Provide a more detailed error message

Before this change, it was not possible to determine why did the synchronization fail when a user provided a seemingly valid URL. This commit adds more relevant information to the error message. Having set `ALLOWED_EXPORT_PATHS` to `["/tmp", "/home/vagrant/test"]`, the following error messages are shown: ``` $ pulp file remote create --name $REMOTE_NAME --url file://error/vagrant/test/centos-7/PULP_MANIFEST Error: {"url":["The url 'file://error/vagrant/test/centos-7/PULP_MANIFEST' is not in an allowed import path. The path is interpreted as '/error/vagrant/test/centos-7/PULP_MANIFEST'"]} $ pulp file remote create --name $REMOTE_NAME --url file://home/vagrant/test/centos-7/PULP_MANIFEST OK $ pulp file repository sync --name $REPO_NAME --remote $REMOTE_NAME Started background task /pulp/api/v3/tasks/b4748fc7-cec9-425d-b39e-46fcb9097153/ Error: Task /pulp/api/v3/tasks/b4748fc7-cec9-425d-b39e-46fcb9097153/ failed: '[ErrorDetail(string="The url 'file://home/vagrant/test/centos-7/PULP_MANIFEST' is not in an allowed import path. The path is interpreted as '/var/lib/pulp/tmp/73438@pulp3-source-fedora33.localhost.example.com/tmp2ft_wsar/home/vagrant/test/centos-7/PULP_MANIFEST'", code='invalid')]' ``` [noissue]
pulp · Jul 12, 2021 · 24669d9 · 24669d9
1 parent 9360032
commit 24669d9
Showing 1 changed file with 19 additions and 12 deletions.
diff --git a/pulpcore/app/serializers/repository.py b/pulpcore/app/serializers/repository.py
@@ -205,14 +205,14 @@ class RemoteSerializer(ModelSerializer):
         required=False,
     )
 
-    def validate_url(self, value):
+    def validate_url(self, url):
         """
         Check if the 'url' is a ``file://`` path, and if so, ensure it's an ALLOWED_IMPORT_PATH.
 
         The ALLOWED_IMPORT_PATH is specified as a Pulp setting.
 
         Args:
-            value: The user-provided value for 'url' to be validated.
+            url: The user-provided value for 'url' to be validated.
 
         Raises:
             ValidationError: When the url starts with `file://`, but is not a subfolder of a path in
@@ -221,16 +221,23 @@ def validate_url(self, value):
         Returns:
             The validated value.
         """
-        if not value.lower().startswith("file://"):
-            return value
-
-        user_path = value[7:]
-
-        for allowed_path in settings.ALLOWED_IMPORT_PATHS:
-            user_provided_realpath = os.path.realpath(user_path)
-            if user_provided_realpath.startswith(allowed_path):
-                return value
-        raise serializers.ValidationError(_("url '{}' is not an allowed import path").format(value))
+        if not url.lower().startswith("file://"):
+            return url
+
+        user_path = url[7:]
+        user_provided_realpath = os.path.realpath(user_path)
+
+        if any(
+            user_provided_realpath.startswith(allowed_path)
+            for allowed_path in settings.ALLOWED_IMPORT_PATHS
+        ):
+            return url
+
+        raise serializers.ValidationError(
+            _(
+                "The url '{}' is not in an allowed import path. The path is interpreted as '{}'"
+            ).format(url, user_provided_realpath)
+        )
 
     def validate_proxy_url(self, value):
         """