gpg_cmd is not allowed as plugin or override configuration

[mibanescu]

Since the command configured with gpg_cmd executes remotely as user apache,
a user should not be allowed to change it via a distributor config or
an override at publish time.

Fixes #3474
https://pulp.plan.io/issues/3474

[bmbouter]

I'm going to test this now

[bmbouter]

I tested this PR and it works for me. I ran the following:

curl -u admin:admin -k https://localhost/pulp/api/v2/repositories/zoo/distributors/yum_distributor/ -XPUT --data-binary '{"distributor_config":{"gpg_key_id": "some-name-here", "gpg_cmd": "ls"}}'

^ prevented me from making the config change showing this error which looks good:

Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968) Task pulp.server.tasks.repository.distributor_update[a2a535ce-c010-435b-bf9e-858ddd1470cd] raised unexpected: PulpDataException('Configuration key [gpg_cmd] is not allowed in repository plugin configuration',)
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968) Traceback (most recent call last):
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)   File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 367, in trace_task
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)     R = retval = fun(*args, **kwargs)
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)   File "/home/vagrant/devel/pulp/server/pulp/server/async/tasks.py", line 529, in __call__
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)     return super(Task, self).__call__(*args, **kwargs)
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)   File "/home/vagrant/devel/pulp/server/pulp/server/async/tasks.py", line 107, in __call__
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)     return super(PulpTask, self).__call__(*args, **kwargs)
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)   File "/usr/lib/python2.7/site-packages/celery/app/trace.py", line 622, in __protected_call__
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)     return self.run(*args, **kwargs)
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)   File "/home/vagrant/devel/pulp/server/pulp/server/controllers/distributor.py", line 239, in update
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968)     raise exceptions.PulpDataException(message)
Mar 19 18:26:13 pulp2.dev pulp[8449]: celery.app.trace:ERROR: [a2a535ce] (8449-39968) PulpDataException: Configuration key [gpg_cmd] is not allowed in repository plugin configuration

Meanwhile an accepted change that does not contain gpg_cmd does work like this one which completes without error:

curl -u admin:admin -k https://localhost/pulp/api/v2/repositories/zoo/distributors/yum_distributor/ -XPUT --data-binary '{"distributor_config":{"gpg_key_id": "some-name-here"}}'

[bmbouter]

@mibanescu Can you push a docs change with this mentioning this limitation?

[bmbouter]

Thanks @mibanescu this is an important security aspect that you've contributed. It tested correctly for me so I'm merging it for inclusion in 2.16. 👍