-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set default sigkey if user doesn't insert one #536
Set default sigkey if user doesn't insert one #536
Conversation
839f11a
to
16470be
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure about changing the value on update: can users still create a release without a sigkey if they want to?
pdc/settings_local.py.dist
Outdated
@@ -84,6 +84,9 @@ EMAIL_SUBJECT_PREFIX = '[PDC]' | |||
# Omit sending e-mails about big data change when author is in this whitelist. | |||
#BIG_CHANGE_AUTHORS_WHITELIST = ('some_user',) | |||
|
|||
# Set the key_id of sigkey "redhatrelease2" as default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not a key_id
, but name of the key. Also maybe a dummy value would be better as an example (e.g. Gold Key
or something)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here will get the Sigkey object by the default key name, this is also set in et side.
And the name is also unique and not null. And we should keep the sigkey table with the default key_id/name before create a release.
pdc/settings_test.py
Outdated
@@ -48,3 +48,6 @@ | |||
} | |||
|
|||
COMPONENT_BRANCH_NAME_BLACKLIST_REGEX = r'^epel\d+$' | |||
|
|||
# Set the key_id of sigkey "redhatrelease2" as default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The comment should say name
of key, not key_id
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, will change it.
pdc/apps/release/serializers.py
Outdated
except Exception: | ||
# If there is no the default SigKey object, just keep it as null. | ||
pass | ||
return validated_data |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I understand correctly:
- if the config option is missing, an error will be reported to users
- if the config specifies a key that does not exist, nothing will happen
To me it this seems unintuitive: I would expect to be told when I make a typo in the configuration and the key does not exist. Also when the config is not given, it might work similarly to how it did before.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, correct, should change it. Here we want the default sigkey must in the database. So I think we should raise error on both Exception.
7eef966
to
800e237
Compare
Commit new changes, please help to review. And this pr is based on #533 @lubomir User can still insert the data without sigkey, so nothing needs change in ct's input data or scripts. |
800e237
to
60f1abd
Compare
60f1abd
to
b046e66
Compare
pdc/settings_local.py.dist
Outdated
@@ -84,6 +84,9 @@ EMAIL_SUBJECT_PREFIX = '[PDC]' | |||
# Omit sending e-mails about big data change when author is in this whitelist. | |||
#BIG_CHANGE_AUTHORS_WHITELIST = ('some_user',) | |||
|
|||
# Set the name of sigkey "redhatrelease2" as default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Explain the option in comment instead.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added it in the comment
pdc/settings_local.py.dist
Outdated
@@ -84,6 +84,9 @@ EMAIL_SUBJECT_PREFIX = '[PDC]' | |||
# Omit sending e-mails about big data change when author is in this whitelist. | |||
#BIG_CHANGE_AUTHORS_WHITELIST = ('some_user',) | |||
|
|||
# Set the name of sigkey "redhatrelease2" as default | |||
RELEASE_DEFAULT_SIGKEY = "redhatrelease2" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Choose some generic example name, this value looks like it's used somewhere internally.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you mean "redhatrelease2", this is the name which is set in ET, can't change.
And as another pr is canceled, here it should be the id not a name. Will change it.
In my understanding, this sigkey is used for ET, so we should keep it same with ET.
pdc/settings_test.py
Outdated
@@ -48,3 +48,6 @@ | |||
} | |||
|
|||
COMPONENT_BRANCH_NAME_BLACKLIST_REGEX = r'^epel\d+$' | |||
|
|||
# Set the name of sigkey as default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have already removed that.
@@ -1196,7 +1207,7 @@ def test_update_can_explicitly_erase_optional_field(self): | |||
self.assertEqual(response.status_code, status.HTTP_200_OK) | |||
self.assertIsNone(response.data.get('dist_git')) | |||
self.assertIsNone(models.Release.objects.get(release_id='release-1.0').dist_git_branch) | |||
self.assertNumChanges([1]) | |||
self.assertNumChanges([2]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the additional change about?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was also confused here. After I print the changeset, I really saw two changes.
Here it is:
[{'old_value': u'{"release_id": "release-1.0", "product_version": null, "integrated_with": null, "sigkey": null, "active": true, "allow_buildroot_push": false, "short": "release", "name": "Test Release", "allowed_debuginfo_services": [], "version": "1.0", "allowed_push_targets": [], "base_product": null, "release_type": "ga"}', 'target_id': 1, 'new_value': u'{"release_id": "release-1.0", "product_version": null, "integrated_with": null, "sigkey": "ABCDEF", "active": true, "allow_buildroot_push": false, "short": "release", "name": "Test Release", "allowed_debuginfo_services": [], "version": "1.0", "allowed_push_targets": [], "base_product": null, "release_type": "ga"}', 'target_class': u'release', u'changeset_id': 1, u'id': 1},
{'old_value': u'{"dist_git_branch": "release_branch", "release_id": "release-1.0"}', 'target_id': 1, 'new_value': u'null', 'target_class': u'releasedistgitmapping', u'changeset_id': 1, u'id': 2}]
I think the original one is just dist_git_branch change, but after set the default sigkey, here is one release change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is correct: dist git mapping is stored in a separate model, and now also the release itself is changing.
pdc/apps/release/tests.py
Outdated
def test_create_with_default_sigkey(self): | ||
args = {"name": "TestSigkey", "short": "supp", "version": "1.1", | ||
"release_type": "ga", "base_product": "product-1"} | ||
# settings.configure(RELEASE_DEFAULT_SIGKEY= 'ABCDEF') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove.
pdc/settings_local.py.dist
Outdated
@@ -24,6 +24,8 @@ | |||
# checks, uncomment this line, set DISABLE_RESOURCE_PERMISSION_CHECK with True. | |||
# DISABLE_RESOURCE_PERMISSION_CHECK = True | |||
# | |||
# Example 3: set the id of sigkey which has name "redhatrelease2" as default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From this description I still wouldn't know what the option does.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add more comment
pdc/apps/release/serializers.py
Outdated
validated_data["sigkey"] = SigKey.objects.get(key_id=settings.RELEASE_DEFAULT_SIGKEY) | ||
except AttributeError: | ||
# If there is no Settings.RELEASE_DEFAULT_SIGKEY, raise it in server log | ||
raise AttributeError('Settings.RELEASE_DEFAULT_SIGKEY does not exist, please set one with the Sigkey key_id.') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In a comment you say:
User can still insert the data without sigkey, so nothing needs change in ct's input data or scripts.
but it doesn't seem to be possible here.
Can you also add tests for that?
Note: You can override settings in Django like this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This try/catch just checks if the default key includes in db.
And it means if people not insert one sigkey, will set a default one, so the users' scripts don't need change, they can still add the release without a sigkey input.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But it requires RELEASE_DEFAULT_SIGKEY
option to be set and refer to an existing sigkey. Right? This will require manual update of PDC server's configuration and data after upgrading to a new version.
Also, I don't understand where the default values ("redhatrelease2", "fd431d51") come from. Any specific data shouldn't be pushed to this repository.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the default sigkey should be included into the db first.
And the default sigkey shouldn't change once it set even doing the upgrade. This ("redhatrelease2", "fd431d51") is set as default in ET's settings. And also this is already includes in the ET's database. So we should keep the data same as ET's.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about Fedora? Those values should be in ansible repo; pdc/settings_local.py.dist
is just template for the configuration file, ideally, it should also serve as documentation/reference for the options.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
aha, good question, I forgot one thing, if we close the pr about the sigkey name's changes, we can do like SigKey.get_cached_id does, create one if it doesn't have.
edbcc4b
to
339a455
Compare
There are still issues in this PR:
|
@hluk |
339a455
to
3147c0b
Compare
pdc/apps/release/serializers.py
Outdated
if "sigkey" in validated_data and not validated_data["sigkey"]: | ||
validated_data["sigkey"], _ = SigKey.objects.get_or_create(key_id=settings.RELEASE_DEFAULT_SIGKEY) | ||
except Exception, e: | ||
raise Exception('Error(%s) when get Key_id(%s).' % (e, settings.RELEASE_DEFAULT_SIGKEY)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the except
block needed? What can happen here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, it's no need, but I think it's also ok to track some unexpected errors.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can say that about a lot of code. It actually raises different type of exception here which can change how Django reacts.
So I would rather if you remove it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Make sense to me.
pdc/settings_local.py.dist
Outdated
# Example 3: set the sigkey's key_id fd431d51 as default, this default key_id is | ||
# used when insert a release into database but without a sigkey, it will be set | ||
# into the release. This default sigkey's name is "redhatrelease2". | ||
# RELEASE_DEFAULT_SIGKEY = "fd431d51" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the key IDs.
I don't like the examples here are used to describe options, it's bit difficult to read. Can you move out and use similar format as for options below (DEBUG_TOOLBAR
, BIG_CHANGE_AUTHORS_WHITELIST
)?
It doesn't describe what happens if the key doesn't exist.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure if I can get your point here, I have committed patch for the ansible codes, to set the RELEASE_DEFAULT_SIGKEY there.
And this comment is for other people like fedora guys who want to build a pdc server, they can choose if to set this RELEASE_DEFAULT_SIGKEY.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand, but why mention these particular key IDs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aha, this is et's default key, as I have set it in ansible codes, not sure if we can remove this to set a fake one, so keep it here for the review :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's OK to use the same value as for tests (provided the option is commented-out).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have changed the name to a non-existent one "Sigkey's key_id"
3147c0b
to
2f9ff2d
Compare
@lubomir Can you review? |
@lubomir can you help to review it? |
@@ -1196,7 +1207,7 @@ def test_update_can_explicitly_erase_optional_field(self): | |||
self.assertEqual(response.status_code, status.HTTP_200_OK) | |||
self.assertIsNone(response.data.get('dist_git')) | |||
self.assertIsNone(models.Release.objects.get(release_id='release-1.0').dist_git_branch) | |||
self.assertNumChanges([1]) | |||
self.assertNumChanges([2]) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is correct: dist git mapping is stored in a separate model, and now also the release itself is changing.
pdc/settings_local.py.dist
Outdated
# Example 3: when you insert a release into database without a sigkey data, the sigkey | ||
# will be null by default, you can also choose if set the key_id as default, this default | ||
# key_id will be added into the data when insert a releaseinto database without a sigkey. | ||
# RELEASE_DEFAULT_SIGKEY = "Sigkey's key_id" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor typo here releaseinto → release into.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the review :)
98e147d
to
6717811
Compare
Set default sigkey when insert release with null sigkey JIRA: PDC-2567
6717811
to
86769ba
Compare
Set default sigkey if user doesn't insert one