. And also this is already includes in the ET's database. So we should keep the data same as ET's.

[hluk]

What about Fedora? Those values should be in ansible repo; pdc/settings_local.py.dist is just template for the configuration file, ideally, it should also serve as documentation/reference for the options.

[xiangge]

aha, good question, I forgot one thing, if we close the pr about the sigkey name's changes, we can do like SigKey.get_cached_id does, create one if it doesn't have.

[hluk]

There are still issues in this PR:

1. Specific key IDs should not be pushed in the repo. This should go to respective ansible/infrastructure repos.
2. The new option RELEASE_DEFAULT_SIGKEY should be optional -- don't force people to use a sigkey when creating releases -- so it doesn't break existing API behavior.

[xiangge]

@hluk
Good idea, here in et the pdc's release is same as legacy product-version, so the release must have a sigkey (a product-version with a sigkey in et). We can set it in ansible playbooks, and RELEASE_DEFAULT_SIGKEY can be optional and not influence the fedora side then.

[hluk]

Is the except block needed? What can happen here?

[xiangge]

Actually, it's no need, but I think it's also ok to track some unexpected errors.

[hluk]

You can say that about a lot of code. It actually raises different type of exception here which can change how Django reacts.

So I would rather if you remove it.

[xiangge]

Make sense to me.

[hluk]

Remove the key IDs.

I don't like the examples here are used to describe options, it's bit difficult to read. Can you move out and use similar format as for options below (DEBUG_TOOLBAR, BIG_CHANGE_AUTHORS_WHITELIST)?

It doesn't describe what happens if the key doesn't exist.

[xiangge]

I am not sure if I can get your point here, I have committed patch for the ansible codes, to set the RELEASE_DEFAULT_SIGKEY there.
And this comment is for other people like fedora guys who want to build a pdc server, they can choose if to set this RELEASE_DEFAULT_SIGKEY.

[hluk]

I understand, but why mention these particular key IDs?

[xiangge]

Aha, this is et's default key, as I have set it in ansible codes, not sure if we can remove this to set a fake one, so keep it here for the review :)

[hluk]

I think it's OK to use the same value as for tests (provided the option is commented-out).

[xiangge]

Have changed the name to a non-existent one "Sigkey's key_id"

[hluk]

@lubomir Can you review?

[xiangge]

@lubomir can you help to review it?

[lubomir]

This is correct: dist git mapping is stored in a separate model, and now also the release itself is changing.

[lubomir]

Minor typo here releaseinto → release into.

[xiangge]

Thanks for the review :)